openSUSE: 2019:1689-1: moderate: phpMyAdmin

    Date02 Jul 2019
    CategoryopenSUSE
    401
    Posted ByLinuxSecurity Advisories
    An update that fixes two vulnerabilities is now available.
       openSUSE Security Update: Security update for phpMyAdmin
    ______________________________________________________________________________
    
    Announcement ID:    openSUSE-SU-2019:1689-1
    Rating:             moderate
    References:         #1137496 #1137497 
    Cross-References:   CVE-2019-11768 CVE-2019-12616
    Affected Products:
                        openSUSE Leap 42.3
                        openSUSE Leap 15.1
                        openSUSE Leap 15.0
                        openSUSE Backports SLE-15
                        SUSE Package Hub for SUSE Linux Enterprise 12
    ______________________________________________________________________________
    
       An update that fixes two vulnerabilities is now available.
    
    Description:
    
       This update for phpMyAdmin fixes the following issues:
    
       phpMyAdmin was updated to 4.9.0.1:
    
       * Several issues with SYSTEM VERSIONING tables
       * Fixed json encode error in export
       * Fixed JavaScript events not activating on input (sql bookmark issue)
       * Show Designer combo boxes when adding a constraint
       * Fix edit view
       * Fixed invalid default value for bit field
       * Fix several errors relating to GIS data types
       * Fixed javascript error PMA_messages is not defined
       * Fixed import XML data with leading zeros
       * Fixed php notice, added support for 'DELETE HISTORY' table privilege
         (MariaDB >= 10.3.4)
       * Fixed MySQL 8.0.0 issues with GIS display
       * Fixed "Server charset" in "Database server" tab showing wrong information
       * Fixed can not copy user on Percona Server 5.7
       * Updated sql-parser to version 4.3.2, which fixes several parsing and
         linting problems
    
       - boo#1137497 / PMASA-2019-4 / CVE-2019-12616 / CWE-661: Fixed CSRF
         vulnerability in login form
         https://www.phpmyadmin.net/security/PMASA-2019-4/
    
       - boo#1137496 / PMASA-2019-3 / CVE-2019-11768 / CWE-661: Fixed SQL
         injection in Designer feature
         https://www.phpmyadmin.net/security/PMASA-2019-3/
    
    
    Patch Instructions:
    
       To install this openSUSE Security Update use the SUSE recommended installation methods
       like YaST online_update or "zypper patch".
    
       Alternatively you can run the command listed for your product:
    
       - openSUSE Leap 42.3:
    
          zypper in -t patch openSUSE-2019-1689=1
    
       - openSUSE Leap 15.1:
    
          zypper in -t patch openSUSE-2019-1689=1
    
       - openSUSE Leap 15.0:
    
          zypper in -t patch openSUSE-2019-1689=1
    
       - openSUSE Backports SLE-15:
    
          zypper in -t patch openSUSE-2019-1689=1
    
       - SUSE Package Hub for SUSE Linux Enterprise 12:
    
          zypper in -t patch openSUSE-2019-1689=1
    
    
    
    Package List:
    
       - openSUSE Leap 42.3 (noarch):
    
          phpMyAdmin-4.9.0.1-31.1
    
       - openSUSE Leap 15.1 (noarch):
    
          phpMyAdmin-4.9.0.1-lp151.2.3.1
    
       - openSUSE Leap 15.0 (noarch):
    
          phpMyAdmin-4.9.0.1-lp150.31.1
    
       - openSUSE Backports SLE-15 (noarch):
    
          phpMyAdmin-4.9.0.1-bp150.31.1
    
       - SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):
    
          phpMyAdmin-4.9.0.1-31.1
    
    
    References:
    
       https://www.suse.com/security/cve/CVE-2019-11768.html
       https://www.suse.com/security/cve/CVE-2019-12616.html
       https://bugzilla.suse.com/1137496
       https://bugzilla.suse.com/1137497
    
    -- 
    

    LinuxSecurity Poll

    What do you think of the articles on LinuxSecurity?

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 3 answer(s).
    /main-polls/24-what-do-you-think-of-the-quality-of-the-articles-on-linuxsecurity?task=poll.vote&format=json
    24
    radio
    [{"id":"87","title":"Excellent, don't change a thing!","votes":"67","type":"x","order":"1","pct":57.26,"resources":[]},{"id":"88","title":"Should be more technical","votes":"16","type":"x","order":"2","pct":13.68,"resources":[]},{"id":"89","title":"Should include more HOWTOs","votes":"34","type":"x","order":"3","pct":29.06,"resources":[]}]["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"]["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"]350
    bottom200

    We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.