Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 40: UPDATE - phpMyAdmin 5.2.2 critical XSS and DoS issues

fedora
Calendar Grey January 31, 2025
Dist Fedora Esm H88
Fedora has rolled out security patches for phpMyAdmin version 5.2.2, tackling several vulnerabilities including cross-site scripting (XSS) and denial of service (DoS) concerns.
phpMyAdmin 5.2.2 is released Welcome to the release of phpMyAdmin version 5.2.2, the "I should have released this sooner" release

Summary

phpMyAdmin is a tool written in PHP intended to handle the administration of

MySQL over the Web. Currently it can create and drop databases,

create/drop/alter tables, delete/edit/add fields, execute any SQL statement,

manage keys on fields, manage privileges,export data into various formats and

is available in 50 languages

Update Information:

phpMyAdmin 5.2.2 is released Welcome to the release of phpMyAdmin version 5.2.2, the "I should have released this sooner" release. This is primarily a bugfix release but also contains a few security fixes as noted below. fix possible security issue in sql-parser which could cause long execution times that could create a DOS attack (thanks to Maximilian Krög) fix an XSS vulnerability in the check tables feature (PMASA-2025-1, thanks to bluebird) fix an XSS vulnerability in the Insert tab (PMASA-2025-2, thanks to frequent contributor Kamil Tekiela) fix possible security issue with library code slim/psr7 (CVE-2023-30536) fix possible security issue relating to iconv (CVE-2024-2961, PMASA-2025-3) fix a full path disclosure in the Monitoring tab issue #18268 Fix UI issue the theme manager is disabled issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling issue #18106 Fix renaming...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory Fedora DoS attack security fixes upgrade instructions XSS issue phpMyAdmin

Change Log

* Wed Jan 22 2025 Remi Collet - 5.2.2-1 - update to 5.2.2 (2025-01-21, security and bugfix release)

References


[ 1 ] Bug #2328680 - CVE-2023-44270 phpMyAdmin: Improper input validation in PostCSS [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2328680 [ 2 ] Bug #2331101 - CVE-2024-55565 phpMyAdmin: nanoid mishandles non-integer values [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2331101 [ 3 ] Bug #2334290 - CVE-2024-56522 phpMyAdmin: unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2334290 [ 4 ] Bug #2334295 - CVE-2024-56519 phpMyAdmin: setSVGStyles does not sanitize the SVG font-family attribute [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2334295 [ 5 ] Bug #2334299 - CVE-2024-56521 phpMyAdmin: CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely when libcurl is used [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2334299 [ 6 ] Bug #2334343 - CVE-2024-56527 phpMy...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c17ef0f176' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: phpMyAdmin
Product: Fedora 40
Version: 5.2.2
Release: 1.fc40
URL: https://www.phpmyadmin.net/
Summary: A web interface for MySQL and MariaDB

Topics%20covered

Topics Covered

security advisory Fedora DoS attack security fixes upgrade instructions XSS issue phpMyAdmin

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here