--------------------------------------------------------------------------------Fedora Update Notification
FEDORA-2020-43d8624421
2020-10-23 22:01:02.260657
--------------------------------------------------------------------------------Name        : phpMyAdmin
Product     : Fedora 33
Version     : 5.0.3
Release     : 1.fc33
URL         : https://www.phpmyadmin.net/
Summary     : A web interface for MySQL and MariaDB
Description :
phpMyAdmin is a tool written in PHP intended to handle the administration of
MySQL over the Web. Currently it can create and drop databases,
create/drop/alter tables, delete/edit/add fields, execute any SQL statement,
manage keys on fields, manage privileges,export data into various formats and
is available in 50 languages

--------------------------------------------------------------------------------Update Information:

**Version 5.0.3** (2020-10-09)  - issue #15983 Require twig ^2.9 - issue
Fix option to import files locally appearing as not available - issue #16048 Fix
to allow NULL as a default bit value - issue #16062 Fix "htmlspecialchars()
expects parameter 1 to be string, null given" on Export xml - issue #16078 Fix
no charts in monitor when using a decimal separator "," - issue #16041 Fix
IN(...) clause doesn't permit multiple values on "Search" page - issue #14411
Support double tap to edit on mobile - issue #16043 Fix php error "Use of
undefined constant MYSQLI_TYPE_JSON" when using the mysqlnd extension - issue
#14611 Fix fatal JS error on index creation after using Enter key to submit the
form - issue #16012 Set "axis-order" to swap lon and lat on MySQL >= 8.1 - issue
#16104 Fixed overwriting a bookmarked query causes a PHP fatal error - issue
Fix typo in a condition in the Sql class - issue #15996 Fix local setup doc
links pointing to a wrong location - issue #16093 Fix error importing utf-8 with
bom sql file - issue #16089 2FA UX enhancement: autofocus 2FA input - issue
#16127 Fix table column description PHP error when ['DisableIS'] = true; - issue
#16130 Fix local documentation links display when a PHP extension is missing -issue        Fix some twig code deprecations for php 8 - issue        Fix ENUM
and SET display when editing procedures and functions - issue        Keep full
query state on "auto refresh" process list - issue        Keep columns order on
"auto refresh" process list - issue        Fixed editing a failed query from the
error message - issue #16166 Fix the alter user privileges query to make it
MySQL 8.0.11+ compatible - issue        Fix copy table to another database when
the nbr of DBs is > $cfg['MaxDbList'] - issue #16157 Fix relations of tables
having spaces or special chars not showing in the Designer - issue #16052 Fix a
very rare JS error occuring on mousemove event - issue #16162 Make a foreign key
link clickable in a new tab after the value was saved and replaced - issue
#16163 Fixed a PHP notice "Undefined index: column_info" on views - issue #14478
Fix the data stream when exporting data in file mode - issue #16184 Fix
templates/ directory not found error - issue #16184 Remove chdir logic to fix
PHP fatal error "Uncaught TypeError: chdir()" - issue        Support for Twig 3
- issue        Allow phpmyadmin/twig-i18n-extension ^3.0 - issue #16201 Trim
spaces for integer values in table search - issue #16076 Fixed cannot edit or
export TIMESTAMP column with default CURRENT_TIMESTAMP in MySQL >= 8.0.13 -issue #16226 Fix error 500 after copying a table - issue #16222 Fixed can't use
the search page when the table name has special characters - issue #16248 Fix
zoom search is not performing input validation on INT columns - issue #16248 Fix
javascript error when typing in INT fields on zoom search page - issue
Fix type errors when using saved searches - issue #16261 Fix missing headings on
modals of "User Accounts -> Export" - issue #16146 Fixed sorting did not keep
the selector of number of rows - issue #16194 Fixed SQL query does not appear in
case of editing view where definer is not you on MySQL 8 - issue #16255 Fix
tinyint(1) shown as INT on Search page - issue #16256 Fix "Warning:
error_reporting() has been disabled for security reasons" on php 7.x - issue
#15367 Fix "Change or reconfigure primary server" link - issue #15367 Fix first
replica links, start, stop, ignore links - issue #16058 Add
"PMA_single_signon_HMAC_secret" for signon auths to make special links work and
udate examples - issue #16269 Support ReCaptcha v2 checkbox width
"$cfg['CaptchaMethod'] = 'checkbox';" - issue #14644 Use Doctum instead of Sami
- issue #16086 Fix "Browse" headings shift when scrolling - issue #15328 Fix no
message after import of zipped shapefile without php-zip - issue #14326 Fix PHP
error when exporting without php-zip - issue #16318 Fix Profiling doesn't sum
the number of calls - issue #16319 Fixed a Russian translation mistake on search
results total text - issue #15634 Only use session_set_cookie_params once on PHP
>= 7.3.0 versions for single signon auth - issue #14698 Fixed database named as
'New' (language variable) causes PHP fatal error - issue #16355 Make textareas
both sides resizable - issue #16366 Fix column definition form not showing
default value - issue #16342 Fixed multi-table query (db_multi_table_query.php)
alias show the same alias for all columns - issue #15109 Fixed using
ST_GeomFromText + GUI on insert throws an error - issue #16325 Fixed editing
Geometry data throws error on using the GUI - issue        [security] Fix XSS
vulnerability with the transformation feature (**PMASA-2020-5, CVE-2020-26934**)
- issue        [security] Fix SQL injection vulnerability with search feature
(**PMASA-2020-6, CVE-2020-26935**)
--------------------------------------------------------------------------------ChangeLog:

