Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:42.2:Update
patchinfo.5946
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.5946
<patchinfo incident="5946"> <issue id="1012271" tracker="bnc">VUL-0: phpMyAdmin: Nov 25 2016 release - many security problems</issue> <category>security</category> <rating>moderate</rating> <packager>ecsos</packager> <description>This update to phpMyAdmin 4.4.15.9 fixes security issues and bugs. The following security issues were fixed: - Unsafe generation of $cfg['blowfish_secret'] (PMASA-2016-58) - phpMyAdmin's phpinfo functionality is removed (PMASA-2016-59) - AllowRoot and allow/deny rule bypass with specially-crafted username (PMASA-2016-60) - Username matching weaknesses with allow/deny rules (PMASA-2016-61) - Possible to bypass logout timeout (PMASA-2016-62) - Full path disclosure (FPD) weaknesses (PMASA-2016-63) - Multiple XSS weaknesses (PMASA-2016-64) - Multiple denial-of-service (DOS) vulnerabilities (PMASA-2016-65) - Possible to bypass white-list protection for URL redirection (PMASA-2016-66) - BBCode injection to login page (PMASA-2016-67) - Denial-of-service (DOS) vulnerability in table partitioning (PMASA-2016-68) - Multiple SQL injection vulnerabilities (PMASA-2016-69 ) - Incorrect serialized string parsing (PMASA-2016-70) - CSRF token not stripped from the URL (PMASA-2016-71) The following bugfix changes are included: - Fix for expanding in navigation pane - Reintroduced a simplified version of PmaAbsoluteUri directive (needed with reverse proxies) - Fix editing of ENUM/SET/DECIMAL field structures - Improvements to the parser </description> <summary>Security update for phpMyAdmin</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor