Fedora 36: 2023-0334c6000a Critical: pgAdmin4 URL Redirect Risk

fedora

February 2, 2023

Update to pgadmin4-6.19

Summary

pgAdmin is the most popular and feature rich Open Source administration and development

platform for PostgreSQL, the most advanced Open Source database in the world.

Update to pgadmin4-6.19. ---- Backport fix for CVE-2023-22298.

* Thu Jan 19 2023 Sandro Mani - 6.19-1

- Update to 6.19

* Wed Jan 18 2023 Benjamin A. Beasley - 6.18-3

- Allow Flask-Migrate 4.x

* Tue Jan 3 2023 Sandro Mani - 6.18-2

- Backport fix for CVE-2021-35065 for bundled glob-parent

* Tue Jan 3 2023 Sandro Mani - 6.18-1

- Update to 6.18

- Update bundled mozjpeg (#2155769)

* Thu Dec 8 2022 Sandro Mani - 6.17-2

- Fix python-azure-mgmt-rdbms-10.2.0~b5+ compatibility

* Wed Dec 7 2022 Sandro Mani - 6.17-1

- Update to 6.17

* Sun Nov 27 2022 Sandro Mani - 6.16-2

- Fix incorrect path to log folder in pgadmin4-httpd

* Sat Nov 19 2022 Sandro Mani - 6.16-1

- Update to 6.16

* Tue Nov 15 2022 Sandro Mani - 6.15-3

- Fix window icon on Wayland

* Thu Nov 10 2022 Sandro Mani - 6.15-2

- Re-add pgadmin4_username.patch

* Tue Nov 8 2022 Sandro Mani - 6.15-1

- Update to 6.15

* Tue Oct 4 2022 Sandro Mani - 6.14-2

- Re-add pgadmin4_username.patch

* Fri Sep 23 2022 Sandro Mani - 6.14-1

- Update to 6.14

[ 1 ] Bug #2161638 - CVE-2023-22298 pgadmin4: Open URL Redirect Vulnerability [fedora-36]

https://bugzilla.redhat.com/show_bug.cgi?id=2161638

[ 2 ] Bug #2163692 - CVE-2023-0241 pgadmin4: directory traversal vulnerability [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=2163692

su -c 'dnf upgrade --advisory FEDORA-2023-0334c6000a' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam, report it:

Topics Covered

security advisory Fedora administration tool backport fix pgAdmin URL redirect

Change Log

References

Update Instructions

Severity

critical

Lowest

Low

Medium

High

Critical

Product: Fedora 36

Version: 6.19

Release: 1.fc36

URL: https://www.pgadmin.org/

Summary: Administration tool for PostgreSQL

Topics Covered

security advisory Fedora administration tool backport fix pgAdmin URL redirect

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Fedora 36: 2023-0334c6000a Critical: pgAdmin4 URL Redirect Risk

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Fedora 36: 2023-0334c6000a Critical: pgAdmin4 URL Redirect Risk

Summary

Topics Covered

Change Log

References

Update Instructions

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!