FEDORA-2018-f2b24ce26e created by remi a year ago for Fedora 28
stable

Upstream announcement:

Security fix: phpMyAdmin 4.8.3 is released

The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.2. Among other bug fixes, this contains a security fix for an issue that can be exploited when importing files.

A flaw was discovered with how warning messages are displayed while importing a file. This attack requires a specially-crafted file but can allow an attacker to trick the user in to executing a cross-site scripting (XSS) attack. We recommend updating immediately to mitigate this attack.

In addition to the security fixes, this release also includes these bug fixes and more as part of our regular release cycle:

  • An error where a database is named 0
  • Fix for NULL as default not being shown
  • Fix for recent tables list
  • Fix for slow performance with table filtering
  • Two-factor authentication (2FA) fails if the GD PHP library is missing
  • Event scheduler toggle does not work
  • ERR_BLOCKED_BY_XSS_AUDITOR error when exporting a table
  • PHP 7.3 warning: "continue" in "switch" is equal to "break"

And several more. Complete notes are in the ChangeLog file included with this release.

How to install

sudo dnf upgrade --advisory=FEDORA-2018-f2b24ce26e

This update has been submitted for testing by remi.

a year ago

remi edited this update.

a year ago
User Icon imabug provided feedback a year ago
karma

This update has been pushed to testing.

a year ago

This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes

a year ago

This update has been submitted for batched by remi.

a year ago

This update has been submitted for stable by remi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
modified
a year ago
BZ#1620288 CVE-2018-15605 phpMyAdmin: XSS in the import dialog
0
0

Automated Test Results