You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa phpMyAdmin

Sigurnosni nedostaci programskog paketa phpMyAdmin

——————————————————————————–
Fedora Update Notification
FEDORA-2020-4e78c86902
2020-10-19 16:56:49.452622
——————————————————————————–

Name : phpMyAdmin
Product : Fedora 32
Version : 5.0.3
Release : 1.fc32
URL : https://www.phpmyadmin.net/
Summary : A web interface for MySQL and MariaDB
Description :
phpMyAdmin is a tool written in PHP intended to handle the administration of
MySQL over the Web. Currently it can create and drop databases,
create/drop/alter tables, delete/edit/add fields, execute any SQL statement,
manage keys on fields, manage privileges,export data into various formats and
is available in 50 languages

——————————————————————————–
Update Information:

**Version 5.0.3** (2020-10-09) – issue #15983 Require twig ^2.9 – issue
Fix option to import files locally appearing as not available – issue #16048 Fix
to allow NULL as a default bit value – issue #16062 Fix “htmlspecialchars()
expects parameter 1 to be string, null given” on Export xml – issue #16078 Fix
no charts in monitor when using a decimal separator “,” – issue #16041 Fix
IN(…) clause doesn’t permit multiple values on “Search” page – issue #14411
Support double tap to edit on mobile – issue #16043 Fix php error “Use of
undefined constant MYSQLI_TYPE_JSON” when using the mysqlnd extension – issue
#14611 Fix fatal JS error on index creation after using Enter key to submit the
form – issue #16012 Set “axis-order” to swap lon and lat on MySQL >= 8.1 – issue
#16104 Fixed overwriting a bookmarked query causes a PHP fatal error – issue
Fix typo in a condition in the Sql class – issue #15996 Fix local setup doc
links pointing to a wrong location – issue #16093 Fix error importing utf-8 with
bom sql file – issue #16089 2FA UX enhancement: autofocus 2FA input – issue
#16127 Fix table column description PHP error when [‘DisableIS’] = true; – issue
#16130 Fix local documentation links display when a PHP extension is missing –
issue Fix some twig code deprecations for php 8 – issue Fix ENUM
and SET display when editing procedures and functions – issue Keep full
query state on “auto refresh” process list – issue Keep columns order on
“auto refresh” process list – issue Fixed editing a failed query from the
error message – issue #16166 Fix the alter user privileges query to make it
MySQL 8.0.11+ compatible – issue Fix copy table to another database when
the nbr of DBs is > $cfg[‘MaxDbList’] – issue #16157 Fix relations of tables
having spaces or special chars not showing in the Designer – issue #16052 Fix a
very rare JS error occuring on mousemove event – issue #16162 Make a foreign key
link clickable in a new tab after the value was saved and replaced – issue
#16163 Fixed a PHP notice “Undefined index: column_info” on views – issue #14478
Fix the data stream when exporting data in file mode – issue #16184 Fix
templates/ directory not found error – issue #16184 Remove chdir logic to fix
PHP fatal error “Uncaught TypeError: chdir()” – issue Support for Twig 3
– issue Allow phpmyadmin/twig-i18n-extension ^3.0 – issue #16201 Trim
spaces for integer values in table search – issue #16076 Fixed cannot edit or
export TIMESTAMP column with default CURRENT_TIMESTAMP in MySQL >= 8.0.13 –
issue #16226 Fix error 500 after copying a table – issue #16222 Fixed can’t use
the search page when the table name has special characters – issue #16248 Fix
zoom search is not performing input validation on INT columns – issue #16248 Fix
javascript error when typing in INT fields on zoom search page – issue
Fix type errors when using saved searches – issue #16261 Fix missing headings on
modals of “User Accounts -> Export” – issue #16146 Fixed sorting did not keep
the selector of number of rows – issue #16194 Fixed SQL query does not appear in
case of editing view where definer is not you on MySQL 8 – issue #16255 Fix
tinyint(1) shown as INT on Search page – issue #16256 Fix “Warning:
error_reporting() has been disabled for security reasons” on php 7.x – issue
#15367 Fix “Change or reconfigure primary server” link – issue #15367 Fix first
replica links, start, stop, ignore links – issue #16058 Add
“PMA_single_signon_HMAC_secret” for signon auths to make special links work and
udate examples – issue #16269 Support ReCaptcha v2 checkbox width
“$cfg[‘CaptchaMethod’] = ‘checkbox’;” – issue #14644 Use Doctum instead of Sami
– issue #16086 Fix “Browse” headings shift when scrolling – issue #15328 Fix no
message after import of zipped shapefile without php-zip – issue #14326 Fix PHP
error when exporting without php-zip – issue #16318 Fix Profiling doesn’t sum
the number of calls – issue #16319 Fixed a Russian translation mistake on search
results total text – issue #15634 Only use session_set_cookie_params once on PHP
>= 7.3.0 versions for single signon auth – issue #14698 Fixed database named as
‘New’ (language variable) causes PHP fatal error – issue #16355 Make textareas
both sides resizable – issue #16366 Fix column definition form not showing
default value – issue #16342 Fixed multi-table query (db_multi_table_query.php)
alias show the same alias for all columns – issue #15109 Fixed using
ST_GeomFromText + GUI on insert throws an error – issue #16325 Fixed editing
Geometry data throws error on using the GUI – issue [security] Fix XSS
vulnerability with the transformation feature (**PMASA-2020-5, CVE-2020-26934**)
– issue [security] Fix SQL injection vulnerability with search feature
(**PMASA-2020-6, CVE-2020-26935**)
——————————————————————————–
ChangeLog:

