Bug 17402

Summary: phpmyadmin new security issue CVE-2015-8669
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: QA Team <qa-bugs>
Status: RESOLVED FIXED QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: davidwhodgins, sysadmin-bugs, wilcal.int, wrw105
Version: 5Keywords: validated_update
Target Milestone: ---   
Hardware: i586   
OS: Linux   
URL: http://lwn.net/Vulnerabilities/669753/
Whiteboard: has_procedure mga5-32-ok mga5-64-ok advisory
Source RPM: phpmyadmin-4.2.13.3-1.2.mga5.src.rpm CVE:
Status comment:

Description David Walser 2015-12-26 13:33:23 CET 
Upstream has issued an advisory on December 25:
https://www.phpmyadmin.net/security/PMASA-2015-6/

Updated package uploaded for Cauldron.

Patched package uploaded for Mageia 5.

Advisory:
========================

Updated phpmyadmin package fixes security vulnerability:

By calling some scripts that are part of phpMyAdmin in an unexpected way, it
is possible to trigger phpMyAdmin to display a PHP error message which
contains the full path of the directory where phpMyAdmin is installed
(CVE-2015-8669).

References:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8669
https://www.phpmyadmin.net/security/PMASA-2015-6/
========================

Updated packages in core/updates_testing:
========================
phpmyadmin-4.2.13.3-1.3.mga5

from phpmyadmin-4.2.13.3-1.3.mga5.src.rpm

Reproducible: 

Steps to Reproduce:
Comment 1 David Walser 2015-12-26 13:33:36 CET 
Testing procedure:
https://bugs.mageia.org/show_bug.cgi?id=12834#c7
https://bugs.mageia.org/show_bug.cgi?id=14208#c6

Whiteboard: (none) => has_procedure

Comment 2 Bill Wilkinson 2015-12-31 17:21:38 CET 
Tested mga5-64.

Created user with database, created table, entered values, viewed table, deleted user and dropped user's database, all OK.

CC: (none) => wrw105
Whiteboard: has_procedure => has_procedure mga5-64-ok

David Walser 2015-12-31 20:05:54 CET

URL: (none) => http://lwn.net/Vulnerabilities/669753/

Comment 3 William Kenney 2015-12-31 23:10:47 CET 
In VirtualBox, M5, KDE, 32-bit

Package(s) under test:
mariadb phpmyadmin

default install of mariadb & phpmyadmin

[root@localhost wilcal]# urpmi mariadb
Package mariadb-10.0.22-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi phpmyadmin
Package phpmyadmin-4.2.13.3-1.2.mga5.noarch is already installed

start mysqladmin, set password, open http://localhost/phpmyadmin/
create new database called test01. Close browser.
Successfully reopen: http://localhost/phpmyadmin/

install phpmyadmin from updates_testing

[root@localhost wilcal]# urpmi mariadb
Package mariadb-10.0.22-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi phpmyadmin
Package phpmyadmin-4.2.13.3-1.3.mga5.noarch is already installed

open http://localhost/phpmyadmin/
create new database called test02. Close browser.
Successfully reopen: http://localhost/phpmyadmin/
open test01
open test02

install mariadb from updates_testing

[root@localhost wilcal]# urpmi mariadb
Package mariadb-10.0.23-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi phpmyadmin
Package phpmyadmin-4.2.13.3-1.3.mga5.noarch is already installed

open http://localhost/phpmyadmin/
create new database called test03. Close browser.
Successfully reopen: http://localhost/phpmyadmin/
open test01
open test02
open test03

CC: (none) => wilcal.int

Comment 4 William Kenney 2015-12-31 23:11:58 CET 
Happy New Year. This update works fine.
Testing complete for MGA5, 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push to updates.
Thanks

CC: (none) => sysadmin-bugs
Keywords: (none) => validated_update
Whiteboard: has_procedure mga5-64-ok => has_procedure mga5-32-ok mga5-64-ok

Dave Hodgins 2016-01-05 22:11:51 CET

Whiteboard: has_procedure mga5-32-ok mga5-64-ok => has_procedure mga5-32-ok mga5-64-ok advisory
CC: (none) => davidwhodgins

Comment 5 Mageia Robot 2016-01-09 18:18:06 CET 
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0002.html

Resolution: (none) => FIXED
Status: NEW => RESOLVED