* Sat Oct 10 2020 Remi Collet  - 5.0.3-1
- update to 5.0.3 (2020-10-10, security release)
- raise dependency on twig 2.9 and allow v3
- allow phpmyadmin/twig-i18n-extension v3
--------------------------------------------------------------------------------References:

  [ 1 ] Bug #1887249 - CVE-2020-26934 phpmyadmin: XSS relating to the transformation feature
        https://bugzilla.redhat.com/show_bug.cgi?id=1887249
  [ 2 ] Bug #1887253 - CVE-2020-26935 phpmyadmin: SQL injection vulnerability in SearchController
        https://bugzilla.redhat.com/show_bug.cgi?id=1887253
--------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-43d8624421' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/security/
--------------------------------------------------------------------------------_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Fedora 33: phpMyAdmin 2020-43d8624421

October 23, 2020
**Version 5.0.3** (2020-10-09) - issue #15983 Require twig ^2.9 - issue Fix option to import files locally appearing as not available - issue #16048 Fix to allow NULL as a default ...

Summary

phpMyAdmin is a tool written in PHP intended to handle the administration of

MySQL over the Web. Currently it can create and drop databases,

create/drop/alter tables, delete/edit/add fields, execute any SQL statement,

manage keys on fields, manage privileges,export data into various formats and

is available in 50 languages

**Version 5.0.3** (2020-10-09) - issue #15983 Require twig ^2.9 - issue

Fix option to import files locally appearing as not available - issue #16048 Fix

to allow NULL as a default bit value - issue #16062 Fix "htmlspecialchars()

expects parameter 1 to be string, null given" on Export xml - issue #16078 Fix

no charts in monitor when using a decimal separator "," - issue #16041 Fix

IN(...) clause doesn't permit multiple values on "Search" page - issue #14411

Support double tap to edit on mobile - issue #16043 Fix php error "Use of

undefined constant MYSQLI_TYPE_JSON" when using the mysqlnd extension - issue

#14611 Fix fatal JS error on index creation after using Enter key to submit the

form - issue #16012 Set "axis-order" to swap lon and lat on MySQL >= 8.1 - issue

#16104 Fixed overwriting a bookmarked query causes a PHP fatal error - issue

Fix typo in a condition in the Sql class - issue #15996 Fix local setup doc

links pointing to a wrong location - issue #16093 Fix error importing utf-8 with

bom sql file - issue #16089 2FA UX enhancement: autofocus 2FA input - issue

#16127 Fix table column description PHP error when ['DisableIS'] = true; - issue

#16130 Fix local documentation links display when a PHP extension is missing -issue Fix some twig code deprecations for php 8 - issue Fix ENUM

