[v2.7] phpmyadmin: multiple issues (CVE-2014-4987 CVE-2014-4986 CVE-2014-4955 CVE-2014-4954)
CVE-2014-4987:
An unpriviledged user could view the MySQL user list and manipulate the
tabs displayed in phpMyAdmin for them. This vulnerability can be
triggered only by someone who is logged in to phpMyAdmin, as the usual
token protection prevents non-logged-in users from accessing the
required pages. Moreover, the configuration storage must be set up for
the user groups feature.
Affected Versions: versions 4.1.x (prior to 4.1.14.2) and 4.2.x (prior to 4.2.6); so only Alpine Linux v3.0 is affected.
Solution: upgrade to phpMyAdmin 4.1.14.2 or newer, or 4.2.6 or newer, or
apply the patch:
4.2 branch:
https://github.com/phpmyadmin/phpmyadmin/commit/395265e9937beb21134626c01a21f44b28e712e5
4.1 branch:
https://github.com/phpmyadmin/phpmyadmin/commit/45550b8cff06ad128129020762f9b53d125a6934
References: http://www.phpmyadmin.net/home\_page/security/PMASA-2014-7.php
CVE-2014-4986:
With a crafted column name it is possible to trigger an XSS when
dropping the column in table structure page. With a crafted table name
it is possible to trigger an XSS when dropping or truncating the table
in table operations page. This vulnerability can be triggered only by
someone who is logged in to phpMyAdmin, as the usual token protection
prevents non-logged-in users from accessing the required pages.
Affected Versions: versions 4.0.x (prior to 4.0.10.1), 4.1.x (prior to 4.1.14.2) and 4.2.x (prior to 4.2.6); so Alpine Linux v3.0, v2.7, v2.6 are affected.
Solution: upgrade to phpMyAdmin 4.0.10.1 or newer, or 4.1.14.2 or newer,
or 4.2.6 or newer, or apply the patch:
4.2 branch:
https://github.com/phpmyadmin/phpmyadmin/commit/29a1f56495a7d1d98da31a614f23c0819a606a4d
4.1 branch:
https://github.com/phpmyadmin/phpmyadmin/commit/cd5697027a2ee7e1f7d7000b23be6051cdb0516c
4.0 branch:
https://github.com/phpmyadmin/phpmyadmin/commit/a92753bd65e1f8b72c46ed3dda6c362628e0daf7
References: http://www.phpmyadmin.net/home\_page/security/PMASA-2014-6.php
CVE-2014-4955:
When navigating into the database triggers page, it is possible to
trigger an XSS with a crafted trigger name. This vulnerability can be
triggered only by someone who is logged in to phpMyAdmin, as the usual
token protection prevents non-logged-in users from accessing the
required page.
Affected Versions: versions 4.0.x (prior to 4.0.10.1), 4.1.x (prior to 4.1.14.2) and 4.2.x (prior to 4.2.6); so Alpine Linux v3.0, v2.7, v2.6 are affected.
Solution: upgrade to phpMyAdmin 4.0.10.1 or newer, or 4.1.14.2 or newer,
or 4.2.6 or newer, or apply the patch:
4.2 branch:
https://github.com/phpmyadmin/phpmyadmin/commit/10014d4dc596b9e3a491bf04f3e708cf1887d5e1
4.1 branch:
https://github.com/phpmyadmin/phpmyadmin/commit/511c596b175889b8e6b9c423e352ca64fa20af2b
4.0 branch:
https://github.com/phpmyadmin/phpmyadmin/commit/1b5592435617fa1b9dd68e2dc263de64c69fdc8a
References: http://www.phpmyadmin.net/home\_page/security/PMASA-2014-5.php
CVE-2014-4954:
With a crafted table comment, it is possible to trigger an XSS in
database structure page. This vulnerability can be triggered only by
someone who is logged in to phpMyAdmin, as the usual token protection
prevents non-logged-in users from accessing the required page.
Affected Versions: versions 4.2.x (prior to 4.2.6); so only Alpine Linux v3.0 is affected.
Solution: upgrade to phpMyAdmin 4.2.6 or newer, or apply the patch: https://github.com/phpmyadmin/phpmyadmin/commit/57475371a5b515c83bfc1bb2efcdf3ddb14787ed
References: http://www.phpmyadmin.net/home\_page/security/PMASA-2014-4.php
(from redmine: issue id 3200, created on 2014-07-21, closed on 2014-07-24)
- Relations:
- parent #3198 (closed)
- Changesets:
- Revision b3ec9f20 by Natanael Copa on 2014-07-22T08:56:44Z:
main/phpmyadmin: security upgrade to 4.0.10.1 (CVE-2014-4986,CVE-2014-4955)
fixes #3200