openSUSE Security Update: update for phpMyAdmin ______________________________________________________________________________ Announcement ID: openSUSE-SU-2013:1065-1 Rating: moderate References: #814678 #824301 #824302 Cross-References: CVE-2013-1937 CVE-2013-3238 CVE-2013-3239 Affected Products: openSUSE 12.3 openSUSE 12.2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update of phpMyAdmin fixes several security issues. - update to 3.5.8.1 (2013-04-24) * [security] Remote code execution (preg_replace), reported by Janek Vind (see PMASA-2013-2) * [security] Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind (see PMASA-2013-3) - fix for bnc#824301 * PMASA-2013-2 (CVE-2013-3238) - fix for bnc#824302 * PMASA-2013-3 (CVE-2013-3239) - update to 3.5.8 (2013-04-08) * sf#3828 MariaDB reported as MySQL * sf#3854 Incorrect header for Safari 6.0 * sf#3705 Attempt to open trigger for edit gives NULL * Use HTML5 DOCTYPE * [security] Self-XSS on GIS visualisation page, reported by Janek Vind see PMASA-2013-1 * sf#3800 Incorrect keyhandler behaviour #2 - fix for bnc#814678 * PMASA-2013-1 (CVE-2013-1937) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.3: zypper in -t patch openSUSE-2013-524 - openSUSE 12.2: zypper in -t patch openSUSE-2013-524 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.3 (noarch): phpMyAdmin-3.5.8.1-1.4.1 - openSUSE 12.2 (noarch): phpMyAdmin-3.5.8.1-1.12.1 References: http://support.novell.com/security/cve/CVE-2013-1937.html http://support.novell.com/security/cve/CVE-2013-3238.html http://support.novell.com/security/cve/CVE-2013-3239.html https://bugzilla.novell.com/814678 https://bugzilla.novell.com/824301 https://bugzilla.novell.com/824302