* Sat Oct 10 2020 Remi Collet <remi@remirepo.net> – 5.0.3-1
– update to 5.0.3 (2020-10-10, security release)
– raise dependency on twig 2.9 and allow v3
– allow phpmyadmin/twig-i18n-extension v3
——————————————————————————–
References:

[ 1 ] Bug #1887249 – CVE-2020-26934 phpmyadmin: XSS relating to the transformation feature
https://bugzilla.redhat.com/show_bug.cgi?id=1887249
[ 2 ] Bug #1887253 – CVE-2020-26935 phpmyadmin: SQL injection vulnerability in SearchController
https://bugzilla.redhat.com/show_bug.cgi?id=1887253
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-4e78c86902’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=e6b4e7e1-baa653e5-e6b37a2d-000babd90757-9241ba782675e392&q=1&e=c96a3a96-916d-4d6b-b70b-a7c5e67d0534&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

——————————————————————————–
Fedora Update Notification
FEDORA-2020-eadda524a8
2020-10-19 17:03:39.404070
——————————————————————————–

Name : phpMyAdmin
Product : Fedora 31
Version : 5.0.3
Release : 1.fc31
URL : https://www.phpmyadmin.net/
Summary : A web interface for MySQL and MariaDB
Description :
phpMyAdmin is a tool written in PHP intended to handle the administration of
MySQL over the Web. Currently it can create and drop databases,
create/drop/alter tables, delete/edit/add fields, execute any SQL statement,
manage keys on fields, manage privileges,export data into various formats and
is available in 50 languages

——————————————————————————–
Update Information:

