You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa phpMyAdmin

Sigurnosni nedostaci programskog paketa phpMyAdmin

openSUSE Security Update: Security update for phpMyAdmin
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1806-1
Rating: important
References: #1167335 #1167336 #1167337 #1177561 #1177562
#1177842
Cross-References: CVE-2020-10802 CVE-2020-10803 CVE-2020-10804
CVE-2020-26934 CVE-2020-26935
Affected Products:
openSUSE Leap 15.1
openSUSE Backports SLE-15-SP1
openSUSE Backports SLE-15
______________________________________________________________________________

An update that solves 5 vulnerabilities and has one errata
is now available.

Description:

This update for phpMyAdmin fixes the following issues:

phpMyAdmin was updated to 4.9.7 (boo#1177842):
* Fix two factor authentication that was broken in 4.9.6
* Fix incompatibilities with older PHP versions

Update to 4.9.6:

– Fixed XSS relating to the transformation feature (boo#1177561
CVE-2020-26934, PMASA-2020-5)
– Fixed SQL injection vulnerability in SearchController (boo#1177562
CVE-2020-26935, PMASA-2020-6)

Update to 4.9.5:

This is a security release containing several bug fixes.

* CVE-2020-10804: SQL injection vulnerability in the user accounts page,
particularly when changing a password (boo#1167335, PMASA-2020-2)
* CVE-2020-10802: SQL injection vulnerability relating to the search
feature (boo#1167336, PMASA-2020-3)
* CVE-2020-10803: SQL injection and XSS having to do with displaying
results (boo#1167337, PMASA-2020-4)
* Removing of the “options” field for the external transformation.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-1806=1

– openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-1806=1

– openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2020-1806=1

Package List:

– openSUSE Leap 15.1 (noarch):

phpMyAdmin-4.9.7-lp151.2.24.1

– openSUSE Backports SLE-15-SP1 (noarch):

phpMyAdmin-4.9.7-bp151.3.24.1

– openSUSE Backports SLE-15 (noarch):

phpMyAdmin-4.9.7-bp150.43.1

References:

https://protect2.fireeye.com/v1/url?k=9a42e8f1-c5def2ef-9a45753d-000babd90757-d041b0aec2092d26&q=1&e=6803383c-c9cc-4555-9724-98190825f985&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-10802.html
https://protect2.fireeye.com/v1/url?k=c618dccf-9984c6d1-c61f4103-000babd90757-00e33e2f68a948b4&q=1&e=6803383c-c9cc-4555-9724-98190825f985&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-10803.html
https://protect2.fireeye.com/v1/url?k=5accb472-0550ae6c-5acb29be-000babd90757-c62e6202875ba26d&q=1&e=6803383c-c9cc-4555-9724-98190825f985&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-10804.html
https://protect2.fireeye.com/v1/url?k=65e08093-3a7c9a8d-65e71d5f-000babd90757-491e87936121796c&q=1&e=6803383c-c9cc-4555-9724-98190825f985&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-26934.html
https://protect2.fireeye.com/v1/url?k=0486739f-5b1a6981-0481ee53-000babd90757-93a61350c87530b0&q=1&e=6803383c-c9cc-4555-9724-98190825f985&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-26935.html
https://protect2.fireeye.com/v1/url?k=f339cdac-aca5d7b2-f33e5060-000babd90757-57eee64f7f60e8df&q=1&e=6803383c-c9cc-4555-9724-98190825f985&u=https%3A%2F%2Fbugzilla.suse.com%2F1167335
https://protect2.fireeye.com/v1/url?k=a739c92d-f8a5d333-a73e54e1-000babd90757-4c4d6142b9e4ee8b&q=1&e=6803383c-c9cc-4555-9724-98190825f985&u=https%3A%2F%2Fbugzilla.suse.com%2F1167336
https://protect2.fireeye.com/v1/url?k=9d9e2393-c202398d-9d99be5f-000babd90757-6052e273a3751b4b&q=1&e=6803383c-c9cc-4555-9724-98190825f985&u=https%3A%2F%2Fbugzilla.suse.com%2F1167337
https://protect2.fireeye.com/v1/url?k=8b1e5910-d482430e-8b19c4dc-000babd90757-7e0d9e279b1e574c&q=1&e=6803383c-c9cc-4555-9724-98190825f985&u=https%3A%2F%2Fbugzilla.suse.com%2F1177561
https://protect2.fireeye.com/v1/url?k=538f3c35-0c13262b-5388a1f9-000babd90757-037dde1bd677868a&q=1&e=6803383c-c9cc-4555-9724-98190825f985&u=https%3A%2F%2Fbugzilla.suse.com%2F1177562
https://protect2.fireeye.com/v1/url?k=21c62939-7e5a3327-21c1b4f5-000babd90757-97966e2ea6459fc6&q=1&e=6803383c-c9cc-4555-9724-98190825f985&u=https%3A%2F%2Fbugzilla.suse.com%2F1177842


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

openSUSE Security Update: Security update for phpMyAdmin
______________________________________________________________________________

Announcement ID: openSUSE-SU-2020:1806-1
Rating: important
References: #1167335 #1167336 #1167337 #1177561 #1177562
#1177842
Cross-References: CVE-2020-10802 CVE-2020-10803 CVE-2020-10804
CVE-2020-26934 CVE-2020-26935
Affected Products:
openSUSE Leap 15.1
openSUSE Backports SLE-15-SP1
openSUSE Backports SLE-15
SUSE Package Hub for SUSE Linux Enterprise 12
______________________________________________________________________________

An update that solves 5 vulnerabilities and has one errata
is now available.

