[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#774210: unblock: phpmyadmin/4:4.2.12-2

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Please unblock package phpmyadmin

It fixes security bugs, see https://bugs.debian.org/774194
debdiff is attached.

unblock phpmyadmin/4:4.2.12-2

- -- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=cs_CZ.utf8, LC_CTYPE=cs_CZ.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJUonfeAAoJEJwnsxNCt1EdsI8P/jBTOTNLzrcR18+qG2t/5Kn1
AgDXjjD2c90NTMEdWH74SjsCqoTA7yjZJQa46DeIk5pzgFDR49/LGyPBYsdxGkAH
D06/ykK1myCSGmjVOCMA4SyvDSU0quJFdYh8QoBXM/sg2DaDlL2VxWL8C6ulwDvZ
k02kzHdCE1VntTw7zHYMTGUKanTEyEhuFj7MiKfvrGPLcOkZ12KrAWYwPCoVDz2i
hwV0IEve0ptAH/+hXuYnPzQ6qgScOFK2/f7DdXAWApmuHD0SLr7LqEeGZ+v8zJoH
5XonWhHeDBDCajWva+ADD8jxDd046EGaA5gxqlcOQn5Rdzm5LptKkPp/9pxKYbUI
jIqOitySfST/e3A6hs5eSaaE3nTV3uFW+1aC3ShDof0BeMA1cU1bxMmuSfq+eO+s
kEtV+xou7xZnRra2HvTrD4LI+DYQNcYGp1ezan+b6ls3i8RVvtZW4qnonw2bgGda
/kux9xK94NFZVwqIsKufPFnwA3dmzTsTd1XUs3tvRWzdxmwlO5wid2Y1/UY++vfQ
7poFqR3hCmMXuuQZXSpybn4fL3PK3pGuD6UsRWY1zcHtnLMvDLe0bwUh/tGkF4Km
32RPnqB8mQwvKPsXonrzFaKWahZYQ4pJTf80nFmqm3ey4XjIxbSo643IetluGfqH
KW8zz8VPhbW8iCgvFs4H
=j4qh
-----END PGP SIGNATURE-----

diff -Nru phpmyadmin-4.2.12/debian/changelog phpmyadmin-4.2.12/debian/changelog
--- phpmyadmin-4.2.12/debian/changelog	2014-11-22 10:34:32.000000000 +0100
+++ phpmyadmin-4.2.12/debian/changelog	2014-12-30 10:54:34.000000000 +0100
@@ -1,3 +1,11 @@
+phpmyadmin (4:4.2.12-2) unstable; urgency=high
+
+  * Fix security issues (Closes: #774194).
+    - CVE-2014-9219 / PMASA-2014-18 - XSS vulnerability in redirection.
+    - CVE-2014-9218 / PMASA-2014-17 - DoS vulnerability with long passwords.
+
+ -- Michal Čihař <nijel@debian.org>  Tue, 30 Dec 2014 10:54:32 +0100
+
 phpmyadmin (4:4.2.12-1) unstable; urgency=medium
 
