ALT-BU-2014-2954-1
Branch sisyphus update bulletin.
Package phpMyAdmin updated to version 4.2.8-alt1 for branch sisyphus in task 128874.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-5273
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) browse table page, related to js/sql.js; (2) ENUM editor page, related to js/functions.js; (3) monitor page, related to js/server_status_monitor.js; (4) query charts page, related to js/tbl_chart.js; or (5) table relations page, related to libraries/tbl_relation.lib.php.
- openSUSE-SU-2014:1069
- openSUSE-SU-2014:1069
- 60397
- 60397
- http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php
- http://www.phpmyadmin.net/home_page/security/PMASA-2014-8.php
- https://github.com/phpmyadmin/phpmyadmin/commit/2c45d7caa614afd71dbe3d0f7270f51ce5569614
- https://github.com/phpmyadmin/phpmyadmin/commit/2c45d7caa614afd71dbe3d0f7270f51ce5569614
- https://github.com/phpmyadmin/phpmyadmin/commit/3ffc967fb60cf2910cc2f571017e977558c67821
- https://github.com/phpmyadmin/phpmyadmin/commit/3ffc967fb60cf2910cc2f571017e977558c67821
- https://github.com/phpmyadmin/phpmyadmin/commit/647c9d12e33a6b64e1c3ff7487f72696bdf2dccb
- https://github.com/phpmyadmin/phpmyadmin/commit/647c9d12e33a6b64e1c3ff7487f72696bdf2dccb
- https://github.com/phpmyadmin/phpmyadmin/commit/90ddeecf60fc029608b972e490b735f3a65ed0cb
- https://github.com/phpmyadmin/phpmyadmin/commit/90ddeecf60fc029608b972e490b735f3a65ed0cb
- https://github.com/phpmyadmin/phpmyadmin/commit/cd9f302bf7f91a160fe7080f9a612019ef847f1c
- https://github.com/phpmyadmin/phpmyadmin/commit/cd9f302bf7f91a160fe7080f9a612019ef847f1c
Modified: 2024-11-21
CVE-2014-5274
Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted view name, related to js/functions.js.
- openSUSE-SU-2014:1069
- openSUSE-SU-2014:1069
- 60397
- 60397
- http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php
- http://www.phpmyadmin.net/home_page/security/PMASA-2014-9.php
- https://github.com/phpmyadmin/phpmyadmin/commit/0cd293f5e13aa245e4a57b8d373597cc0e421b6f
- https://github.com/phpmyadmin/phpmyadmin/commit/0cd293f5e13aa245e4a57b8d373597cc0e421b6f
Closed vulnerabilities
Modified: 2024-11-21
CVE-2014-4611
Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715.
- http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
- http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
- http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html
- http://fastcompression.blogspot.fr/2014/06/debunking-lz4-20-years-old-bug-myth.html
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206204a1162b995e2185275167b22468c00d6b36
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=206204a1162b995e2185275167b22468c00d6b36
- openSUSE-SU-2014:0924
- openSUSE-SU-2014:0924
- 59567
- 59567
- 59770
- 59770
- 60238
- 60238
- http://twitter.com/djrbliss/statuses/484931749013495809
- http://twitter.com/djrbliss/statuses/484931749013495809
- http://twitter.com/djrbliss/statuses/485042901399789568
- http://twitter.com/djrbliss/statuses/485042901399789568
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.15.2
- [oss-security] 20140626 LMS-2014-06-16-5: Linux Kernel LZ4
- [oss-security] 20140626 LMS-2014-06-16-5: Linux Kernel LZ4
- 1030491
- 1030491
- https://bugzilla.redhat.com/show_bug.cgi?id=1112436
- https://bugzilla.redhat.com/show_bug.cgi?id=1112436
- https://code.google.com/p/lz4/issues/detail?id=52
- https://code.google.com/p/lz4/issues/detail?id=52
- https://code.google.com/p/lz4/source/detail?r=118
- https://code.google.com/p/lz4/source/detail?r=118
- https://github.com/torvalds/linux/commit/206204a1162b995e2185275167b22468c00d6b36
- https://github.com/torvalds/linux/commit/206204a1162b995e2185275167b22468c00d6b36
- [hadoop-common-dev] 20210916 [jira] [Created] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-dev] 20210916 [jira] [Created] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210928 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611
- [hadoop-common-issues] 20210928 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611
- [hadoop-common-commits] 20210924 [hadoop] branch branch-3.2 updated: HADOOP-17917. Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611. Contributed by Brahma Reddy Battula.
- [hadoop-common-commits] 20210924 [hadoop] branch branch-3.2 updated: HADOOP-17917. Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611. Contributed by Brahma Reddy Battula.
- [hadoop-common-issues] 20210921 [jira] [Comment Edited] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210921 [jira] [Comment Edited] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210921 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210921 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210924 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611
- [hadoop-common-issues] 20210924 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611
- [hadoop-common-issues] 20210920 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210920 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-commits] 20210924 [hadoop] branch branch-3.2.3 updated: HADOOP-17917. Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611. Contributed by Brahma Reddy Battula.
- [hadoop-common-commits] 20210924 [hadoop] branch branch-3.2.3 updated: HADOOP-17917. Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611. Contributed by Brahma Reddy Battula.
- [hadoop-common-issues] 20210920 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210920 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210921 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210921 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210916 [jira] [Created] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210916 [jira] [Created] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210916 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210916 [jira] [Updated] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which Address CVE-2014-4611
- [hadoop-common-issues] 20210924 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611
- [hadoop-common-issues] 20210924 [jira] [Commented] (HADOOP-17917) Backport HADOOP-15993 to branch-3.2 which address CVE-2014-4611
- https://www.securitymouse.com/lms-2014-06-16-5
- https://www.securitymouse.com/lms-2014-06-16-5
- https://www.securitymouse.com/lms-2014-06-16-6
- https://www.securitymouse.com/lms-2014-06-16-6
Modified: 2024-11-21
CVE-2014-5146
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by invoking these operations, which process every page assigned to a guest, a different vulnerability than CVE-2014-5149.
- FEDORA-2014-9472
- FEDORA-2014-9472
- FEDORA-2014-9493
- FEDORA-2014-9493
- openSUSE-SU-2015:0226
- openSUSE-SU-2015:0226
- openSUSE-SU-2015:0256
- openSUSE-SU-2015:0256
- 69198
- 69198
- 1030723
- 1030723
- http://xenbits.xen.org/xsa/advisory-97.html
- http://xenbits.xen.org/xsa/advisory-97.html
- xen-cve20145146-dos(95234)
- xen-cve20145146-dos(95234)
- GLSA-201504-04
- GLSA-201504-04
Modified: 2024-11-21
CVE-2014-5147
Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of service (host crash) via a crafted 32-bit process.
Modified: 2024-11-21
CVE-2014-5148
Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an instruction that is associated with faults in 64-bit userspace, which allows local guest users to cause a denial of service (crash) and possibly gain privileges via a crafted process.