Mailinglist Archive: opensuse-security-announce (55 mails)

< Previous Next >
[security-announce] openSUSE-SU-2020:0405-1: moderate: Security update for phpMyAdmin
openSUSE Security Update: Security update for phpMyAdmin

Announcement ID: openSUSE-SU-2020:0405-1
Rating: moderate
References: #1167335 #1167336 #1167337
Cross-References: CVE-2020-10802 CVE-2020-10803 CVE-2020-10804

Affected Products:
openSUSE Leap 15.1
SUSE Package Hub for SUSE Linux Enterprise 12

An update that fixes three vulnerabilities is now available.


This update for phpMyAdmin to version 4.9.5 fixes the following issues:

- phpmyadmin was updated to 4.9.5:

- CVE-2020-10804: Fixed an SQL injection in the user accounts page,
particularly when changing a password (boo#1167335 PMASA-2020-2).
- CVE-2020-10802: Fixed an SQL injection in the search feature
(boo#1167336 PMASA-2020-3).
- CVE-2020-10803: Fixed an SQL injection and XSS when displaying results
(boo#1167337 PMASA-2020-4).
- Removed the "options" field for the external transformation.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended
installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.1:

zypper in -t patch openSUSE-2020-405=1

- SUSE Package Hub for SUSE Linux Enterprise 12:

zypper in -t patch openSUSE-2020-405=1

Package List:

- openSUSE Leap 15.1 (noarch):


- SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):



To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security-announce+help@xxxxxxxxxxxx

< Previous Next >