MGASA-2015-0232

Source
https://advisories.mageia.org/MGASA-2015-0232.html
Import Source
https://advisories.mageia.org/MGASA-2015-0232.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2015-0232
Related
Published
2015-05-18T19:08:05Z
Modified
2015-05-18T18:40:08Z
Summary
Updated phpmyadmin packages fix security vulnerabilities
Details

Updated phpmyadmin package fixes security vulnerabilities:

In phpMyAdmin before 4.2.13.3, by deceiving a user to click on a crafted URL, it is possible to alter the configuration file being generated with phpMyAdmin setup (CVE-2015-3902).

In phpMyAdmin before 4.2.13.3, a vulnerability in the API call to GitHub can be exploited to perform a man-in-the-middle attack (CVE-2015-3903).

With this update, the phpmyadmin package has been updated to the 4.2 branch, which has some additional changes and new features. The 4.1 branch is no longer supported.

References
Credits

Affected packages

Mageia:4 / phpmyadmin

Package

Name
phpmyadmin
Purl
pkg:rpm/mageia/phpmyadmin?distro=mageia-4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.2.13.3-1.mga4

Ecosystem specific

{
    "section": "core"
}