Bug 13935

Summary: phpmyadmin new security issues CVE-2014-5273 and CVE-2014-5274
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: rverschelde, sysadmin-bugs, wrw105
Version: 4Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/609185/
Whiteboard: MGA3TOO advisory has_procedure mga4-64-ok mga3-32-ok mga3-64-ok
Source RPM: phpmyadmin-4.1.14.2-1.mga4.src.rpm CVE:
Status comment:

Description David Walser 2014-08-18 23:06:44 CEST 
Upstream has issued advisories on August 17:
http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php
http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php

Updated packages uploaded for Mageia 3, Mageia 4, and Cauldron.

Advisory:
========================

Updated phpmyadmin package fixes security vulnerabilities:

In phpMyAdmin before 4.1.14.3, multiple XSS vulnerabilities exist in browse
table, ENUM editor, monitor, query charts and table relations pages
(CVE-2014-5273).

In phpMyAdmin before 4.1.14.3, with a crafted view name it is possible to
trigger an XSS when dropping the view in view operation page (CVE-2014-5274).

References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5273
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5274
http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php
http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php
========================

Updated packages in core/updates_testing:
========================
phpmyadmin-4.1.14.3-1.mga3
phpmyadmin-4.1.14.3-1.mga4

from SRPMS:
phpmyadmin-4.1.14.3-1.mga3.src.rpm
phpmyadmin-4.1.14.3-1.mga4.src.rpm

Reproducible: 

Steps to Reproduce:
David Walser 2014-08-18 23:06:53 CEST

Whiteboard: (none) => MGA3TOO

Comment 1 RĂ©mi Verschelde 2014-08-18 23:23:43 CEST 
Procedure: https://bugs.mageia.org/show_bug.cgi?id=12834#c7

CC: (none) => remi
Whiteboard: MGA3TOO => MGA3TOO has_procedure

Comment 2 Bill Wilkinson 2014-08-19 18:34:29 CEST 
Tested mga4-64 as in the procedure bug:

Version shows correctly.
user added with same name database, table created, user and database deleted
logged out
all OK

CC: (none) => wrw105
Whiteboard: MGA3TOO has_procedure => MGA3TOO has_procedure mga4-64-ok

Comment 3 Bill Wilkinson 2014-08-19 19:51:35 CEST 
tested mga3-32 as above.

No regressions noted.

Whiteboard: MGA3TOO has_procedure mga4-64-ok => MGA3TOO has_procedure mga4-64-ok mga3-32-ok

Comment 4 David Walser 2014-08-20 00:19:36 CEST 
This can be validated once the advisory is uploaded.
Comment 5 Bill Wilkinson 2014-08-20 05:33:21 CEST 
just noticed the ready to validate notice, but I've reinstalled mga3-64, so this seemed like a good "Put it through its paces" thing.  No regressions noted.

Whiteboard: MGA3TOO has_procedure mga4-64-ok mga3-32-ok => MGA3TOO has_procedure mga4-64-ok mga3-32-ok mga3-64-ok

Comment 6 claire robinson 2014-08-20 16:28:07 CEST 
Advisory uploaded. Validating.

Could sysadmin please push to 3 & 4 updates

Thanks

Keywords: (none) => validated_update
Whiteboard: MGA3TOO has_procedure mga4-64-ok mga3-32-ok mga3-64-ok => MGA3TOO advisory has_procedure mga4-64-ok mga3-32-ok mga3-64-ok
CC: (none) => sysadmin-bugs

Comment 7 Mageia Robot 2014-08-21 11:37:16 CEST 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2014-0344.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

David Walser 2014-08-21 20:00:38 CEST

URL: (none) => http://lwn.net/Vulnerabilities/609185/