FEDORA-EPEL-2016-2a457c3d5b

security update in Fedora EPEL 5 for phpMyAdmin4

Status: stable 3 years ago

phpMyAdmin 4.0.10.14 (2016-01-29)

  • Error with PMA 4.0.10.13 with PHP 5.2

phpMyAdmin 4.0.10.13 (2016-01-28)

  • [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1
  • [Security] Unsafe generation of CSRF token, see PMASA-2016-2
  • [Security] Multiple XSS vulnerabilities, see PMASA-2016-3
  • [Security] Insecure password generation in JavaScript, see PMASA-2016-4
  • [Security] Unsafe comparison of CSRF token, see PMASA-2016-5

How to install

sudo dnf upgrade --advisory=FEDORA-EPEL-2016-2a457c3d5b

Comments 12

This update has been submitted for testing by robert.

nijel, RHEL/CentOS 5 ships PHP >= 5.3. May you please explain why you reference a PHP 5.2 related issue here without any further comment?

There will be soon followup release fixing that, so it might be good idea to postpone testing and wait for it...

robert edited this update.

robert edited this update.

New build(s):

  • phpMyAdmin4-4.0.10.14-1.el5

Removed build(s):

  • phpMyAdmin4-4.0.10.13-1.el5

This update has been submitted for testing by robert.

This update has been pushed to testing.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for stable by robert.

This update has been pushed to stable.

Content Type
RPM
Status
stable
Test Gating
Submitted by
Update Type
security
Update Severity
high
Karma
0
stable threshold: 1
unstable threshold: -3
Autopush
Enabled
Dates
submitted 3 years ago
in testing 3 years ago
in stable 3 years ago
modified 3 years ago

Related Bugs 6

00 #1302676 CVE-2016-2038 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-1)
00 #1302677 CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF token (PMASA-2016-2)
00 #1302679 CVE-2016-2040 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2016-3)
00 #1302680 CVE-2016-1927 phpMyAdmin: Insecure password generation in JavaScript (PMASA-2016-4)
00 #1302681 CVE-2016-2041 phpMyAdmin: Unsafe comparison of XSRF/CSRF token (PMASA-2016-5)
00 #1302791 CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 CVE-2016-1927 CVE-2016-2041 CVE-2016-2043 CVE-2016-2044 CVE-2016-2045 phpmyadmin: various flaws [epel-all]

Automated Test Results