Mailinglist Archive: opensuse-updates (164 mails)

< Previous Next >
openSUSE-SU-2016:3007-1: moderate: Security update for phpMyAdmin
openSUSE Security Update: Security update for phpMyAdmin

Announcement ID: openSUSE-SU-2016:3007-1
Rating: moderate
References: #1012271
Affected Products:
openSUSE Leap 42.2
openSUSE Leap 42.1
openSUSE 13.2

An update that contains security fixes can now be installed.


This update to phpMyAdmin fixes security issues and bugs.

The following security issues were fixed:

- Unsafe generation of $cfg['blowfish_secret'] (PMASA-2016-58)
- phpMyAdmin's phpinfo functionality is removed (PMASA-2016-59)
- AllowRoot and allow/deny rule bypass with specially-crafted username
- Username matching weaknesses with allow/deny rules (PMASA-2016-61)
- Possible to bypass logout timeout (PMASA-2016-62)
- Full path disclosure (FPD) weaknesses (PMASA-2016-63)
- Multiple XSS weaknesses (PMASA-2016-64)
- Multiple denial-of-service (DOS) vulnerabilities (PMASA-2016-65)
- Possible to bypass white-list protection for URL redirection
- BBCode injection to login page (PMASA-2016-67)
- Denial-of-service (DOS) vulnerability in table partitioning
- Multiple SQL injection vulnerabilities (PMASA-2016-69 )
- Incorrect serialized string parsing (PMASA-2016-70)
- CSRF token not stripped from the URL (PMASA-2016-71)

The following bugfix changes are included:

- Fix for expanding in navigation pane
- Reintroduced a simplified version of PmaAbsoluteUri directive (needed
with reverse proxies)
- Fix editing of ENUM/SET/DECIMAL field structures
- Improvements to the parser

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2016-1406=1

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2016-1406=1

- openSUSE 13.2:

zypper in -t patch openSUSE-2016-1406=1

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE Leap 42.2 (noarch):


- openSUSE Leap 42.1 (noarch):


- openSUSE 13.2 (noarch):



< Previous Next >
This Thread
  • No further messages