Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

openSUSE: 2023:0047-1 Important: phpMyAdmin XSS Attack Fix

opensuse
Calendar Grey February 15, 2023
Dist Opensuse Esm H88
Patches for urgent phpMyAdmin weaknesses launched in openSUSE. Upgrade vital for enhanced security and reliability.
An update that fixes four vulnerabilities is now available

Description

This update for phpMyAdmin fixes the following issues:

phpMyAdmin was updated to 5.2.1

This is a security and bufix release.

* Security:

- Fix (PMASA-2023-01, CWE-661, boo#1208186, CVE-2023-25727) Fix an XSS

attack through the drag-and-drop upload feature.

* Bugfixes:

- issue #17522 Fix case where the routes cache file is invalid

- issue #17506 Fix error when configuring 2FA without XMLWriter or

Imagick

- issue Fix blank page when some error occurs - issue #17519 Fix Export pages not working in certain conditions

- issue #17496 Fix error in table operation page when partitions are

broken

- issue #17386 Fix system memory and system swap values on Windows

- issue #17517 Fix Database Server panel not getting hidden by

ShowServerInfo configuration directive

- issue #17271 Fix database names not showing on Processes tab

- issue #17424 Fix export limit size calculation

- issue...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory critical software update important phpMyAdmin XSS fix openSUSE Backports

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP4:

zypper in -t patch openSUSE-2023-47=1

Package List

- openSUSE Backports SLE-15-SP4 (noarch):

phpMyAdmin-5.2.1-bp154.2.3.1

phpMyAdmin-apache-5.2.1-bp154.2.3.1

phpMyAdmin-lang-5.2.1-bp154.2.3.1

References

https://www.suse.com/security/cve/CVE-2022-0813.html

https://www.suse.com/security/cve/CVE-2022-23807.html

https://www.suse.com/security/cve/CVE-2022-23808.html

https://www.suse.com/security/cve/CVE-2023-25727.html

https://bugzilla.suse.com/1195017

https://bugzilla.suse.com/1195018

https://bugzilla.suse.com/1197036

https://bugzilla.suse.com/1208186

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2023:0047-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP4 .

Topics%20covered

Topics Covered

security advisory critical software update important phpMyAdmin XSS fix openSUSE Backports

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here