openSUSE Security Update: Security update for phpMyAdmin ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:1699-1 Rating: moderate References: #986154 Cross-References: CVE-2016-5701 CVE-2016-5703 CVE-2016-5705 CVE-2016-5706 CVE-2016-5730 CVE-2016-5731 CVE-2016-5733 CVE-2016-5739 Affected Products: openSUSE Leap 42.1 openSUSE 13.2 ______________________________________________________________________________ An update that fixes 8 vulnerabilities is now available. Description: phpMyAdmin was updated to version 4.4.15.7 to fix eight security issues. These security issues were fixed: - CVE-2016-5701: BBCode injection vulnerability (boo#986154) - CVE-2016-5703: SQL injection attack (boo#986154) - CVE-2016-5705: Multiple XSS vulnerabilities (boo#986154) - CVE-2016-5706: DOS attack (boo#986154) - CVE-2016-5730: Multiple full path disclosure vulnerabilities (boo#986154) - CVE-2016-5731: XSS through FPD (boo#986154) - CVE-2016-5733: Multiple XSS vulnerabilities (boo#986154) - CVE-2016-5739: Referrer leak in transformations (boo#986154) This non-security issues was fixed: - Fix issue Setup script doesn't use input type 'password' in all relevant locations Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.1: zypper in -t patch openSUSE-2016-804=1 - openSUSE 13.2: zypper in -t patch openSUSE-2016-804=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.1 (noarch): phpMyAdmin-4.4.15.7-22.1 - openSUSE 13.2 (noarch): phpMyAdmin-4.4.15.7-36.1 References: https://www.suse.com/security/cve/CVE-2016-5701.html https://www.suse.com/security/cve/CVE-2016-5703.html https://www.suse.com/security/cve/CVE-2016-5705.html https://www.suse.com/security/cve/CVE-2016-5706.html https://www.suse.com/security/cve/CVE-2016-5730.html https://www.suse.com/security/cve/CVE-2016-5731.html https://www.suse.com/security/cve/CVE-2016-5733.html https://www.suse.com/security/cve/CVE-2016-5739.html https://bugzilla.suse.com/986154