Linux Security
    Linux Security
    Linux Security

    Fedora 32: phpMyAdmin 2020-4e78c86902

    Date
    161
    Posted By
    **Version 5.0.3** (2020-10-09) - issue #15983 Require twig ^2.9 - issue Fix option to import files locally appearing as not available - issue #16048 Fix to allow NULL as a default bit value - issue #16062 Fix "htmlspecialchars() expects parameter 1 to be string, null given" on Export xml - issue #16078 Fix no charts in monitor when using a decimal separator "," - issue #16041 Fix
    --------------------------------------------------------------------------------
    Fedora Update Notification
    FEDORA-2020-4e78c86902
    2020-10-19 16:56:49.452622
    --------------------------------------------------------------------------------
    
    Name        : phpMyAdmin
    Product     : Fedora 32
    Version     : 5.0.3
    Release     : 1.fc32
    URL         : https://www.phpmyadmin.net/
    Summary     : A web interface for MySQL and MariaDB
    Description :
    phpMyAdmin is a tool written in PHP intended to handle the administration of
    MySQL over the Web. Currently it can create and drop databases,
    create/drop/alter tables, delete/edit/add fields, execute any SQL statement,
    manage keys on fields, manage privileges,export data into various formats and
    is available in 50 languages
    
    --------------------------------------------------------------------------------
    Update Information:
    
    **Version 5.0.3** (2020-10-09)  - issue #15983 Require twig ^2.9 - issue
    Fix option to import files locally appearing as not available - issue #16048 Fix
    to allow NULL as a default bit value - issue #16062 Fix "htmlspecialchars()
    expects parameter 1 to be string, null given" on Export xml - issue #16078 Fix
    no charts in monitor when using a decimal separator "," - issue #16041 Fix
    IN(...) clause doesn't permit multiple values on "Search" page - issue #14411
    Support double tap to edit on mobile - issue #16043 Fix php error "Use of
    undefined constant MYSQLI_TYPE_JSON" when using the mysqlnd extension - issue
    #14611 Fix fatal JS error on index creation after using Enter key to submit the
    form - issue #16012 Set "axis-order" to swap lon and lat on MySQL >= 8.1 - issue
    #16104 Fixed overwriting a bookmarked query causes a PHP fatal error - issue
    Fix typo in a condition in the Sql class - issue #15996 Fix local setup doc
    links pointing to a wrong location - issue #16093 Fix error importing utf-8 with
    bom sql file - issue #16089 2FA UX enhancement: autofocus 2FA input - issue
    #16127 Fix table column description PHP error when ['DisableIS'] = true; - issue
    #16130 Fix local documentation links display when a PHP extension is missing -
    issue        Fix some twig code deprecations for php 8 - issue        Fix ENUM
    and SET display when editing procedures and functions - issue        Keep full
    query state on "auto refresh" process list - issue        Keep columns order on
    "auto refresh" process list - issue        Fixed editing a failed query from the
    error message - issue #16166 Fix the alter user privileges query to make it
    MySQL 8.0.11+ compatible - issue        Fix copy table to another database when
    the nbr of DBs is > $cfg['MaxDbList'] - issue #16157 Fix relations of tables
    having spaces or special chars not showing in the Designer - issue #16052 Fix a
    very rare JS error occuring on mousemove event - issue #16162 Make a foreign key
    link clickable in a new tab after the value was saved and replaced - issue
    #16163 Fixed a PHP notice "Undefined index: column_info" on views - issue #14478
    Fix the data stream when exporting data in file mode - issue #16184 Fix
    templates/ directory not found error - issue #16184 Remove chdir logic to fix
    PHP fatal error "Uncaught TypeError: chdir()" - issue        Support for Twig 3
    - issue        Allow phpmyadmin/twig-i18n-extension ^3.0 - issue #16201 Trim
    spaces for integer values in table search - issue #16076 Fixed cannot edit or
    export TIMESTAMP column with default CURRENT_TIMESTAMP in MySQL >= 8.0.13 -
    issue #16226 Fix error 500 after copying a table - issue #16222 Fixed can't use
    the search page when the table name has special characters - issue #16248 Fix
    zoom search is not performing input validation on INT columns - issue #16248 Fix
    javascript error when typing in INT fields on zoom search page - issue
    Fix type errors when using saved searches - issue #16261 Fix missing headings on
    modals of "User Accounts -> Export" - issue #16146 Fixed sorting did not keep
    the selector of number of rows - issue #16194 Fixed SQL query does not appear in
    case of editing view where definer is not you on MySQL 8 - issue #16255 Fix
    tinyint(1) shown as INT on Search page - issue #16256 Fix "Warning:
    error_reporting() has been disabled for security reasons" on php 7.x - issue
    #15367 Fix "Change or reconfigure primary server" link - issue #15367 Fix first
    replica links, start, stop, ignore links - issue #16058 Add
    "PMA_single_signon_HMAC_secret" for signon auths to make special links work and
    udate examples - issue #16269 Support ReCaptcha v2 checkbox width
    "$cfg['CaptchaMethod'] = 'checkbox';" - issue #14644 Use Doctum instead of Sami
    - issue #16086 Fix "Browse" headings shift when scrolling - issue #15328 Fix no
    message after import of zipped shapefile without php-zip - issue #14326 Fix PHP
    error when exporting without php-zip - issue #16318 Fix Profiling doesn't sum
    the number of calls - issue #16319 Fixed a Russian translation mistake on search
    results total text - issue #15634 Only use session_set_cookie_params once on PHP
    >= 7.3.0 versions for single signon auth - issue #14698 Fixed database named as
    'New' (language variable) causes PHP fatal error - issue #16355 Make textareas
    both sides resizable - issue #16366 Fix column definition form not showing
    default value - issue #16342 Fixed multi-table query (db_multi_table_query.php)
    alias show the same alias for all columns - issue #15109 Fixed using
    ST_GeomFromText + GUI on insert throws an error - issue #16325 Fixed editing
    Geometry data throws error on using the GUI - issue        [security] Fix XSS
    vulnerability with the transformation feature (**PMASA-2020-5, CVE-2020-26934**)
    - issue        [security] Fix SQL injection vulnerability with search feature
    (**PMASA-2020-6, CVE-2020-26935**)
    --------------------------------------------------------------------------------
    ChangeLog:
    
    * Sat Oct 10 2020 Remi Collet  - 5.0.3-1
    - update to 5.0.3 (2020-10-10, security release)
    - raise dependency on twig 2.9 and allow v3
    - allow phpmyadmin/twig-i18n-extension v3
    --------------------------------------------------------------------------------
    References:
    
      [ 1 ] Bug #1887249 - CVE-2020-26934 phpmyadmin: XSS relating to the transformation feature
            https://bugzilla.redhat.com/show_bug.cgi?id=1887249
      [ 2 ] Bug #1887253 - CVE-2020-26935 phpmyadmin: SQL injection vulnerability in SearchController
            https://bugzilla.redhat.com/show_bug.cgi?id=1887253
    --------------------------------------------------------------------------------
    
    This update can be installed with the "dnf" update program. Use
    su -c 'dnf upgrade --advisory FEDORA-2020-4e78c86902' at the command
    line. For more information, refer to the dnf documentation available at
    https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
    
    All packages are signed with the Fedora Project GPG key. More details on the
    GPG keys used by the Fedora Project can be found at
    https://fedoraproject.org/keys
    --------------------------------------------------------------------------------
    _______________________________________________
    package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it.
    To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it.
    Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
    List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
    List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it.
    

    LinuxSecurity Poll

    I agree with Linus Torvalds - Apple's new M1-powered laptops should run on Linux.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /main-polls/45-i-agree-with-linus-torvalds-apple-s-new-m1-powered-laptops-should-run-on-linux?task=poll.vote&format=json
    45
    radio
    [{"id":"158","title":"True","votes":"8","type":"x","order":"1","pct":100,"resources":[]},{"id":"159","title":"False","votes":"0","type":"x","order":"2","pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350

    Please vote first in order to view vote results.


    VIEW MORE POLLS

    bottom 200

    Please enable / Bitte aktiviere JavaScript!
    Veuillez activer / Por favor activa el Javascript![ ? ]

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.