[ MDVSA-2015:186 ] phpmyadmin

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:186
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : phpmyadmin
 Date    : March 31, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability has been discovered and corrected in phpmyadmin:
 
 libraries/select_lang.lib.php in phpMyAdmin 4.0.x before 4.0.10.9,
 4.2.x before 4.2.13.2, and 4.3.x before 4.3.11.1 includes invalid
 language values in unknown-language error responses that contain
 a CSRF token and may be sent with HTTP compression, which makes it
 easier for remote attackers to conduct a BREACH attack and determine
 this token via a series of crafted requests (CVE-2015-2206).
 
 This upgrade provides the latest phpmyadmin version (4.2.13.2

007 Software

[ MDVSA-2015:186 ] phpmyadmin

Leave a Reply Cancel reply

Software and Security Information