Description: The comparison of the XSRF/CSRF token parameter with the value saved in the session is vulnerable to timing attacks. Moreover, the comparison could be bypassed if the XSRF/CSRF token matches a particular pattern. External References: https://www.phpmyadmin.net/security/PMASA-2016-5/
Created phpMyAdmin tracking bugs for this issue: Affects: fedora-all [bug 1302790] Affects: epel-all [bug 1302791]
phpMyAdmin-4.5.4-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-4.5.4.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin4-4.0.10.14-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-4.4.15.4-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
phpMyAdmin-4.0.10.14-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.