   * New upstrem release.
diff -Nru phpmyadmin-4.2.12/debian/patches/bug-4611-security-DOS-attack-with-long-passwords.patch phpmyadmin-4.2.12/debian/patches/bug-4611-security-DOS-attack-with-long-passwords.patch
--- phpmyadmin-4.2.12/debian/patches/bug-4611-security-DOS-attack-with-long-passwords.patch	1970-01-01 01:00:00.000000000 +0100
+++ phpmyadmin-4.2.12/debian/patches/bug-4611-security-DOS-attack-with-long-passwords.patch	2014-12-30 10:52:09.000000000 +0100
@@ -0,0 +1,80 @@
+From 1ac863c7573d12012374d5d41e5c7dc5505ea6e1 Mon Sep 17 00:00:00 2001
+From: Madhura Jayaratne <madhura.cj@gmail.com>
+Date: Tue, 2 Dec 2014 21:20:59 +0530
+Subject: [PATCH 1/1] bug #4611 [security] DOS attack with long passwords
+
+Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
+---
+ ChangeLog                                             |  1 +
+ libraries/common.inc.php                              |  5 +++++
+ libraries/plugins/AuthenticationPlugin.class.php      |  9 +++++++++
+ libraries/plugins/auth/AuthenticationCookie.class.php | 10 ++++++++++
+ 4 files changed, 25 insertions(+)
+
+diff --git a/libraries/common.inc.php b/libraries/common.inc.php
+index 2227c1e..5cea823 100644
+--- a/libraries/common.inc.php
++++ b/libraries/common.inc.php
+@@ -859,6 +859,9 @@ if (! defined('PMA_MINIMUM_COMMON')) {
+                 . ' ' . $cfg['Server']['auth_type']
+             );
+         }
++        if (isset($_REQUEST['pma_password'])) {
++            $_REQUEST['pma_password'] = substr($_REQUEST['pma_password'], 0, 256);
++        }
+         include_once  './libraries/plugins/auth/' . $auth_class . '.class.php';
+         // todo: add plugin manager
+         $plugin_manager = null;
+@@ -988,6 +991,8 @@ if (! defined('PMA_MINIMUM_COMMON')) {
+             $controllink = $userlink;
+         }
+ 
++        $auth_plugin->storeUserCredentials();
++
+         /* Log success */
+         PMA_logUser($cfg['Server']['user']);
+ 
+diff --git a/libraries/plugins/AuthenticationPlugin.class.php b/libraries/plugins/AuthenticationPlugin.class.php
+index 3ddf55e..7943d2c 100644
+--- a/libraries/plugins/AuthenticationPlugin.class.php
++++ b/libraries/plugins/AuthenticationPlugin.class.php
+@@ -42,6 +42,15 @@ abstract class AuthenticationPlugin extends PluginObserver
+     abstract public function authSetUser();
+ 
+     /**
++     * Stores user credentials after successful login.
++     *
++     * @return void
++     */
++    public function storeUserCredentials()
++    {
++    }
++
++    /**
+      * User is not allowed to login to MySQL -> authentication failed
+      *
+      * @return boolean
+diff --git a/libraries/plugins/auth/AuthenticationCookie.class.php b/libraries/plugins/auth/AuthenticationCookie.class.php
+index e21471c..68cb5d4 100644
+--- a/libraries/plugins/auth/AuthenticationCookie.class.php
++++ b/libraries/plugins/auth/AuthenticationCookie.class.php
+@@ -557,6 +557,16 @@ class AuthenticationCookie extends AuthenticationPlugin
+         unset($_SERVER['PHP_AUTH_PW']);
+ 
+         $_SESSION['last_access_time'] = time();
++    }
++
++    /**
++     * Stores user credentials after successful login.
++     *
++     * @return void
++     */
++    public function storeUserCredentials()
++    {
++        global $cfg;
+ 
+         $this->createBlowfishIV();
+ 
+-- 
+2.1.4
+
diff -Nru phpmyadmin-4.2.12/debian/patches/bug-4612-security-XSS-vulnerability-in-redirection-m.patch phpmyadmin-4.2.12/debian/patches/bug-4612-security-XSS-vulnerability-in-redirection-m.patch
--- phpmyadmin-4.2.12/debian/patches/bug-4612-security-XSS-vulnerability-in-redirection-m.patch	1970-01-01 01:00:00.000000000 +0100
+++ phpmyadmin-4.2.12/debian/patches/bug-4612-security-XSS-vulnerability-in-redirection-m.patch	2014-12-30 10:52:13.000000000 +0100
@@ -0,0 +1,39 @@
+From 9b2479b7216dd91a6cc2f231c0fd6b85d457f6e2 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
+Date: Mon, 1 Dec 2014 21:51:59 +0530
+Subject: [PATCH 1/1] bug #4612 [security] XSS vulnerability in redirection
+ mechanism
+
+Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
+---
+ ChangeLog | 3 +++
+ url.php   | 6 +++++-
+ 2 files changed, 8 insertions(+), 1 deletion(-)
+
+diff --git a/url.php b/url.php
+index 71efc9f..82b2243 100644
+--- a/url.php
++++ b/url.php
+@@ -11,6 +11,10 @@
+  */
+ define('PMA_MINIMUM_COMMON', true);
+ require_once './libraries/common.inc.php';
++/**
++ * JavaScript escaping.
++ */
++require_once './libraries/js_escape.lib.php';
+ 
+ if (! PMA_isValid($_GET['url'])
+     || ! preg_match('/^https?:\/\/[^\n\r]*$/', $_GET['url'])
+@@ -24,7 +28,7 @@ if (! PMA_isValid($_GET['url'])
+     //  external site.
+     echo "<script type='text/javascript'>
+             window.onload=function(){
+-                window.location='" . htmlspecialchars($_GET['url']) . "';
++                window.location='" . PMA_escapeJsString($_GET['url']) . "';
+             }
+         </script>";
+     // Display redirecting msg on screen.
+-- 
+2.1.4
+
diff -Nru phpmyadmin-4.2.12/debian/patches/series phpmyadmin-4.2.12/debian/patches/series
--- phpmyadmin-4.2.12/debian/patches/series	2014-11-22 10:34:32.000000000 +0100
+++ phpmyadmin-4.2.12/debian/patches/series	2014-12-30 10:51:50.000000000 +0100
@@ -1,3 +1,5 @@
 debian.patch
 doc.patch
 setup-message.patch
+bug-4611-security-DOS-attack-with-long-passwords.patch
+bug-4612-security-XSS-vulnerability-in-redirection-m.patch
Reply to: