Actually PMASA-2016-27 only affects you if you're using an ancient PHP version.

Updated packages uploaded for Mageia 5 and Cauldron.

Testing procedure:
https://bugs.mageia.org/show_bug.cgi?id=12834#c7
https://bugs.mageia.org/show_bug.cgi?id=14208#c6

Advisory:
========================

Updated phpmyadmin package fixes security vulnerabilities:

In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows a
BBCode injection to setup script in case it's not accessed on https
(CVE-2016-5701).

In phpMyAdmin before 4.4.15.7, a vulnerability was discovered that allows an
SQL injection attack to run arbitrary commands as the control user
(CVE-2016-5703).

In phpMyAdmin before 4.4.15.7, XSS vulnerabilities were discovered in the user
privileges page, the error console, and the central columns, query bookmarks,
and user groups features (CVE-2016-5705).

In phpMyAdmin before 4.4.15.7, a Denial Of Service (DOS) attack was discovered
in the way phpMyAdmin loads some JavaScript files (CVE-2016-5706).

In phpMyAdmin before 4.4.15.7, by specially crafting requests in the following
areas, it is possible to trigger phpMyAdmin to display a PHP error message
which contains the full path of the directory where phpMyAdmin is installed
(CVE-2016-5730).

In phpMyAdmin before 4.4.15.7, with a specially crafted request, it is
possible to trigger an XSS attack through the example OpenID authentication
script (CVE-2016-5731).

In phpMyAdmin before 4.4.15.7, XSS vulnerabilities were found through
specially crafted databases, in AJAX error handling, and in the
Transformation, Designer, charts, and zoom search features (CVE-2016-5733).

In phpMyAdmin before 4.4.15.7, a vulnerability was reported where a specially
crafted Transformation could be used to leak information including the
authentication token. This could be used to direct a CSRF attack against a
user (CVE-2016-5739).

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5701
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5703
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5705
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5706
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5730
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5731
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5733
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5739
https://www.phpmyadmin.net/security/PMASA-2016-17/
https://www.phpmyadmin.net/security/PMASA-2016-19/
https://www.phpmyadmin.net/security/PMASA-2016-21/
https://www.phpmyadmin.net/security/PMASA-2016-22/
https://www.phpmyadmin.net/security/PMASA-2016-23/
https://www.phpmyadmin.net/security/PMASA-2016-24/
https://www.phpmyadmin.net/security/PMASA-2016-26/
https://www.phpmyadmin.net/security/PMASA-2016-28/
https://www.phpmyadmin.net/news/2016/6/23/phpmyadmin-401016-44157-and-463-are-released/
========================

Updated packages in core/updates_testing:
========================
phpmyadmin-4.4.15.7-1.mga5

from phpmyadmin-4.4.15.7-1.mga5.src.rpm

Assignee: bugsquad => qa-bugs
Whiteboard: (none) => has_procedure

In VirtualBox, M5, KDE, 32-bit

Package(s) under test:
mariadb phpmyadmin

default install of mariadb & phpmyadmin

[root@localhost wilcal]# urpmi mariadb
Package mariadb-10.0.25-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi phpmyadmin
Package phpmyadmin-4.4.15.6-1.mga5.noarch is already installed

start mysqladmin, set password to "mytest"
open http://localhost/phpmyadmin/
create new database called test01. Close browser.
Successfully reopen: http://localhost/phpmyadmin/

install phpmyadmin from updates_testing

[root@localhost wilcal]# urpmi mariadb
Package mariadb-10.0.25-1.mga5.i586 is already installed
[root@localhost wilcal]# urpmi phpmyadmin
Package phpmyadmin-4.4.15.7-1.mga5.noarch is already installed

open http://localhost/phpmyadmin/
create new database called test02. Close browser.
Successfully reopen: http://localhost/phpmyadmin/
I can access db's test01 & test02

CC: (none) => wilcal.int

In VirtualBox, M5, KDE, 64-bit

Package(s) under test:
mariadb phpmyadmin

default install of mariadb & phpmyadmin

[root@localhost wilcal]# urpmi mariadb
Package mariadb-10.0.25-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi phpmyadmin
Package phpmyadmin-4.4.15.6-1.mga5.noarch is already installe

start mysqladmin, set password to "mytest"
open http://localhost/phpmyadmin/
create new database called test01. Close browser.
Successfully reopen: http://localhost/phpmyadmin/

install phpmyadmin from updates_testing

[root@localhost wilcal]# urpmi mariadb
Package mariadb-10.0.25-1.mga5.x86_64 is already installed
[root@localhost wilcal]# urpmi phpmyadmin
Package phpmyadmin-4.4.15.7-1.mga5.noarch is already installed

open http://localhost/phpmyadmin/
create new database called test02. Close browser.
Successfully reopen: http://localhost/phpmyadmin/
I can access db's test01 & test02

Good to go David. This update works fine.
Testing complete for MGA5, 32-bit & 64-bit
Validating the update.
Could someone from the sysadmin team push to updates.
Thanks

Keywords: (none) => validated_update
Whiteboard: has_procedure => has_procedure MGA5-32-OK MGA5-64-OK
CC: (none) => sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

http://advisories.mageia.org/MGASA-2016-0240.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED