MDVSA-2014:243: phpmyadmin

Multiple vulnerabilities has been discovered and corrected in
phpmyadmin:

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x
before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to
cause a denial of service (resource consumption) via a long password
(CVE-2014-9218).

Cross-site scripting (XSS) vulnerability in the redirection feature in
url.php in phpMyAdmin 4.2.x before 4.2.13.1 allows remote attackers
to inject arbitrary web script or HTML via the url parameter
(CVE-2014-9219).

This upgrade provides the latest phpmyadmin version (4.2.13.1) to
address these vulnerabilities.

007 Software

MDVSA-2014:243: phpmyadmin

Software and Security Information