Description:

This update for phpMyAdmin fixes the following issues:

phpMyAdmin was updated to 4.9.7 (boo#1177842):
* Fix two factor authentication that was broken in 4.9.6
* Fix incompatibilities with older PHP versions

Update to 4.9.6:

– Fixed XSS relating to the transformation feature (boo#1177561
CVE-2020-26934, PMASA-2020-5)
– Fixed SQL injection vulnerability in SearchController (boo#1177562
CVE-2020-26935, PMASA-2020-6)

Update to 4.9.5:

This is a security release containing several bug fixes.

* CVE-2020-10804: SQL injection vulnerability in the user accounts page,
particularly when changing a password (boo#1167335, PMASA-2020-2)
* CVE-2020-10802: SQL injection vulnerability relating to the search
feature (boo#1167336, PMASA-2020-3)
* CVE-2020-10803: SQL injection and XSS having to do with displaying
results (boo#1167337, PMASA-2020-4)
* Removing of the “options” field for the external transformation.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

– openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-1806=1

– openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2020-1806=1

– openSUSE Backports SLE-15:

zypper in -t patch openSUSE-2020-1806=1

– SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2020-1806=1

Package List:

– openSUSE Leap 15.1 (noarch):

phpMyAdmin-4.9.7-lp151.2.24.1

– openSUSE Backports SLE-15-SP1 (noarch):

phpMyAdmin-4.9.7-bp151.3.24.1

– openSUSE Backports SLE-15 (noarch):

phpMyAdmin-4.9.7-bp150.43.1

– SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):

phpMyAdmin-4.9.7-52.1

References:

https://protect2.fireeye.com/v1/url?k=7b66bc32-24faa62c-7b6121fe-000babd90757-016fb3d71207cb72&q=1&e=f93b026a-a6c1-4a38-af4d-2147f0d6dd5f&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-10802.html
https://protect2.fireeye.com/v1/url?k=1e731928-41ef0336-1e7484e4-000babd90757-2fa903afa8792b8f&q=1&e=f93b026a-a6c1-4a38-af4d-2147f0d6dd5f&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-10803.html
https://protect2.fireeye.com/v1/url?k=bdffa49e-e263be80-bdf83952-000babd90757-05bc793680358538&q=1&e=f93b026a-a6c1-4a38-af4d-2147f0d6dd5f&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-10804.html
https://protect2.fireeye.com/v1/url?k=6a392ee4-35a534fa-6a3eb328-000babd90757-122c1705ad7f3882&q=1&e=f93b026a-a6c1-4a38-af4d-2147f0d6dd5f&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-26934.html
https://protect2.fireeye.com/v1/url?k=9c96af4f-c30ab551-9c913283-000babd90757-37d4e0664612ca21&q=1&e=f93b026a-a6c1-4a38-af4d-2147f0d6dd5f&u=https%3A%2F%2Fwww.suse.com%2Fsecurity%2Fcve%2FCVE-2020-26935.html
https://protect2.fireeye.com/v1/url?k=bb9529e8-e40933f6-bb92b424-000babd90757-df888e3ef882728e&q=1&e=f93b026a-a6c1-4a38-af4d-2147f0d6dd5f&u=https%3A%2F%2Fbugzilla.suse.com%2F1167335
https://protect2.fireeye.com/v1/url?k=ba0185a1-e59d9fbf-ba06186d-000babd90757-9ff0efb1e9415fde&q=1&e=f93b026a-a6c1-4a38-af4d-2147f0d6dd5f&u=https%3A%2F%2Fbugzilla.suse.com%2F1167336
https://protect2.fireeye.com/v1/url?k=7df018d8-226c02c6-7df78514-000babd90757-b37b565a86b591ac&q=1&e=f93b026a-a6c1-4a38-af4d-2147f0d6dd5f&u=https%3A%2F%2Fbugzilla.suse.com%2F1167337
https://protect2.fireeye.com/v1/url?k=812c6a51-deb0704f-812bf79d-000babd90757-6423ac2ad36e4dbf&q=1&e=f93b026a-a6c1-4a38-af4d-2147f0d6dd5f&u=https%3A%2F%2Fbugzilla.suse.com%2F1177561
https://protect2.fireeye.com/v1/url?k=1e47cad7-41dbd0c9-1e40571b-000babd90757-ba2579b26a977020&q=1&e=f93b026a-a6c1-4a38-af4d-2147f0d6dd5f&u=https%3A%2F%2Fbugzilla.suse.com%2F1177562
https://protect2.fireeye.com/v1/url?k=16911c13-490d060d-169681df-000babd90757-50616345970a6b8e&q=1&e=f93b026a-a6c1-4a38-af4d-2147f0d6dd5f&u=https%3A%2F%2Fbugzilla.suse.com%2F1177842


To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org

Top
More in Preporuke
Sigurnosni nedostatak programskog paketa tomcat

Otkriven je sigurnosni nedostatak u programskom paketu tomcat za operacijski sustav openSUSE. Otkriveni nedostatak potencijalnim napadačima omogućuje otkrivanje osjetljivih informacija....

Close