Gentoo: GLSA-201701-32: phpMyAdmin: Multiple vulnerabilities
Summary
Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details.
Resolution
All phpMyAdmin users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.6.5.1"
References
[ 1 ] CVE-2016-4412 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4412 [ 2 ] CVE-2016-5097 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5097 [ 3 ] CVE-2016-5098 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5098 [ 4 ] CVE-2016-5099 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5099 [ 5 ] CVE-2016-5701 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5701 [ 6 ] CVE-2016-5702 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5702 [ 7 ] CVE-2016-5703 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5703 [ 8 ] CVE-2016-5704 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5704 [ 9 ] CVE-2016-5705 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5705 [ 10 ] CVE-2016-5706 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5706 [ 11 ] CVE-2016-5730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5730 [ 12 ] CVE-2016-5731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5731 [ 13 ] CVE-2016-5732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5732 [ 14 ] CVE-2016-5733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5733 [ 15 ] CVE-2016-5734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5734 [ 16 ] CVE-2016-5739 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5739 [ 17 ] CVE-2016-6606 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6606 [ 18 ] CVE-2016-6607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6607 [ 19 ] CVE-2016-6608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6608 [ 20 ] CVE-2016-6609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6609 [ 21 ] CVE-2016-6610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6610 [ 22 ] CVE-2016-6611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6611 [ 23 ] CVE-2016-6612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6612 [ 24 ] CVE-2016-6613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6613 [ 25 ] CVE-2016-6614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6614 [ 26 ] CVE-2016-6615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6615 [ 27 ] CVE-2016-6616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6616 [ 28 ] CVE-2016-6617 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6617 [ 29 ] CVE-2016-6618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6618 [ 30 ] CVE-2016-6619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6619 [ 31 ] CVE-2016-6620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6620 [ 32 ] CVE-2016-6622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6622 [ 33 ] CVE-2016-6623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6623 [ 34 ] CVE-2016-6624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6624 [ 35 ] CVE-2016-6625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6625 [ 36 ] CVE-2016-6626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6626 [ 37 ] CVE-2016-6627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6627 [ 38 ] CVE-2016-6628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6628 [ 39 ] CVE-2016-6629 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6629 [ 40 ] CVE-2016-6630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6630 [ 41 ] CVE-2016-6631 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6631 [ 42 ] CVE-2016-6632 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6632 [ 43 ] CVE-2016-6633 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-6633 [ 44 ] CVE-2016-9847 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9847 [ 45 ] CVE-2016-9848 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9848 [ 46 ] CVE-2016-9849 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9849 [ 47 ] CVE-2016-9850 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9850 [ 48 ] CVE-2016-9851 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9851 [ 49 ] CVE-2016-9852 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9852 [ 50 ] CVE-2016-9853 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9853 [ 51 ] CVE-2016-9854 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9854 [ 52 ] CVE-2016-9855 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9855 [ 53 ] CVE-2016-9856 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9856 [ 54 ] CVE-2016-9857 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9857 [ 55 ] CVE-2016-9858 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9858 [ 56 ] CVE-2016-9859 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9859 [ 57 ] CVE-2016-9860 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9860 [ 58 ] CVE-2016-9861 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9861 [ 59 ] CVE-2016-9862 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9862 [ 60 ] CVE-2016-9863 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9863 [ 61 ] CVE-2016-9864 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9864 [ 62 ] CVE-2016-9865 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9865 [ 63 ] CVE-2016-9866 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9866
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201701-32
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
Synopsis
Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution.
Background
phpMyAdmin is a web-based management tool for MySQL databases.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 dev-db/phpmyadmin < 4.6.5.1 >= 4.6.5.1
Impact
=====
A authenticated remote attacker could exploit these vulnerabilities to
execute arbitrary PHP Code, inject SQL code, or to conduct Cross-Site
Scripting attacks.
In certain configurations, an unauthenticated remote attacker could
cause a Denial of Service condition.
Workaround
There is no known workaround at this time.