openSUSE: 2019:1689-1 Moderate: phpMyAdmin CSRF and SQL Issues

opensuse

July 2, 2019

An update that fixes two vulnerabilities is now available.

Description

This update for phpMyAdmin fixes the following issues:

phpMyAdmin was updated to 4.9.0.1:

* Several issues with SYSTEM VERSIONING tables

* Fixed json encode error in export

* Fixed JavaScript events not activating on input (sql bookmark issue)

* Show Designer combo boxes when adding a constraint

* Fix edit view

* Fixed invalid default value for bit field

* Fix several errors relating to GIS data types

* Fixed javascript error PMA_messages is not defined

* Fixed import XML data with leading zeros

* Fixed php notice, added support for 'DELETE HISTORY' table privilege

(MariaDB >= 10.3.4)

* Fixed MySQL 8.0.0 issues with GIS display

* Fixed "Server charset" in "Database server" tab showing wrong information

* Fixed can not copy user on Percona Server 5.7

* Updated sql-parser to version 4.3.2, which fixes several parsing and

linting problems

- boo#1137497 / PMASA-2019-4 / CVE-2019-12616 / CWE-661: Fixed CSRF

vulnerability...

Read the Full Advisory

Topics Covered

security advisory moderate update sql injection phpmyadmin csrf openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 42.3:

zypper in -t patch openSUSE-2019-1689=1

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2019-1689=1

- openSUSE Leap 15.0:

zypper in -t patch openSUSE-2019-1689=1

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2019-1689=1

Package List

- openSUSE Leap 42.3 (noarch):

phpMyAdmin-4.9.0.1-31.1

- openSUSE Leap 15.1 (noarch):

phpMyAdmin-4.9.0.1-lp151.2.3.1

- openSUSE Leap 15.0 (noarch):

phpMyAdmin-4.9.0.1-lp150.31.1

- openSUSE Backports SLE-15 (noarch):

phpMyAdmin-4.9.0.1-bp150.31.1

References

https://www.suse.com/security/cve/CVE-2019-11768.html

https://www.suse.com/security/cve/CVE-2019-12616.html

https://bugzilla.suse.com/1137496

https://bugzilla.suse.com/1137497

Announcement ID: openSUSE-SU-2019:1689-1

Rating: moderate

Affected Products: openSUSE Leap 42.3 openSUSE Leap 15.1 openSUSE Leap 15.0 openSUSE Backports SLE-15

Topics Covered

security advisory moderate update sql injection phpmyadmin csrf openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE: 2019:1689-1 Moderate: phpMyAdmin CSRF and SQL Issues

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

openSUSE: 2019:1689-1 Moderate: phpMyAdmin CSRF and SQL Issues

Description

Topics Covered

Patch

Package List

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!