**Version 5.0.3** (2020-10-09) – issue #15983 Require twig ^2.9 – issue
Fix option to import files locally appearing as not available – issue #16048 Fix
to allow NULL as a default bit value – issue #16062 Fix “htmlspecialchars()
expects parameter 1 to be string, null given” on Export xml – issue #16078 Fix
no charts in monitor when using a decimal separator “,” – issue #16041 Fix
IN(…) clause doesn’t permit multiple values on “Search” page – issue #14411
Support double tap to edit on mobile – issue #16043 Fix php error “Use of
undefined constant MYSQLI_TYPE_JSON” when using the mysqlnd extension – issue
#14611 Fix fatal JS error on index creation after using Enter key to submit the
form – issue #16012 Set “axis-order” to swap lon and lat on MySQL >= 8.1 – issue
#16104 Fixed overwriting a bookmarked query causes a PHP fatal error – issue
Fix typo in a condition in the Sql class – issue #15996 Fix local setup doc
links pointing to a wrong location – issue #16093 Fix error importing utf-8 with
bom sql file – issue #16089 2FA UX enhancement: autofocus 2FA input – issue
#16127 Fix table column description PHP error when [‘DisableIS’] = true; – issue
#16130 Fix local documentation links display when a PHP extension is missing –
issue Fix some twig code deprecations for php 8 – issue Fix ENUM
and SET display when editing procedures and functions – issue Keep full
query state on “auto refresh” process list – issue Keep columns order on
“auto refresh” process list – issue Fixed editing a failed query from the
error message – issue #16166 Fix the alter user privileges query to make it
MySQL 8.0.11+ compatible – issue Fix copy table to another database when
the nbr of DBs is > $cfg[‘MaxDbList’] – issue #16157 Fix relations of tables
having spaces or special chars not showing in the Designer – issue #16052 Fix a
very rare JS error occuring on mousemove event – issue #16162 Make a foreign key
link clickable in a new tab after the value was saved and replaced – issue
#16163 Fixed a PHP notice “Undefined index: column_info” on views – issue #14478
Fix the data stream when exporting data in file mode – issue #16184 Fix
templates/ directory not found error – issue #16184 Remove chdir logic to fix
PHP fatal error “Uncaught TypeError: chdir()” – issue Support for Twig 3
– issue Allow phpmyadmin/twig-i18n-extension ^3.0 – issue #16201 Trim
spaces for integer values in table search – issue #16076 Fixed cannot edit or
export TIMESTAMP column with default CURRENT_TIMESTAMP in MySQL >= 8.0.13 –
issue #16226 Fix error 500 after copying a table – issue #16222 Fixed can’t use
the search page when the table name has special characters – issue #16248 Fix
zoom search is not performing input validation on INT columns – issue #16248 Fix
javascript error when typing in INT fields on zoom search page – issue
Fix type errors when using saved searches – issue #16261 Fix missing headings on
modals of “User Accounts -> Export” – issue #16146 Fixed sorting did not keep
the selector of number of rows – issue #16194 Fixed SQL query does not appear in
case of editing view where definer is not you on MySQL 8 – issue #16255 Fix
tinyint(1) shown as INT on Search page – issue #16256 Fix “Warning:
error_reporting() has been disabled for security reasons” on php 7.x – issue
#15367 Fix “Change or reconfigure primary server” link – issue #15367 Fix first
replica links, start, stop, ignore links – issue #16058 Add
“PMA_single_signon_HMAC_secret” for signon auths to make special links work and
udate examples – issue #16269 Support ReCaptcha v2 checkbox width
“$cfg[‘CaptchaMethod’] = ‘checkbox’;” – issue #14644 Use Doctum instead of Sami
– issue #16086 Fix “Browse” headings shift when scrolling – issue #15328 Fix no
message after import of zipped shapefile without php-zip – issue #14326 Fix PHP
error when exporting without php-zip – issue #16318 Fix Profiling doesn’t sum
the number of calls – issue #16319 Fixed a Russian translation mistake on search
results total text – issue #15634 Only use session_set_cookie_params once on PHP
>= 7.3.0 versions for single signon auth – issue #14698 Fixed database named as
‘New’ (language variable) causes PHP fatal error – issue #16355 Make textareas
both sides resizable – issue #16366 Fix column definition form not showing
default value – issue #16342 Fixed multi-table query (db_multi_table_query.php)
alias show the same alias for all columns – issue #15109 Fixed using
ST_GeomFromText + GUI on insert throws an error – issue #16325 Fixed editing
Geometry data throws error on using the GUI – issue [security] Fix XSS
vulnerability with the transformation feature (**PMASA-2020-5, CVE-2020-26934**)
– issue [security] Fix SQL injection vulnerability with search feature
(**PMASA-2020-6, CVE-2020-26935**)
——————————————————————————–
ChangeLog:

* Sat Oct 10 2020 Remi Collet <remi@remirepo.net> – 5.0.3-1
– update to 5.0.3 (2020-10-10, security release)
– raise dependency on twig 2.9 and allow v3
– allow phpmyadmin/twig-i18n-extension v3
——————————————————————————–
References:

[ 1 ] Bug #1887249 – CVE-2020-26934 phpmyadmin: XSS relating to the transformation feature
https://bugzilla.redhat.com/show_bug.cgi?id=1887249
[ 2 ] Bug #1887253 – CVE-2020-26935 phpmyadmin: SQL injection vulnerability in SearchController
https://bugzilla.redhat.com/show_bug.cgi?id=1887253
——————————————————————————–

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2020-eadda524a8’ at the command
line. For more information, refer to the dnf documentation available at
https://protect2.fireeye.com/v1/url?k=2fa908d7-73bbbcd3-2fae951b-000babd90757-eb86759edae22352&q=1&e=4206d4e1-bc55-4285-a142-20fcc483c9db&u=http%3A%2F%2Fdnf.readthedocs.io%2Fen%2Flatest%2Fcommand_ref.html%23upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list — package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org

Top
More in Preporuke
Sigurnosni nedostaci programskog paketa nextcloud

Otkriveni su sigurnosni nedostaci u programskom paketu nextcloud za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju izazivanje DoS stanja,...

Close