Alerts This Week
Warning Icon 1 677
Alerts This Week
Warning Icon 1 677

openSUSE 2020:1806-1 Important: phpMyAdmin SQL Fixes and Threats

opensuse
Calendar Grey November 1, 2020
Dist Opensuse Esm H88
Critical openSUSE Security Patch for phpMyAdmin addresses several vulnerabilities and includes detailed fix instructions.
An update that solves 5 vulnerabilities and has one errata is now available.

Description

This update for phpMyAdmin fixes the following issues:

phpMyAdmin was updated to 4.9.7 (boo#1177842):

* Fix two factor authentication that was broken in 4.9.6

* Fix incompatibilities with older PHP versions

Update to 4.9.6:

- Fixed XSS relating to the transformation feature (boo#1177561

CVE-2020-26934, PMASA-2020-5)

- Fixed SQL injection vulnerability in SearchController (boo#1177562

CVE-2020-26935, PMASA-2020-6)

Update to 4.9.5:

This is a security release containing several bug fixes.

* CVE-2020-10804: SQL injection vulnerability in the user accounts page,

particularly when changing a password (boo#1167335, PMASA-2020-2)

* CVE-2020-10802: SQL injection vulnerability relating to the search

feature (boo#1167336, PMASA-2020-3)

* CVE-2020-10803: SQL injection and XSS having to do with displaying

results (boo#1167337, PMASA-2020-4)

* Removing of the "options" field for the external transformation.

Topics%20covered

Topics Covered

security advisory sql injection important xss phpMyAdmin openSUSE cross-reference

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-1806=1

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-1806=1

- openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2020-1806=1

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2020-1806=1

Package List

- openSUSE Leap 15.1 (noarch):

phpMyAdmin-4.9.7-lp151.2.24.1

- openSUSE Backports SLE-15-SP1 (noarch):

phpMyAdmin-4.9.7-bp151.3.24.1

- openSUSE Backports SLE-15 (noarch):

phpMyAdmin-4.9.7-bp150.43.1

- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):

phpMyAdmin-4.9.7-52.1

References

https://www.suse.com/security/cve/CVE-2020-10802.html

https://www.suse.com/security/cve/CVE-2020-10803.html

https://www.suse.com/security/cve/CVE-2020-10804.html

https://www.suse.com/security/cve/CVE-2020-26934.html

https://www.suse.com/security/cve/CVE-2020-26935.html

https://bugzilla.suse.com/1167335

https://bugzilla.suse.com/1167336

https://bugzilla.suse.com/1167337

https://bugzilla.suse.com/1177561

https://bugzilla.suse.com/1177562

https://bugzilla.suse.com/1177842

--

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2020:1806-1
Rating: important
Affected Products: openSUSE Leap 15.1 openSUSE Backports SLE-15-SP1 openSUSE Backports SLE-15 SUSE Package Hub for SUSE Linux Enterprise 12 le.

Topics%20covered

Topics Covered

security advisory sql injection important xss phpMyAdmin openSUSE cross-reference

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here