Security update for phpMyAdmin
This update for phpMyAdmin to version 4.9.5 fixes the following issues:
- phpmyadmin was updated to 4.9.5:
- CVE-2020-10804: Fixed an SQL injection in the user accounts page,
particularly when changing a password (boo#1167335 PMASA-2020-2).
- CVE-2020-10802: Fixed an SQL injection in the search feature
(boo#1167336 PMASA-2020-3).
- CVE-2020-10803: Fixed an SQL injection and XSS when displaying
results (boo#1167337 PMASA-2020-4).
- Removed the "options" field for the external transformation.
This update was imported from the openSUSE:Leap:15.1:Update update project.
-
Submitted by
Andreas Stieger (AndreasStieger)
Fixed bugs
bnc#1167337
VUL-0: CVE-2020-10803: phpMyAdmin: SQL injection relating to data display (PMASA-2020-4)
bnc#1167335
VUL-0: CVE-2020-10804: phpMyAdmin: SQL injection with processing username (PMASA-2020-2)
bnc#1167336
VUL-0: CVE-2020-10802: phpMyAdmin: SQL injection relating to searching (PMASA-2020-3)
