Bug 1177562 - (CVE-2020-26935) VUL-0: CVE-2020-26935: phpMyAdmin: SQL injection vulnerability in SearchController (PMASA-2020-6)
(CVE-2020-26935)
VUL-0: CVE-2020-26935: phpMyAdmin: SQL injection vulnerability in SearchContr...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.2
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Eric Schirra
Security Team bot
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-10-11 20:09 UTC by Andreas Stieger
Modified: 2020-11-01 17:17 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2020-10-11 20:09:29 UTC
An SQL injection vulnerability was discovered in how phpMyAdmin processes SQL statements in the search feature. An attacker could use this flaw to inject malicious SQL in to a query.

References:
https://www.phpmyadmin.net/security/PMASA-2020-6/
https://github.com/phpmyadmin/phpmyadmin/commit/d09ab9bc9d634ad08b866d42bb8c4109869d38d2
Comment 1 Eric Schirra 2020-10-12 07:02:28 UTC
Maintenance request is done.
Comment 2 OBSbugzilla Bot 2020-10-12 07:30:23 UTC
This is an autogenerated message for OBS integration:
This bug (1177562) was mentioned in
https://build.opensuse.org/request/show/841140 15.1+15.2+Backports:SLE-12+Backports:SLE-15-SP1+Backports:SLE-15-SP2 / phpMyAdmin
Comment 3 OBSbugzilla Bot 2020-10-12 10:10:11 UTC
This is an autogenerated message for OBS integration:
This bug (1177562) was mentioned in
https://build.opensuse.org/request/show/841237 15.1+15.2+Backports:SLE-12+Backports:SLE-15-SP1+Backports:SLE-15-SP2 / phpMyAdmin
Comment 4 OBSbugzilla Bot 2020-10-16 08:50:12 UTC
This is an autogenerated message for OBS integration:
This bug (1177562) was mentioned in
https://build.opensuse.org/request/show/842058 15.1+15.2+Backports:SLE-12+Backports:SLE-15-SP1+Backports:SLE-15-SP2 / phpMyAdmin
Comment 5 Andreas Stieger 2020-10-16 08:50:33 UTC
4.9.6 has a regression, please use 4.9.7
https://build.opensuse.org/request/show/842056
https://build.opensuse.org/request/show/842058
Comment 6 Swamp Workflow Management 2020-10-16 16:16:22 UTC
openSUSE-SU-2020:1675-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1177561,1177562
CVE References: CVE-2020-26934,CVE-2020-26935
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    phpMyAdmin-4.9.6-lp152.2.3.1
openSUSE Leap 15.1 (src):    phpMyAdmin-4.9.6-lp151.2.18.1
openSUSE Backports SLE-15-SP2 (src):    phpMyAdmin-4.9.6-bp152.2.3.1
openSUSE Backports SLE-15-SP1 (src):    phpMyAdmin-4.9.6-bp151.3.18.1
Comment 7 Swamp Workflow Management 2020-10-16 16:18:30 UTC
openSUSE-SU-2020:1675-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1177561,1177562
CVE References: CVE-2020-26934,CVE-2020-26935
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    phpMyAdmin-4.9.6-lp152.2.3.1
openSUSE Leap 15.1 (src):    phpMyAdmin-4.9.6-lp151.2.18.1
openSUSE Backports SLE-15-SP2 (src):    phpMyAdmin-4.9.6-bp152.2.3.1
openSUSE Backports SLE-15-SP1 (src):    phpMyAdmin-4.9.6-bp151.3.18.1
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    phpMyAdmin-4.9.6-46.1
Comment 8 Andreas Stieger 2020-10-18 09:34:25 UTC
done
Comment 9 OBSbugzilla Bot 2020-10-21 17:30:31 UTC
This is an autogenerated message for OBS integration:
This bug (1177562) was mentioned in
https://build.opensuse.org/request/show/843257 15.1+Backports:SLE-12+Backports:SLE-15+Backports:SLE-15-SP1 / phpMyAdmin
Comment 10 Swamp Workflow Management 2020-11-01 17:15:57 UTC
openSUSE-SU-2020:1806-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1167335,1167336,1167337,1177561,1177562,1177842
CVE References: CVE-2020-10802,CVE-2020-10803,CVE-2020-10804,CVE-2020-26934,CVE-2020-26935
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    phpMyAdmin-4.9.7-lp151.2.24.1
openSUSE Backports SLE-15-SP1 (src):    phpMyAdmin-4.9.7-bp151.3.24.1
openSUSE Backports SLE-15 (src):    phpMyAdmin-4.9.7-bp150.43.1
Comment 11 Swamp Workflow Management 2020-11-01 17:17:24 UTC
openSUSE-SU-2020:1806-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1167335,1167336,1167337,1177561,1177562,1177842
CVE References: CVE-2020-10802,CVE-2020-10803,CVE-2020-10804,CVE-2020-26934,CVE-2020-26935
JIRA References: 
Sources used:
openSUSE Leap 15.1 (src):    phpMyAdmin-4.9.7-lp151.2.24.1
openSUSE Backports SLE-15-SP1 (src):    phpMyAdmin-4.9.7-bp151.3.24.1
openSUSE Backports SLE-15 (src):    phpMyAdmin-4.9.7-bp150.43.1
SUSE Package Hub for SUSE Linux Enterprise 12 (src):    phpMyAdmin-4.9.7-52.1