FEDORA-EPEL-2016-5aba523f53 created by robert 4 years ago for Fedora EPEL 7
stable

phpMyAdmin 4.4.15.4 (2016-01-29)

  • Error with PMA 4.4.15.3
  • Remove hard dependency on phpseclib

phpMyAdmin 4.4.15.3 (2016-01-28)

  • [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-1
  • [Security] Unsafe generation of CSRF token, see PMASA-2016-2
  • [Security] Multiple XSS vulnerabilities, see PMASA-2016-3
  • [Security] Insecure password generation in JavaScript, see PMASA-2016-4
  • [Security] Unsafe comparison of CSRF token, see PMASA-2016-5
  • [Security] Multiple full path disclosure vulnerabilities, see PMASA-2016-6
  • [Security] XSS vulnerability in normalization page, see PMASA-2016-7

This update has been submitted for testing by robert.

4 years ago
User Icon robert commented & provided feedback 4 years ago

nijel, RHEL/CentOS 7 ships PHP >= 5.3. May you please explain why you reference a PHP 5.2 related issue here without any further comment?

User Icon nijel commented & provided feedback 4 years ago

This is different issue than with 4.0.10.13 :-). Not PHP version specific at all.

User Icon robert commented & provided feedback 4 years ago

This package does neither ship phpseclib - nor depend on it. Are you sure this update is affected?

User Icon nijel commented & provided feedback 4 years ago

The bug is in way how phpseclib is called (it's required twice in a same script) so it doesn't matter if you use external library.

robert edited this update.

4 years ago

robert edited this update.

New build(s):

  • phpMyAdmin-4.4.15.4-1.el7

Removed build(s):

  • phpMyAdmin-4.4.15.3-1.el7
4 years ago

This update has been submitted for testing by robert.

4 years ago

This update has been pushed to testing.

4 years ago

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

4 years ago

This update has been submitted for stable by robert.

4 years ago

This update has been pushed to stable.

4 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
0
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
1
Stable by Time
disabled
Dates
submitted
4 years ago
in testing
4 years ago
in stable
4 years ago
modified
4 years ago
BZ#1302676 CVE-2016-2038 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-1)
0
0
BZ#1302677 CVE-2016-2039 phpMyAdmin: Unsafe generation of XSRF/CSRF token (PMASA-2016-2)
0
0
BZ#1302679 CVE-2016-2040 phpMyAdmin: Multiple XSS vulnerabilities (PMASA-2016-3)
0
0
BZ#1302680 CVE-2016-1927 phpMyAdmin: Insecure password generation in JavaScript (PMASA-2016-4)
0
0
BZ#1302681 CVE-2016-2041 phpMyAdmin: Unsafe comparison of XSRF/CSRF token (PMASA-2016-5)
0
0
BZ#1302682 CVE-2016-2042 phpMyAdmin: Multiple full path disclosure vulnerabilities (PMASA-2016-6)
0
0
BZ#1302684 CVE-2016-2043 phpMyAdmin: XSS vulnerability in normalization page (PMASA-2016-7)
0
0
BZ#1302791 CVE-2016-2038 CVE-2016-2039 CVE-2016-2040 CVE-2016-1927 CVE-2016-2041 CVE-2016-2043 CVE-2016-2044 CVE-2016-2045 phpmyadmin: various flaws [epel-all]
0
0

Automated Test Results