106 lines
3.9 KiB
JSON
106 lines
3.9 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20142060",
|
|
"Version": "oval:org.altlinux.errata:def:20142060",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2014-2060: package `phpMyAdmin` update to version 4.2.8-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c10f1"
|
|
],
|
|
"Products": [
|
|
"ALT SP Workstation",
|
|
"ALT SP Server"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2014-2060",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-2060",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-5273",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-5273",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-5274",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-5274",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades phpMyAdmin to version 4.2.8-alt1. \nSecurity Fix(es):\n\n * CVE-2014-5273: Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.\n\n * CVE-2014-5274: Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Low",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2014-09-02"
|
|
},
|
|
"Updated": {
|
|
"Date": "2014-09-02"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2014-5273",
|
|
"CVSS": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
|
|
"CWE": "CWE-79",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-5273",
|
|
"Impact": "Low",
|
|
"Public": "20140822"
|
|
},
|
|
{
|
|
"ID": "CVE-2014-5274",
|
|
"CVSS": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
|
|
"CWE": "CWE-79",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-5274",
|
|
"Impact": "Low",
|
|
"Public": "20140822"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:10",
|
|
"cpe:/o:alt:spserver:10"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:4001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142060001",
|
|
"Comment": "phpMyAdmin is earlier than 0:4.2.8-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142060002",
|
|
"Comment": "phpMyAdmin-apache is earlier than 0:4.2.8-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142060003",
|
|
"Comment": "phpMyAdmin-apache2 is earlier than 0:4.2.8-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |