openSUSE Leap 42.1: 2016:2168-1 Important: phpMyAdmin Threats
opensuse
August 29, 2016
An update that fixes 28 vulnerabilities is now available
Description
phpMyAdmin was updated to version 4.4.15.8 (2016-08-16) to fix the
following issues:
- Upstream changelog for 4.4.15.8:
* Improve session cookie code for openid.php and signon.php example files
* Full path disclosure in openid.php and signon.php example files
* Unsafe generation of BlowfishSecret (when not supplied by the user)
* Referrer leak when phpinfo is enabled
* Use HTTPS for wiki links
* Improve SSL certificate handling
* Fix full path disclosure in debugging code
* Administrators could trigger SQL injection attack against users - other fixes
* Remove Swekey support
- Security fixes: https://www.phpmyadmin.net/security/
* Weaknesses with cookie encryption see PMASA-2016-29 (CVE-2016-6606,
CWE-661)
* Multiple XSS vulnerabilities see PMASA-2016-30 (CVE-2016-6607, CWE-661)
* Multiple XSS vulnerabilities see PMASA-2016-31 (CVE-2016-6608, CWE-661)
* PHP code injection see PMASA-2016-32...
Read the Full Advisory
Topics Covered
Patch
Patch Instructions:
To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- openSUSE Leap 42.1:
zypper in -t patch openSUSE-2016-1021=1
- openSUSE 13.2:
zypper in -t patch openSUSE-2016-1021=1
To bring your system up-to-date, use "zypper patch".
Package List
- openSUSE Leap 42.1 (noarch):
phpMyAdmin-4.4.15.8-25.1
- openSUSE 13.2 (noarch):
phpMyAdmin-4.4.15.8-39.1
References
https://www.suse.com/security/cve/CVE-2016-6606.html
https://www.suse.com/security/cve/CVE-2016-6607.html
https://www.suse.com/security/cve/CVE-2016-6608.html
https://www.suse.com/security/cve/CVE-2016-6609.html
https://www.suse.com/security/cve/CVE-2016-6610.html
https://www.suse.com/security/cve/CVE-2016-6611.html
https://www.suse.com/security/cve/CVE-2016-6612.html
https://www.suse.com/security/cve/CVE-2016-6613.html
https://www.suse.com/security/cve/CVE-2016-6614.html
https://www.suse.com/security/cve/CVE-2016-6615.html
https://www.suse.com/security/cve/CVE-2016-6616.html
https://www.suse.com/security/cve/CVE-2016-6617.html
https://www.suse.com/security/cve/CVE-2016-6618.html
https://www.suse.com/security/cve/CVE-2016-6619.html
https://www.suse.com/security/cve/CVE-2016-6620.html
https://www.suse.com/security/cve/CVE-2016-6621.html
https://www.suse.com/security/cve/CVE-2016-6622.html
https://www.suse.com/security/cve/CVE-2016-6623.html
https://www.suse.com/security/cve/CVE-2016-6624.html
https://www....
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: openSUSE-SU-2016:2168-1
Rating: important
Affected Products:
openSUSE Leap 42.1
openSUSE 13.2
.
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!