and SET display when editing procedures and functions - issue Keep full

query state on "auto refresh" process list - issue Keep columns order on

"auto refresh" process list - issue Fixed editing a failed query from the

error message - issue #16166 Fix the alter user privileges query to make it

MySQL 8.0.11+ compatible - issue Fix copy table to another database when

the nbr of DBs is > $cfg['MaxDbList'] - issue #16157 Fix relations of tables

having spaces or special chars not showing in the Designer - issue #16052 Fix a

very rare JS error occuring on mousemove event - issue #16162 Make a foreign key

link clickable in a new tab after the value was saved and replaced - issue

#16163 Fixed a PHP notice "Undefined index: column_info" on views - issue #14478

Fix the data stream when exporting data in file mode - issue #16184 Fix

templates/ directory not found error - issue #16184 Remove chdir logic to fix

PHP fatal error "Uncaught TypeError: chdir()" - issue Support for Twig 3

- issue Allow phpmyadmin/twig-i18n-extension ^3.0 - issue #16201 Trim

spaces for integer values in table search - issue #16076 Fixed cannot edit or

export TIMESTAMP column with default CURRENT_TIMESTAMP in MySQL >= 8.0.13 -issue #16226 Fix error 500 after copying a table - issue #16222 Fixed can't use

the search page when the table name has special characters - issue #16248 Fix

zoom search is not performing input validation on INT columns - issue #16248 Fix

javascript error when typing in INT fields on zoom search page - issue

Fix type errors when using saved searches - issue #16261 Fix missing headings on

modals of "User Accounts -> Export" - issue #16146 Fixed sorting did not keep

the selector of number of rows - issue #16194 Fixed SQL query does not appear in

case of editing view where definer is not you on MySQL 8 - issue #16255 Fix

tinyint(1) shown as INT on Search page - issue #16256 Fix "Warning:

error_reporting() has been disabled for security reasons" on php 7.x - issue

#15367 Fix "Change or reconfigure primary server" link - issue #15367 Fix first

replica links, start, stop, ignore links - issue #16058 Add

"PMA_single_signon_HMAC_secret" for signon auths to make special links work and

udate examples - issue #16269 Support ReCaptcha v2 checkbox width

"$cfg['CaptchaMethod'] = 'checkbox';" - issue #14644 Use Doctum instead of Sami

- issue #16086 Fix "Browse" headings shift when scrolling - issue #15328 Fix no

message after import of zipped shapefile without php-zip - issue #14326 Fix PHP

error when exporting without php-zip - issue #16318 Fix Profiling doesn't sum

the number of calls - issue #16319 Fixed a Russian translation mistake on search

results total text - issue #15634 Only use session_set_cookie_params once on PHP

>= 7.3.0 versions for single signon auth - issue #14698 Fixed database named as

'New' (language variable) causes PHP fatal error - issue #16355 Make textareas

both sides resizable - issue #16366 Fix column definition form not showing

default value - issue #16342 Fixed multi-table query (db_multi_table_query.php)

alias show the same alias for all columns - issue #15109 Fixed using

ST_GeomFromText + GUI on insert throws an error - issue #16325 Fixed editing

Geometry data throws error on using the GUI - issue [security] Fix XSS

vulnerability with the transformation feature (**PMASA-2020-5, CVE-2020-26934**)

- issue [security] Fix SQL injection vulnerability with search feature

(**PMASA-2020-6, CVE-2020-26935**)

* Sat Oct 10 2020 Remi Collet - 5.0.3-1

- update to 5.0.3 (2020-10-10, security release)

