Package name
phpmyadmin
Date
2014-07-08
Advisory ID
MDVSA-2014:126
Affected versions
MBS1 x86_64

Problem description

Multiple vulnerabilities has been discovered and corrected in
phpmyadmin:

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.2.x
before 4.2.4 allow remote authenticated users to inject arbitrary web
script or HTML via a crafted (1) database name or (2) table name that
is improperly handled after presence in (a) the favorite list or (b)
recent tables (CVE-2014-4348).

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.1.x
before 4.1.14.1 and 4.2.x before 4.2.4 allow remote authenticated
users to inject arbitrary web script or HTML via a crafted table
name that is improperly handled after a (1) hide or (2) unhide action
(CVE-2014-4349).

This upgrade provides the latest phpmyadmin version (4.2.5) to address
these vulnerabilities.

Updated packages

MBS1 x86_64

 94dcec5bc68487ebb9e27567f290257d  mbs1/x86_64/phpmyadmin-4.2.5-1.mbs1.noarch.rpm 
 e4603acd4aaabb0127bdd9cb763d1bc5  mbs1/SRPMS/phpmyadmin-4.2.5-1.mbs1.src.rpm

References