FEDORA-2016-e1fe01e96e

security update in Fedora 22 for phpMyAdmin

Status: stable 3 years ago

phpMyAdmin 4.5.4 (2016-01-28)

  • live data edit of big sets is not working
  • Table list not saved in db QBE bookmarked search
  • While 'changing a column', query fails with a syntax error after the 'CHARSET=' keyword
  • Avoid syntax error in javascript messages on invalid PHP setting for max_input_vars
  • Properly handle errors in upacking zip archive
  • Set PHP's internal encoding to UTF-8
  • Fixed Kanji encoding in some specific cases
  • Check whether iconv works before using it
  • Avoid conversion of MySQL error messages
  • Undefined index: parameters
  • Undefined index: field_name_orig
  • Undefined index: host
  • 'Add to central columns' (per column button) does nothing
  • SQL duplicate entry error trying to INSERT in designer_settings table
  • Fix handling of databases with dot in a name
  • Fix hiding of page content behind menu
  • FROM clause not generated after loading search bookmark
  • Fix creating/editing VIEW with DEFINER containing special chars
  • Do not invoke FLUSH PRIVILEGES when server in --skip-grant-tables
  • Misleading message for configuration storage
  • Table pagination does nothing when session expired
  • Index comments not working properly
  • Better handle local storage errors
  • Improve detection of privileges for privilege adjusting
  • Undefined property: stdClass::$releases at version check when disabled in config
  • SQL comment and variable stripped from bookmark on save
  • Gracefully handle errors in regex based javascript search
  • [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1
  • [Security] Unsafe generation of CSRF token, see PMASA-2016-2
  • [Security] Multiple XSS vulnerabilities, see PMASA-2016-3
  • [Security] Insecure password generation in JavaScript, see PMASA-2016-4
  • [Security] Unsafe comparison of CSRF token, see PMASA-2016-5
  • [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-6
  • [Security] XSS vulnerability in normalization page, see PMASA-2016-7
  • [Security] Full path disclosure vulnerability in SQL parser, see PMASA-2016-8
  • [Security] XSS vulnerability in SQL editor, see PMASA-2016-9

How to install

sudo dnf upgrade --advisory=FEDORA-2016-e1fe01e96e

Comments 6

This update has been submitted for testing by robert.

looks fine for me

karma: +1

robert edited this update.

This update has been pushed to testing.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines

Is the update generally functional? (karma)

You need to be logged in to add karma!

#1302676 CVE-2016-2038 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-1)
#1302677 CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF token (PMASA-2016-2)
#1302679 CVE-2016-2040 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2016-3)
#1302680 CVE-2016-1927 phpMyAdmin: Insecure password generation in JavaScript (PMASA-2016-4)
#1302681 CVE-2016-2041 phpMyAdmin: Unsafe comparison of XSRF/CSRF token (PMASA-2016-5)
#1302682 CVE-2016-2042 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-6)
#1302684 CVE-2016-2043 phpMyAdmin: XSS vulnerability in normalization page (PMASA-2016-7)
#1302685 CVE-2016-2044 phpMyAdmin: Full path disclosure vulnerability in SQL parser (PMASA-2016-8)
#1302686 CVE-2016-2045 phpMyAdmin: XSS vulnerability in SQL editor (PMASA-2016-9)
#1302790 CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 CVE-2016-1927 CVE-2016-2041 CVE-2016-2043 CVE-2016-2044 CVE-2016-2045 phpmyadmin: various flaws [fedora-all]
Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
high
Karma
+1
stable threshold: 1
unstable threshold: -3
Autopush
Enabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago
modified 3 years ago

Related Bugs 10

00 #1302676 CVE-2016-2038 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-1)
00 #1302677 CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF token (PMASA-2016-2)
00 #1302679 CVE-2016-2040 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2016-3)
00 #1302680 CVE-2016-1927 phpMyAdmin: Insecure password generation in JavaScript (PMASA-2016-4)
00 #1302681 CVE-2016-2041 phpMyAdmin: Unsafe comparison of XSRF/CSRF token (PMASA-2016-5)
00 #1302682 CVE-2016-2042 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-6)
00 #1302684 CVE-2016-2043 phpMyAdmin: XSS vulnerability in normalization page (PMASA-2016-7)
00 #1302685 CVE-2016-2044 phpMyAdmin: Full path disclosure vulnerability in SQL parser (PMASA-2016-8)
00 #1302686 CVE-2016-2045 phpMyAdmin: XSS vulnerability in SQL editor (PMASA-2016-9)
00 #1302790 CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 CVE-2016-1927 CVE-2016-2041 CVE-2016-2043 CVE-2016-2044 CVE-2016-2045 phpmyadmin: various flaws [fedora-all]

Automated Test Results