Fedora 34: FEDORA-2022-2c0eaa6992 Critical Path Disclosure in phpMyAdmin

phpMyAdmin is a tool written in PHP intended to handle the administration of

MySQL over the Web. Currently it can create and drop databases,

create/drop/alter tables, delete/edit/add fields, execute any SQL statement,

manage keys on fields, manage privileges,export data into various formats and

is available in 50 languages

**phpMyAdmin 5.1.3** - 2022-02-11 This version primarily addresses a regression

that caused the navigation pane to not function correctly when multiple pages of

tables were shown. Version 5.1.3 includes a security hardening improvement. The

issue, reported by Rafael Pedrero, could allow users to cause an error that

would reveal the path on disk where phpMyAdmin is running from. We believe this

requires the server to be running with display_errors on, which is not the

recommended setting for a production environment. Version 5.1.3 includes a few

other minor bug fixes and is recommended for all users. Changelog: - issue

#17308 Fix broken pagination links in the navigation sidebar - issue #17331 Fix

MariaDB has no support for system variable "disabled_storage_engines" - issue

#17315 Fix unsupported operand types in Results.php when running "SHOW

PROCESSLIST" SQL query - issue #17288 Fixed importing browser settings question

box after login when having no pmadb - issue #17288 Fix "First day of calendar"

user override has no effect - issue #17239 Fixed repeating headers are not

working - issue #17298 Fixed import of email-adresses or links from ODS results

in empty contents - issue #17344 Fixed a type error on ODS import with non

string values - issue #17239 Fixed header row show/hide columns buttons on each

line after hover are shown on each row - issue **[security]** Fix for

path disclosure under certain server configurations (if display_errors is on,

for instance)

* Fri Feb 11 2022 Remi Collet - 5.1.3-1

- update to 5.1.3 (2022-02-10, security and bugfix release)

su -c 'dnf upgrade --advisory FEDORA-2022-2c0eaa6992' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure