Security update for phpMyAdmin SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:3007-1 Final 1 1 2016-12-05T08:53:49Z current 2016-12-05T08:53:49Z 2016-12-05T08:53:49Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for phpMyAdmin This update to phpMyAdmin 4.4.15.9 fixes security issues and bugs. The following security issues were fixed: - Unsafe generation of $cfg['blowfish_secret'] (PMASA-2016-58) - phpMyAdmin's phpinfo functionality is removed (PMASA-2016-59) - AllowRoot and allow/deny rule bypass with specially-crafted username (PMASA-2016-60) - Username matching weaknesses with allow/deny rules (PMASA-2016-61) - Possible to bypass logout timeout (PMASA-2016-62) - Full path disclosure (FPD) weaknesses (PMASA-2016-63) - Multiple XSS weaknesses (PMASA-2016-64) - Multiple denial-of-service (DOS) vulnerabilities (PMASA-2016-65) - Possible to bypass white-list protection for URL redirection (PMASA-2016-66) - BBCode injection to login page (PMASA-2016-67) - Denial-of-service (DOS) vulnerability in table partitioning (PMASA-2016-68) - Multiple SQL injection vulnerabilities (PMASA-2016-69 ) - Incorrect serialized string parsing (PMASA-2016-70) - CSRF token not stripped from the URL (PMASA-2016-71) The following bugfix changes are included: - Fix for expanding in navigation pane - Reintroduced a simplified version of PmaAbsoluteUri directive (needed with reverse proxies) - Fix editing of ENUM/SET/DECIMAL field structures - Improvements to the parser The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-12/msg00032.html E-Mail link for openSUSE-SU-2016:3007-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 openSUSE Leap 42.2 phpMyAdmin-4.4.15.9-28.1 phpMyAdmin-4.4.15.9-28.1 as a component of openSUSE Leap 42.1 phpMyAdmin-4.4.15.9-28.1 as a component of openSUSE Leap 42.2