FEDORA-2016-e1fe01e96e created by robert 3 years ago for Fedora 22
stable

phpMyAdmin 4.5.4 (2016-01-28)

  • live data edit of big sets is not working
  • Table list not saved in db QBE bookmarked search
  • While 'changing a column', query fails with a syntax error after the 'CHARSET=' keyword
  • Avoid syntax error in javascript messages on invalid PHP setting for max_input_vars
  • Properly handle errors in upacking zip archive
  • Set PHP's internal encoding to UTF-8
  • Fixed Kanji encoding in some specific cases
  • Check whether iconv works before using it
  • Avoid conversion of MySQL error messages
  • Undefined index: parameters
  • Undefined index: field_name_orig
  • Undefined index: host
  • 'Add to central columns' (per column button) does nothing
  • SQL duplicate entry error trying to INSERT in designer_settings table
  • Fix handling of databases with dot in a name
  • Fix hiding of page content behind menu
  • FROM clause not generated after loading search bookmark
  • Fix creating/editing VIEW with DEFINER containing special chars
  • Do not invoke FLUSH PRIVILEGES when server in --skip-grant-tables
  • Misleading message for configuration storage
  • Table pagination does nothing when session expired
  • Index comments not working properly
  • Better handle local storage errors
  • Improve detection of privileges for privilege adjusting
  • Undefined property: stdClass::$releases at version check when disabled in config
  • SQL comment and variable stripped from bookmark on save
  • Gracefully handle errors in regex based javascript search
  • [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1
  • [Security] Unsafe generation of CSRF token, see PMASA-2016-2
  • [Security] Multiple XSS vulnerabilities, see PMASA-2016-3
  • [Security] Insecure password generation in JavaScript, see PMASA-2016-4
  • [Security] Unsafe comparison of CSRF token, see PMASA-2016-5
  • [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-6
  • [Security] XSS vulnerability in normalization page, see PMASA-2016-7
  • [Security] Full path disclosure vulnerability in SQL parser, see PMASA-2016-8
  • [Security] XSS vulnerability in SQL editor, see PMASA-2016-9

How to install

sudo dnf upgrade --advisory=FEDORA-2016-e1fe01e96e

This update has been submitted for testing by robert.

3 years ago
User Icon flo commented & provided feedback 3 years ago
karma

looks fine for me

robert edited this update.

3 years ago

This update has been pushed to testing.

3 years ago

This update has been submitted for stable by bodhi.

3 years ago

This update has been pushed to stable.

3 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
1
Dates
submitted
3 years ago
in testing
3 years ago
in stable
3 years ago
modified
3 years ago
BZ#1302676 CVE-2016-2038 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-1)
0
0
BZ#1302677 CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF token (PMASA-2016-2)
0
0
BZ#1302679 CVE-2016-2040 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2016-3)
0
0
BZ#1302680 CVE-2016-1927 phpMyAdmin: Insecure password generation in JavaScript (PMASA-2016-4)
0
0
BZ#1302681 CVE-2016-2041 phpMyAdmin: Unsafe comparison of XSRF/CSRF token (PMASA-2016-5)
0
0
BZ#1302682 CVE-2016-2042 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-6)
0
0
BZ#1302684 CVE-2016-2043 phpMyAdmin: XSS vulnerability in normalization page (PMASA-2016-7)
0
0
BZ#1302685 CVE-2016-2044 phpMyAdmin: Full path disclosure vulnerability in SQL parser (PMASA-2016-8)
0
0
BZ#1302686 CVE-2016-2045 phpMyAdmin: XSS vulnerability in SQL editor (PMASA-2016-9)
0
0
BZ#1302790 CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 CVE-2016-1927 CVE-2016-2041 CVE-2016-2043 CVE-2016-2044 CVE-2016-2045 phpmyadmin: various flaws [fedora-all]
0
0

Automated Test Results