From b12220887e7eabab269666d7a929211eacefcdb7 Mon Sep 17 00:00:00 2001 From: Wenzong Fan Date: Sat, 14 Nov 2015 04:47:56 -0500 Subject: phpmyadmin: fix CVE-2015-7873 The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. Backport upstream commit to fix it: https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706 Signed-off-by: Wenzong Fan Signed-off-by: Martin Jansa --- .../Port-content-spoofing-fix-CVE-2015-7873.patch | 48 ++++++++++++++++++++++ .../recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb | 1 + 2 files changed, 49 insertions(+) create mode 100644 meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch (limited to 'meta-webserver') diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch new file mode 100644 index 000000000..1e6bcbda5 --- /dev/null +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch @@ -0,0 +1,48 @@ +From ae7eae1cc88cbdf2d27a6f10f097ef731823689e Mon Sep 17 00:00:00 2001 +From: Wenzong Fan +Date: Sat, 14 Nov 2015 02:01:54 -0500 +Subject: [PATCH] Port content spoofing fix + +Backport upstream commit for fixing CVE-2015-7873: + https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706 + +Upstream-Status: Backport + +Signed-off-by: Marc Delisle +Signed-off-by: Wenzong Fan +--- + ChangeLog | 4 ++++ + url.php | 3 ++- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/ChangeLog b/ChangeLog +index 4cb6708..96936c8 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -107,6 +107,10 @@ phpMyAdmin - ChangeLog + - issue #11448 Clarify doc about the MemoryLimit directive + - issue #11489 Cannot copy a database under certain conditions + ++4.4.15.1 (2015-10-23) ++- issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system ++- issue [security] Content spoofing on url.php ++ + 4.4.15.0 (not yet released) + - issue #11411 Undefined "replace" function on numeric scalar + - issue #11421 Stored-proc / routine - broken parameter parsing +diff --git a/url.php b/url.php +index eec78a5..9c4c884 100644 +--- a/url.php ++++ b/url.php +@@ -32,6 +32,7 @@ if (! PMA_isValid($_REQUEST['url']) + } + "; + // Display redirecting msg on screen. +- printf(__('Taking you to %s.'), htmlspecialchars($_REQUEST['url'])); ++ // Do not display the value of $_REQUEST['url'] to avoid showing injected content ++ echo __('Taking you to the target site.'); + } + die(); +-- +1.9.1 + diff --git a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb index e28b66a23..9297d0c23 100644 --- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb +++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \ file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c" SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \ + file://Port-content-spoofing-fix-CVE-2015-7873.patch \ file://apache.conf" SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275" -- cgit v1.2.3-54-g00ecf