openSUSE Security Update: Security update for phpMyAdmin
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2018:4125-1
Rating:             moderate
References:         #1119245 
Cross-References:   CVE-2018-19968 CVE-2018-19969 CVE-2018-19970
                   
Affected Products:
                    SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:

   This update for phpMyAdmin fixes security issues and bugs.

   Security issues addressed in the 4.8.4 release (bsc#1119245):

   - CVE-2018-19968: Local file inclusion through transformation feature
   - CVE-2018-19969: XSRF/CSRF vulnerability
   - CVE-2018-19970: XSS vulnerability in navigation tree

   This update also contains the following upstream bug fixes and
   improvements:

   - Ensure that database names with a dot ('.') are handled properly when
     DisableIS is true
   - Fix for message "Error while copying database (pma__column_info)"
   - Move operation causes "SELECT * FROM `undefined`" error
   - When logging with $cfg['AuthLog'] to syslog, successful login messages
     were not logged when $cfg['AuthLogSuccess'] was true
   - Multiple errors and regressions with Designer


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Package Hub for SUSE Linux Enterprise 12:

      zypper in -t patch openSUSE-2018-1547=1



Package List:

   - SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):

      phpMyAdmin-4.8.4-32.1


References:

   https://www.suse.com/security/cve/CVE-2018-19968.html
   https://www.suse.com/security/cve/CVE-2018-19969.html
   https://www.suse.com/security/cve/CVE-2018-19970.html
   https://bugzilla.suse.com/1119245

--

openSUSE: 2018:4125-1: moderate: phpMyAdmin

December 14, 2018
An update that fixes three vulnerabilities is now available.

Description

This update for phpMyAdmin fixes security issues and bugs. Security issues addressed in the 4.8.4 release (bsc#1119245): - CVE-2018-19968: Local file inclusion through transformation feature - CVE-2018-19969: XSRF/CSRF vulnerability - CVE-2018-19970: XSS vulnerability in navigation tree This update also contains the following upstream bug fixes and improvements: - Ensure that database names with a dot ('.') are handled properly when DisableIS is true - Fix for message "Error while copying database (pma__column_info)" - Move operation causes "SELECT * FROM `undefined`" error - When logging with $cfg['AuthLog'] to syslog, successful login messages were not logged when $cfg['AuthLogSuccess'] was true - Multiple errors and regressions with Designer

 

Patch

Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Package Hub for SUSE Linux Enterprise 12: zypper in -t patch openSUSE-2018-1547=1


Package List

- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch): phpMyAdmin-4.8.4-32.1


References

https://www.suse.com/security/cve/CVE-2018-19968.html https://www.suse.com/security/cve/CVE-2018-19969.html https://www.suse.com/security/cve/CVE-2018-19970.html https://bugzilla.suse.com/1119245--


Severity
Announcement ID: openSUSE-SU-2018:4125-1
Rating: moderate
Affected Products: SUSE Package Hub for SUSE Linux Enterprise 12

Related News

4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved