Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 635212 (CVE-2017-1000013, CVE-2017-1000014, CVE-2017-1000015, CVE-2017-1000017, CVE-2017-1000018) - dev-db/phpmyadmin: Multiple vulnerabilities
Summary: dev-db/phpmyadmin: Multiple vulnerabilities
Status: RESOLVED DUPLICATE of bug 614522
Alias: CVE-2017-1000013, CVE-2017-1000014, CVE-2017-1000015, CVE-2017-1000017, CVE-2017-1000018
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
URL: https://www.phpmyadmin.net/security/
Whiteboard: ~3 [ebuild cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-23 19:05 UTC by GLSAMaker/CVETool Bot
Modified: 2017-10-27 14:44 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-10-23 19:05:46 UTC 
CVE-2017-1000018 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000018):
  phpMyAdmin 4.0, 4.4., and 4.6 are vulnerable to a DOS attack in the
  replication status by using a specially crafted table name

CVE-2017-1000017 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000017):
  phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with
  appropriate permissions is able to connect to an arbitrary MySQL server

CVE-2017-1000015 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000015):
  phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a CSS injection attack
  through crafted cookie parameters

CVE-2017-1000014 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000014):
  phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to a DOS weakness in the table
  editing functionality

CVE-2017-1000013 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-1000013):
  phpMyAdmin 4.0, 4.4, and 4.6 are vulnerable to an open redirect weakness
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-23 19:06:47 UTC 
@Maintainer, could you please confirm if 4.0.x is vulnerable? In that case please call for stabilization when ready.

Thank you
Comment 2 Jorge Manuel B. S. Vicetto (RETIRED) Gentoo Infrastructure gentoo-dev 2017-10-27 10:00:18 UTC 
This bug is a duplicate of bug 614522.
This was all addressed 6 months ago.
Comment 3 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-27 14:44:58 UTC 
Thank you for the info Jorge.

*** This bug has been marked as a duplicate of bug 614522 ***