- raise dependency on twig 2.9 and allow v3

- allow phpmyadmin/twig-i18n-extension v3

[ 1 ] Bug #1887249 - CVE-2020-26934 phpmyadmin: XSS relating to the transformation feature

https://bugzilla.redhat.com/show_bug.cgi?id=1887249

[ 2 ] Bug #1887253 - CVE-2020-26935 phpmyadmin: SQL injection vulnerability in SearchController

https://bugzilla.redhat.com/show_bug.cgi?id=1887253

su -c 'dnf upgrade --advisory FEDORA-2020-43d8624421' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

FEDORA-2020-43d8624421 2020-10-23 22:01:02.260657 Product : Fedora 33 Version : 5.0.3 Release : 1.fc33 URL : https://www.phpmyadmin.net/ Summary : A web interface for MySQL and MariaDB Description : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and is available in 50 languages **Version 5.0.3** (2020-10-09) - issue #15983 Require twig ^2.9 - issue Fix option to import files locally appearing as not available - issue #16048 Fix to allow NULL as a default bit value - issue #16062 Fix "htmlspecialchars() expects parameter 1 to be string, null given" on Export xml - issue #16078 Fix no charts in monitor when using a decimal separator "," - issue #16041 Fix IN(...) clause doesn't permit multiple values on "Search" page - issue #14411 Support double tap to edit on mobile - issue #16043 Fix php error "Use of undefined constant MYSQLI_TYPE_JSON" when using the mysqlnd extension - issue #14611 Fix fatal JS error on index creation after using Enter key to submit the form - issue #16012 Set "axis-order" to swap lon and lat on MySQL >= 8.1 - issue #16104 Fixed overwriting a bookmarked query causes a PHP fatal error - issue Fix typo in a condition in the Sql class - issue #15996 Fix local setup doc links pointing to a wrong location - issue #16093 Fix error importing utf-8 with bom sql file - issue #16089 2FA UX enhancement: autofocus 2FA input - issue #16127 Fix table column description PHP error when ['DisableIS'] = true; - issue #16130 Fix local documentation links display when a PHP extension is missing -issue Fix some twig code deprecations for php 8 - issue Fix ENUM and SET display when editing procedures and functions - issue Keep full query state on "auto refresh" process list - issue Keep columns order on "auto refresh" process list - issue Fixed editing a failed query from the error message - issue #16166 Fix the alter user privileges query to make it MySQL 8.0.11+ compatible - issue Fix copy table to another database when the nbr of DBs is > $cfg['MaxDbList'] - issue #16157 Fix relations of tables having spaces or special chars not showing in the Designer - issue #16052 Fix a very rare JS error occuring on mousemove event - issue #16162 Make a foreign key link clickable in a new tab after the value was saved and replaced - issue #16163 Fixed a PHP notice "Undefined index: column_info" on views - issue #14478 Fix the data stream when exporting data in file mode - issue #16184 Fix templates/ directory not found error - issue #16184 Remove chdir logic to fix PHP fatal error "Uncaught TypeError: chdir()" - issue Support for Twig 3 - issue Allow phpmyadmin/twig-i18n-extension ^3.0 - issue #16201 Trim spaces for integer values in table search - issue #16076 Fixed cannot edit or export TIMESTAMP column with default CURRENT_TIMESTAMP in MySQL >= 8.0.13 -issue #16226 Fix error 500 after copying a table - issue #16222 Fixed can't use the search page when the table name has special characters - issue #16248 Fix zoom search is not performing input validation on INT columns - issue #16248 Fix javascript error when typing in INT fields on zoom search page - issue Fix type errors when using saved searches - issue #16261 Fix missing headings on modals of "User Accounts -> Export" - issue #16146 Fixed sorting did not keep the selector of number of rows - issue #16194 Fixed SQL query does not appear in case of editing view where definer is not you on MySQL 8 - issue #16255 Fix tinyint(1) shown as INT on Search page - issue #16256 Fix "Warning: error_reporting() has been disabled for security reasons" on php 7.x - issue #15367 Fix "Change or reconfigure primary server" link - issue #15367 Fix first replica links, start, stop, ignore links - issue #16058 Add "PMA_single_signon_HMAC_secret" for signon auths to make special links work and udate examples - issue #16269 Support ReCaptcha v2 checkbox width "$cfg['CaptchaMethod'] = 'checkbox';" - issue #14644 Use Doctum instead of Sami - issue #16086 Fix "Browse" headings shift when scrolling - issue #15328 Fix no message after import of zipped shapefile without php-zip - issue #14326 Fix PHP error when exporting without php-zip - issue #16318 Fix Profiling doesn't sum the number of calls - issue #16319 Fixed a Russian translation mistake on search results total text - issue #15634 Only use session_set_cookie_params once on PHP >= 7.3.0 versions for single signon auth - issue #14698 Fixed database named as 'New' (language variable) causes PHP fatal error - issue #16355 Make textareas both sides resizable - issue #16366 Fix column definition form not showing default value - issue #16342 Fixed multi-table query (db_multi_table_query.php) alias show the same alias for all columns - issue #15109 Fixed using ST_GeomFromText + GUI on insert throws an error - issue #16325 Fixed editing Geometry data throws error on using the GUI - issue [security] Fix XSS vulnerability with the transformation feature (**PMASA-2020-5, CVE-2020-26934**) - issue [security] Fix SQL injection vulnerability with search feature (**PMASA-2020-6, CVE-2020-26935**) * Sat Oct 10 2020 Remi Collet - 5.0.3-1 - update to 5.0.3 (2020-10-10, security release) - raise dependency on twig 2.9 and allow v3 - allow phpmyadmin/twig-i18n-extension v3 [ 1 ] Bug #1887249 - CVE-2020-26934 phpmyadmin: XSS relating to the transformation feature https://bugzilla.redhat.com/show_bug.cgi?id=1887249 [ 2 ] Bug #1887253 - CVE-2020-26935 phpmyadmin: SQL injection vulnerability in SearchController https://bugzilla.redhat.com/show_bug.cgi?id=1887253 su -c 'dnf upgrade --advisory FEDORA-2020-43d8624421' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Change Log

