Overview

File _patchinfo of Package patchinfo.17358

<patchinfo incident="17358">
  <category>recommended</category>
  <rating>low</rating>
<issue tracker="bnc" id="1195017"/>
<issue tracker="cve" id="2022-23807"/>
  <packager>ecsos</packager>
  <summary>Security update for phpMyAdmin</summary>
  <description>
phpMyAdmin was updated to fix:

* CVE-2022-23807: Fixed Two factor authentication bypass (boo#1195017, PMASA-2022-1, CWE-661) 
 
* Add a new configuration directive $cfg['URLQueryEncryption'] to
  allow encrypting sensitive information in the URL to prevent
  disclosure. Thanks to Rich Grimes  for suggesting this
  improvement
* Add a new configuration directive
  $cfg['Servers'][$i]['hide_connection_errors'] to allow hiding
  the full error message when a log on attempt fails, which can
  leak hostnames or IP addresses of the target database server.
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places