stable
FEDORA-2020-e60ce63865 created by remi 2 years ago for Fedora 32

The phpMyAdmin team announces the release of both 4.9.5 and 5.0.2.

Both versions contain several security fixes:

  • PMASA-2020-2 SQL injection vulnerability in the user accounts page, particularly when changing a password
  • PMASA-2020-3 SQL injection vulnerability relating to the search feature
  • PMASA-2020-4 SQL injection and XSS having to do with displaying results
  • Removing of the "options" field for the external transformation.

There are many other bugs fixes, please see the ChangeLog file included with this release for full details.

How to install

sudo dnf upgrade --refresh --advisory=FEDORA-2020-e60ce63865

This update has been submitted for testing by remi.

2 years ago

This update's test gating status has been changed to 'waiting'.

2 years ago

This update's test gating status has been changed to 'ignored'.

2 years ago

remi edited this update.

2 years ago

remi edited this update.

2 years ago

remi edited this update.

2 years ago
User Icon imabug provided feedback 2 years ago
karma

This update has been pushed to testing.

2 years ago

remi edited this update.

New build(s):

  • phpMyAdmin-5.0.2-2.fc32

Removed build(s):

  • phpMyAdmin-5.0.2-1.fc32

Karma has been reset.

2 years ago

This update has been submitted for testing by remi.

2 years ago
User Icon imabug provided feedback 2 years ago
karma

This update has been pushed to testing.

2 years ago

This update can be pushed to stable now if the maintainer wishes

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
3
Stable by Time
7 days
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago
BZ#1816097 CVE-2020-10804 phpMyAdmin: SQL injection was found in retrieval of the current username which could result privilege escalation
0
0
BZ#1816100 CVE-2020-10804 phpMyAdmin: SQL vulnerability was found in retrieval of the current username which could result privilege escalation [fedora-all]
0
0
BZ#1816131 CVE-2020-10803 phpMyAdmin: Inserting specially crafted code in database tables, retrieving and displaying resuts could result in XSS
0
0
BZ#1816133 CVE-2020-10803 phpMyAdmin: Inserting specially crafted code in database tables, retrieving and displaying resuts could result in XSS [fedora-all]
0
0
BZ#1816144 CVE-2020-10802 phpMyAdmin: SQL injection was found in generating certain queries for search actions which could result in malicious D M
0
0
BZ#1816146 CVE-2020-10802 phpMyAdmin: SQL injection was found in generating certain queries for search actions which could result in malicious D M [fedora-all]
0
0

Automated Test Results