phpmyadmin: fix CVE-2015-7873

The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1 and 4.5.x before 4.5.1 allows remote attackers to spoof content via the url parameter. Backport upstream commit to fix it: cd09765675 Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com> Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
2026-01-01 13:58:06 +00:00 · 2015-11-14 04:47:56 -05:00 · 2015-11-14 04:47:56 -05:00 · 239f80a473
commit 239f80a473
parent bd06eeb7a9
2 changed files with 49 additions and 0 deletions
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin/Port-content-spoofing-fix-CVE-2015-7873.patch
@ -0,0 +1,48 @@
+From ae7eae1cc88cbdf2d27a6f10f097ef731823689e Mon Sep 17 00:00:00 2001
+From: Wenzong Fan <wenzong.fan@windriver.com>
+Date: Sat, 14 Nov 2015 02:01:54 -0500
+Subject: [PATCH] Port content spoofing fix
+
+Backport upstream commit for fixing CVE-2015-7873:
+  https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706
+
+Upstream-Status: Backport
+
+Signed-off-by: Marc Delisle <marc@infomarc.info>
+Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
+---
+ ChangeLog | 4 ++++
+ url.php   | 3 ++-
+ 2 files changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/ChangeLog b/ChangeLog
+index 4cb6708..96936c8 100644
+--- a/ChangeLog
+++ b/ChangeLog
+@@ -107,6 +107,10 @@ phpMyAdmin - ChangeLog
+ - issue #11448 Clarify doc about the MemoryLimit directive
+ - issue #11489 Cannot copy a database under certain conditions
+ 
+4.4.15.1 (2015-10-23)
+- issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system
+- issue [security] Content spoofing on url.php
+
+ 4.4.15.0 (not yet released)
+ - issue #11411 Undefined "replace" function on numeric scalar
+ - issue #11421 Stored-proc / routine - broken parameter parsing
+diff --git a/url.php b/url.php
+index eec78a5..9c4c884 100644
+--- a/url.php
+++ b/url.php
+@@ -32,6 +32,7 @@ if (! PMA_isValid($_REQUEST['url'])
+             }
+         </script>";
+     // Display redirecting msg on screen.
+-    printf(__('Taking you to %s.'), htmlspecialchars($_REQUEST['url']));
+    // Do not display the value of $_REQUEST['url'] to avoid showing injected content
+    echo __('Taking you to the target site.');
+ }
+ die();
+-- 
+1.9.1
+
--- a/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
+++ b/meta-webserver/recipes-php/phpmyadmin/phpmyadmin_4.5.0.2.bb
@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=b234ee4d69f5fce4486a80fdaf4a4263 \
                    file://libraries/tcpdf/LICENSE.TXT;md5=5c87b66a5358ebcc495b03e0afcd342c"

 SRC_URI = "https://files.phpmyadmin.net/phpMyAdmin/4.5.0.2/phpMyAdmin-4.5.0.2-all-languages.tar.xz \
+           file://Port-content-spoofing-fix-CVE-2015-7873.patch \
           file://apache.conf"

 SRC_URI[md5sum] = "2d08d2fcc8f70f88a11a14723e3ca275"