Mailinglist Archive: opensuse-security-announce (78 mails)

< Previous Next >
[security-announce] openSUSE-SU-2018:4125-1: moderate: Security update for phpMyAdmin
openSUSE Security Update: Security update for phpMyAdmin

Announcement ID: openSUSE-SU-2018:4125-1
Rating: moderate
References: #1119245
Cross-References: CVE-2018-19968 CVE-2018-19969 CVE-2018-19970

Affected Products:
SUSE Package Hub for SUSE Linux Enterprise 12

An update that fixes three vulnerabilities is now available.


This update for phpMyAdmin fixes security issues and bugs.

Security issues addressed in the 4.8.4 release (bsc#1119245):

- CVE-2018-19968: Local file inclusion through transformation feature
- CVE-2018-19969: XSRF/CSRF vulnerability
- CVE-2018-19970: XSS vulnerability in navigation tree

This update also contains the following upstream bug fixes and

- Ensure that database names with a dot ('.') are handled properly when
DisableIS is true
- Fix for message "Error while copying database (pma__column_info)"
- Move operation causes "SELECT * FROM `undefined`" error
- When logging with $cfg['AuthLog'] to syslog, successful login messages
were not logged when $cfg['AuthLogSuccess'] was true
- Multiple errors and regressions with Designer

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2018-1547=1

Package List:

- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):



To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >
This Thread
  • No further messages