References

Update Instructions

Severity
Product : Fedora 33
Version : 5.0.3
Release : 1.fc33
URL : https://www.phpmyadmin.net/
Summary : A web interface for MySQL and MariaDB

Related News

5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
30.Lock Globe Motherboard Esm H320
1 - 2 min read
The SPDX 3.0 release marks a significant milestone in software management, particularly for Linux admins, infosec professionals, internet security
11.Locks IsometricPattern Esm H320
2 - 3 min read
Open Source maintainers and developers have been warned about the continued wave of attacks aimed at project maintainers similar to those recently
28.Lock Globe Esm H320
1 - 2 min read
A resurgence of cyberattacks targeting Linux systems in Asian campaigns through the utilization of the Pupy Remote Access Trojan (RAT) has been
27.Tablet Connections Blocks Lock Esm H320
2 - 4 min read
Canonical has recently announced the Beta release of Ubuntu Linux 24.04 LTS , codenamed "Noble Numbat." This release aims to continue Ubuntu's
21.Globe RadiatingCode Esm H320
2 - 3 min read
The open-source movement has come a long way, from its origins in the 1960s and 1970s to becoming an integral part of organizations worldwide.
13.Lock StylizedMotherboard Esm H320
2 - 3 min read
The Rust-based Edera project demonstrates a unique approach to container security that addresses cloud-native computing challenges. Let's examine
8.Locks HexConnections CodeGlobe Esm H320
2 - 3 min read
Canonical has launched Ubuntu Pro for Devices , a comprehensive offering emphasizing security and compliance for IoT device deployments. This
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved