Bugzilla – Bug 994313
VUL-0: phpMyAdmin 4.0.10.17, 4.4.15.8, and 4.6.4 releases
Last modified: 2018-02-20 07:00:39 UTC
tracker bug for August release of phpMyAdmin https://www.phpmyadmin.net/news/2016/8/16/phpmyadmin-401017-44158-and-464-are-released/ The phpMyAdmin team announces the release of versions 4.0.10.17 (security fixes), 4.4.15.8 (security fixes), and 4.6.4 (security and bug fixes). These release includes many security fixes of various levels of severity. We recommend all users upgrade to this release immediately. For full information on the vulnerabilities fixed and mitigation factors for users who are unable to upgrade, refer to the ChangeLog file included with this release and the security announcements at https://www.phpmyadmin.net/security/. Aside from the security fixes, bugs have been fixed in version 4.6.4 affecting: Create view when no view name specified Changing a password Fix deleting of users with non-English locales Fixed password change on MariaDB without auth plugin and more the phpMyAdmin team
https://www.phpmyadmin.net/security/PMASA-2016-56/ PMASA-2016-56 Announcement-ID: PMASA-2016-56 Date: 2016-07-25 Summary Remote code execution vulnerability when PHP is running with dbase extension Description A vulnerability was discovered where phpMyAdmin can be used to trigger a remote code execution attack against certain PHP installations. Severity We consider this vulnerability to be critical. Mitigation factor This vulnerability only exists when PHP is running with the dbase extension, which is not shipped by default, not available in most Linux distributions, and doesn't compile with PHP7. Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6633 CWE ids: CWE-661 Patches The following commits have been made on the 4.0 branch to fix this issue: 378c382 The following commits have been made on the 4.4 branch to fix this issue: f80a250 The following commits have been made on the 4.6 branch to fix this issue: ddeab2a
https://www.phpmyadmin.net/security/PMASA-2016-55/ PMASA-2016-55 Announcement-ID: PMASA-2016-55 Date: 2016-07-25 Summary Denial of service (DOS) attack with dbase extension Description A flaw was discovered where, under certain conditions, phpMyAdmin may not delete temporary files during the import of ESRI files. Severity We consider this vulnerability to be non-critical. Mitigation factor This vulnerability only exists when PHP is running with the dbase extension, which is not shipped by default, not available in most Linux distributions, and doesn't compile with PHP7. Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6632 CWE ids: CWE-661 Patches The following commits have been made on the 4.0 branch to fix this issue: 6f8eb09 The following commits have been made on the 4.4 branch to fix this issue: e31ac0b The following commits have been made on the 4.6 branch to fix this issue: 48764f2
https://www.phpmyadmin.net/security/PMASA-2016-54/ PMASA-2016-54 Announcement-ID: PMASA-2016-54 Date: 2016-07-25 Summary Remote code execution vulnerability when run as CGI Description A vulnerability was discovered where a user can execute a remote code execution attack against a server when phpMyAdmin is being run as a CGI application. Under certain server configurations, a user can pass a query string which is executed as a command-line argument by the file generator_plugin.sh. Severity We consider this vulnerability to be critical. Mitigation factor The file `/libraries/plugins/transformations/generator_plugin.sh` may be removed. Under certain server configurations, it may be sufficient to remove execute permissions for this file. Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer, or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6631 CWE ids: CWE-661 Patches The following commits have been made on the 4.0 branch to fix this issue: 47d00af The following commits have been made on the 4.4 branch to fix this issue: 0a3c6d3 The following commits have been made on the 4.6 branch to fix this issue: 77a4d6e
https://www.phpmyadmin.net/security/PMASA-2016-53/ Announcement-ID: PMASA-2016-53 Date: 2016-07-25 Summary Denial of service (DOS) attack by changing password to a very long string Description An authenticated user can trigger a denial-of-service (DOS) attack by entering a very long password at the change password dialog. Severity We consider this vulnerability to be serious. Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6630 CWE ids: CWE-661 Patches The following commits have been made on the 4.0 branch to fix this issue: b0e6671
https://www.phpmyadmin.net/security/PMASA-2016-52/ PMASA-2016-52 Announcement-ID: PMASA-2016-52 Date: 2016-07-25 Summary ArbitraryServerRegexp bypass Description A vulnerability was reported with the $cfg['ArbitraryServerRegexp'] configuration directive. An attacker could reuse certain cookie values in a way of bypassing the servers defined by ArbitraryServerRegexp. Severity We consider this vulnerability to be critical. Mitigation factor Only servers using `$cfg['ArbitraryServerRegexp']` are vulnerable to this attack. Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6629 CWE ids: CWE-661 Patches The following commits have been made on the 4.6 branch to fix this issue: a97be3a The following commits have been made on the 4.4 branch to fix this issue: cd682a6 The following commits have been made on the 4.0 branch to fix this issue: 95b7b7d
https://www.phpmyadmin.net/security/PMASA-2016-51/ PMASA-2016-51 Announcement-ID: PMASA-2016-51 Date: 2016-07-24 Summary Reflected File Download attack Description A vulnerability was discovered where an attacker may be able to trigger a user to download a specially crafted malicious SVG file. Severity We consider this issue to be of moderate severity. Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer, or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6628 CWE ids: CWE-661 Patches The following commits have been made on the 4.0 branch to fix this issue: f261abb The following commits have been made on the 4.4 branch to fix this issue: a553a11 The following commits have been made on the 4.6 branch to fix this issue: 623f5b4
https://www.phpmyadmin.net/security/PMASA-2016-50/ PMASA-2016-50 Announcement-ID: PMASA-2016-50 Date: 2016-07-24 Summary Referrer leak in url.php Description A vulnerability was discovered where an attacker can determine the phpMyAdmin host location through the file url.php. Severity We consider this to be of moderate severity. Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer, or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6627 CWE ids: CWE-661 Patches The following commits have been made on the 4.6 branch to fix this issue: 67b538e The following commits have been made on the 4.4 branch to fix this issue: 5c9f25d The following commits have been made on the 4.0 branch to fix this issue: 85e1d6e
https://www.phpmyadmin.net/security/PMASA-2016-49/ PMASA-2016-49 Announcement-ID: PMASA-2016-49 Date: 2016-07-24 Summary Bypass URL redirect protection Description A vulnerability was discovered where an attacker could redirect a user to a malicious web page. Severity We consider this to be of moderate severity Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer, or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6626 CWE ids: CWE-661 Patches The following commits have been made on the 4.6 branch to fix this issue: 67d6eea The following commits have been made on the 4.4 branch to fix this issue: 88c72dc The following commits have been made on the 4.0 branch to fix this issue: e8c5cab
https://www.phpmyadmin.net/security/PMASA-2016-48/ PMASA-2016-48 Announcement-ID: PMASA-2016-48 Date: 2016-07-24 Summary Detect if user is logged in Description A vulnerability was reported where an attacker can determine whether a user is logged in to phpMyAdmin. The user's session, username, and password are not compromised by this vulnerability. Severity We consider this vulnerability to be non-critical. Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer, or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6625 CWE ids: CWE-661 Patches The following commits have been made on the 4.6 branch to fix this issue: 754c1c9 e67e692 The following commits have been made on the 4.4 branch to fix this issue: 61591c4 The following commits have been made on the 4.0 branch to fix this issue: eec1440 More information For further information and in case of questions, please contact the phpMyAdmin team. Our website is phpmyadmin.net.
https://www.phpmyadmin.net/security/PMASA-2016-47/ PMASA-2016-47 Announcement-ID: PMASA-2016-47 Date: 2016-07-21 Summary IPv6 and proxy server IP-based authentication rule circumvention Description A vulnerability was discovered where, under certain circumstances, it may be possible to circumvent the phpMyAdmin IP-based authentication rules. When phpMyAdmin is used with IPv6 in a proxy server environment, and the proxy server is in the allowed range but the attacking computer is not allowed, this vulnerability can allow the attacking computer to connect despite the IP rules. Severity We consider this vulnerability to be serious Mitigation factor * The phpMyAdmin installation must be running with IP-based allow/deny rules * The phpMyAdmin installation must be running behind a proxy server (or proxy servers) where the proxy server is "allowed" and the attacker is "denied" * The connection between the proxy server and phpMyAdmin must be via IPv6 Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6624 CWE ids: CWE-661 Patches The following commits have been made on the 4.0 branch to fix this issue: 4440790 The following commits have been made on the 4.4 branch to fix this issue: e291300 The following commits have been made on the 4.6 branch to fix this issue: 6aacd7d
https://www.phpmyadmin.net/security/PMASA-2016-46/ PMASA-2016-46 Announcement-ID: PMASA-2016-46 Date: 2016-07-26 Summary Denial of service (DOS) attack by for loops Description A vulnerability has been reported where a malicious authorized user can cause a denial-of-service (DOS) attack on a server by passing large values to a loop. Severity We consider this issue to be of moderate severity. Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6623 CWE ids: CWE-661 Patches The following commits have been made on the 4.0 branch to fix this issue: 5a28b63 The following commits have been made on the 4.4 branch to fix this issue: 62ae47c The following commits have been made on the 4.6 branch to fix this issue: ff1016e
https://www.phpmyadmin.net/security/PMASA-2016-45/ PMASA-2016-45 Announcement-ID: PMASA-2016-45 Date: 2016-07-21 Summary DOS attack with forced persistent connections Description A vulnerability was discovered where an unauthenticated user is able to execute a denial-of-service (DOS) attack by forcing persistent connections when phpMyAdmin is running with $cfg['AllowArbitraryServer']=true;. Severity We consider this vulnerability to be critical, although note that phpMyAdmin is not vulnerable by default. Mitigation factor This attack requires phpMyAdmin to be configured with`$cfg['AllowArbitraryServer']=true;` Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected. Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6622 CWE ids: CWE-661 Patches The following commits have been made on the 4.0 branch to fix this issue: 8e0918c The following commits have been made on the 4.4 branch to fix this issue: 10bdb0d The following commits have been made on the 4.6 branch to fix this issue: 767195e
(44 is missing on the webpage)
https://www.phpmyadmin.net/security/PMASA-2016-43/ PMASA-2016-43 Announcement-ID: PMASA-2016-43 Date: 2016-07-15 Summary Unvalidated data passed to unserialize() Description A vulnerability was reported where some data is passed to the PHP unserialize() function without verification that it's valid serialized data. Due to how the PHP function operates, Unserialization can result in code being loaded and executed due to object instantiation and autoloading, and a malicious user may be able to exploit this. Therefore, a malicious user may be able to manipulate the stored data in a way to exploit this weakness. Severity We consider this vulnerability to be moderately severe. Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6620 CWE ids: CWE-661 Patches The following commits have been made on the 4.0 branch to fix this issue: 80c9302 The following commits have been made on the 4.4 branch to fix this issue: 2104fb6 The following commits have been made on the 4.6 branch to fix this issue: ba072e4
https://www.phpmyadmin.net/security/PMASA-2016-42/ PMASA-2016-42 Announcement-ID: PMASA-2016-42 Date: 2016-07-15 Summary SQL injection attack as control user Description A vulnerability was discovered in the user interface preference feature where a user can execute an SQL injection attack against the account of the control user. Severity We consider this vulnerability to be serious. Mitigation factor The server must have a control user account created in MySQL and configured in phpMyAdmin; installations without a control user are not vulnerable. Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6619 CWE ids: CWE-661 Patches The following commits have been made on the 4.0 branch to fix this issue: 8ac57b1 The following commits have been made on the 4.4 branch to fix this issue: b49dba4 The following commits have been made on the 4.6 branch to fix this issue: 7ef96c5
https://www.phpmyadmin.net/security/PMASA-2016-41/ PMASA-2016-41 Announcement-ID: PMASA-2016-41 Date: 2016-07-14 Summary Denial of service (DOS) attack in transformation feature Description A vulnerability was found in the transformation feature allowing a user to trigger a denial-of-service (DOS) attack against the server. Severity We consider this vulnerability to be non-critical Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6618 CWE ids: CWE-661 Patches The following commits have been made on the 4.0 branch to fix this issue: ff88cdb The following commits have been made on the 4.4 branch to fix this issue: 2582fa1 The following commits have been made on the 4.6 branch to fix this issue: 551031d
https://www.phpmyadmin.net/security/PMASA-2016-40/ PMASA-2016-40 Announcement-ID: PMASA-2016-40 Date: 2016-07-14 Summary SQL injection attack Description A vulnerability was reported where a specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. Severity We consider this vulnerability to be serious Affected Versions All 4.6.x versions (prior to 4.6.4) are affected Solution Upgrade to phpMyAdmin 4.6.4 or newer, or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6617 CWE ids: CWE-661 Patches The following commits have been made on the 4.6 branch to fix this issue: ceeef53
https://www.phpmyadmin.net/security/PMASA-2016-39/ PMASA-2016-39 Announcement-ID: PMASA-2016-39 Date: 2016-07-14 Summary SQL injection attack Description A vulnerability was discovered in the following features where a user can execute an SQL injection attack against the account of the control user: User group Designer Severity We consider this vulnerability to be serious. Mitigation factor The server must have a control user account created in MySQL and configured in phpMyAdmin; installations without a control user are not vulnerable. Affected Versions All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting these vulnerabilities. Assigned CVE ids: CVE-2016-6616 CWE ids: CWE-661 Patches The following commits have been made on the 4.4 branch to fix this issue: 93a6913 5d427d6 5d427d6 The following commits have been made on the 4.6 branch to fix this issue: 9f11a0e 80b03a4 80b03a4
https://www.phpmyadmin.net/security/PMASA-2016-38/ PMASA-2016-38 Announcement-ID: PMASA-2016-38 Date: 2016-07-13 Summary Multiple XSS vulnerabilities Description Multiple XSS vulnerabilities were found in the following areas: Navigation pane and database/table hiding feature. A specially-crafted database name can be used to trigger an XSS attack. The "Tracking" feature. A specially-crafted query can be used to trigger an XSS attack. GIS visualization feature. Severity We consider this vulnerability to be non-critical. Affected Versions All 4.6.x versions (prior to 4.6.4) and 4.4.x versions (prior to 4.4.15.8) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6615 CWE ids: CWE-661 Patches The following commits have been made on the 4.4 branch to fix this issue: 20db714 6e8a1c0 d0b6abf The following commits have been made on the 4.6 branch to fix this issue: 306c148 78bed3c cc7d01d
https://www.phpmyadmin.net/security/PMASA-2016-37/ PMASA-2016-37 Announcement-ID: PMASA-2016-37 Date: 2016-07-12 Summary Path traversal with SaveDir and UploadDir Description A vulnerability was reported with the %u username replacement functionality of the SaveDir and UploadDir features. When the username substitution is configured, a specially-crafted user name can be used to circumvent restrictions to traverse the file system. Severity We consider this vulnerability to be serious, however due to the mitigation factors the default state is not vulnerable. Mitigation factor 1) A system must be configured with the %u username replacement, such as `$cfg['SaveDir'] = 'SaveDir_%u';` 2) The user must be able to create a specially-crafted MySQL user, including the `/.` sequence of characters, such as `/../../` Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6614 CWE ids: CWE-661 Patches The following commits have been made on the 4.0 branch to fix this issue: c6cfb58 The following commits have been made on the 4.4 branch to fix this issue: 2989e49 The following commits have been made on the 4.6 branch to fix this issue: 5491d67
https://www.phpmyadmin.net/security/PMASA-2016-36/ PMASA-2016-36 Announcement-ID: PMASA-2016-36 Date: 2016-07-12 Summary Local file exposure through symlinks with UploadDir Description A vulnerability was found where a user can specially craft a symlink on disk, to a file which phpMyAdmin is permitted to read but the user is not, which phpMyAdmin will then expose to the user. Severity We consider this vulnerability to be serious, however due to the mitigation factors the default state is not vulnerable. Mitigation factor 1) The installation must be run with UploadDir configured (not the default) 2) The user must be able to create a symlink in the UploadDir 3) The user running the phpMyAdmin application must be able to read the file Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6613 CWE ids: CWE-661 Patches The following commits have been made on the 4.0 branch to fix this issue: ab05803 The following commits have been made on the 4.4 branch to fix this issue: c976baa The following commits have been made on the 4.6 branch to fix this issue: 0d57c09
https://www.phpmyadmin.net/security/PMASA-2016-35/ PMASA-2016-35 Announcement-ID: PMASA-2016-35 Date: 2016-07-12 Summary Local file exposure Description A vulnerability was discovered where a user can exploit the LOAD LOCAL INFILE functionality to expose files on the server to the database system. Severity We consider this vulnerability to be serious. Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6612 CWE ids: CWE-661 Patches The following commits have been made on the 4.0 branch to fix this issue: d03954b The following commits have been made on the 4.4 branch to fix this issue: d02d61a The following commits have been made on the 4.6 branch to fix this issue: 1e6b740
https://www.phpmyadmin.net/security/PMASA-2016-34/ PMASA-2016-34 Announcement-ID: PMASA-2016-34 Date: 2016-07-12 Summary SQL injection attack Description A vulnerability was reported where a specially crafted database and/or table name can be used to trigger an SQL injection attack through the export functionality. Severity We consider this vulnerability to be serious Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6611 CWE ids: CWE-661 Patches The following commits have been made on the 4.0 branch to fix this issue: 56e1350 The following commits have been made on the 4.4 branch to fix this issue: 4f8a16c The following commits have been made on the 4.6 branch to fix this issue: dc52930
https://www.phpmyadmin.net/security/PMASA-2016-33/ PMASA-2016-33 Announcement-ID: PMASA-2016-33 Date: 2016-07-12 Summary Full path disclosure Description A full path disclosure vulnerability was discovered where a user can trigger a particular error in the export mechanism to discover the full path of phpMyAdmin on the disk. Severity We consider this vulnerability to be non-critical. Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6610 CWE ids: CWE-661 Patches The following commits have been made on the 4.0 branch to fix this issue: 7f7a8ac The following commits have been made on the 4.4 branch to fix this issue: 5b7da18 The following commits have been made on the 4.6 branch to fix this issue: dd73213
https://www.phpmyadmin.net/security/PMASA-2016-32/ PMASA-2016-32 Announcement-ID: PMASA-2016-32 Date: 2016-07-12 Summary PHP code injection Description A vulnerability was found where a specially crafted database name could be used to run arbitrary PHP commands through the array export feature Severity We consider these vulnerabilities to be of moderate severity. Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, or 4.0.10.17 or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6609 CWE ids: CWE-661 Patches The following commits have been made on the 4.6 branch to fix this issue: a82835c The following commits have been made on the 4.4 branch to fix this issue: 6b310f0 The following commits have been made on the 4.0 branch to fix this issue: 34a1ceb
https://www.phpmyadmin.net/security/PMASA-2016-31/ PMASA-2016-31 Announcement-ID: PMASA-2016-31 Date: 2016-07-11 Summary Multiple XSS vulnerabilities Description XSS vulnerabilities were discovered in: The database privilege check The "Remove partitioning" functionality Specially crafted database names can trigger the XSS attack. Severity We consider these vulnerabilities to be of moderate severity. Affected Versions All 4.6.x versions (prior to 4.6.4) are affected Solution Upgrade to phpMyAdmin 4.6.4 or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6608 CWE ids: CWE-661 Patches The following commits have been made on the 4.6 branch to fix this issue: f0f8f2b 0fad729 a32b3ce 7e510e8
https://www.phpmyadmin.net/security/PMASA-2016-30/ PMASA-2016-30 Announcement-ID: PMASA-2016-30 Date: 2016-07-07 Summary Multiple XSS vulnerabilities Description Multiple vulnerabilities have been discovered in the following areas of phpMyAdmin: Zoom search: Specially crafted column content can be used to trigger an XSS attack GIS editor: Certain fields in the graphical GIS editor at not properly escaped and can be used to trigger an XSS attack Relation view The following Transformations: Formatted Imagelink JPEG: Upload RegexValidation JPEG inline PNG inline transformation wrapper XML export MediaWiki export Designer When the MySQL server is running with a specially-crafted log_bin directive Database tab Replication feature Database search Severity We consider these vulnerabilities to be of moderate severity. Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6607 CWE ids: CWE-661 Patches The following commits have been made on the 4.0 branch to fix this issue: 6cbbcdb The following commits have been made on the 4.4 branch to fix this issue: 1dc9c7d The following commits have been made on the 4.6 branch to fix this issue: cbba4f4
https://www.phpmyadmin.net/security/PMASA-2016-29/ PMASA-2016-29 Announcement-ID: PMASA-2016-29 Date: 2016-07-07 Summary Weakness with cookie encryption Description A pair of vulnerabilities were found affecting the way cookies are stored. The decryption of the username/password is vulnerable to a padding oracle attack. The can allow an attacker who has access to a user's browser cookie file to decrypt the username and password. A vulnerability was found where the same initialization vector (IV) is used to hash the username and password stored in the phpMyAdmin cookie. If a user has the same password as their username, an attacker who examines the browser cookie can see that they are the same — but the attacker can not directly decode these values from the cookie as it is still hashed. Severity We consider this to be critical. Affected Versions All 4.6.x versions (prior to 4.6.4), 4.4.x versions (prior to 4.4.15.8), and 4.0.x versions (prior to 4.0.10.17) are affected Solution Upgrade to phpMyAdmin 4.6.4, 4.4.15.8, 4.0.10.17, or newer or apply patch listed below. References Thanks to Emanuel Bronshtein @e3amn2l for reporting this vulnerability. Assigned CVE ids: CVE-2016-6606 CWE ids: CWE-661 Patches The following commits have been made on the 4.6 branch to fix this issue: a97be3a The following commits have been made on the 4.4 branch to fix this issue: cd682a6 The following commits have been made on the 4.0 branch to fix this issue: 95b7b7d
(version update is fine as usual, try to mention all CVEs)
ongoing work ...
submitted Requests for: - Factory - Leap_42.1 - 13.2
This is an autogenerated message for OBS integration: This bug (994313) was mentioned in https://build.opensuse.org/request/show/419985 13.2+42.1 / phpMyAdmin https://build.opensuse.org/request/show/419987 Factory / phpMyAdmin https://build.opensuse.org/request/show/419996 13.1 / phpMyAdmin
from ubuntu changes: - SSRF in setup script (PMASA-2016-44, CVE-2016-6621)
released
openSUSE-SU-2016:2168-1: An update that fixes 28 vulnerabilities is now available. Category: security (important) Bug References: 994313 CVE References: CVE-2016-6606,CVE-2016-6607,CVE-2016-6608,CVE-2016-6609,CVE-2016-6610,CVE-2016-6611,CVE-2016-6612,CVE-2016-6613,CVE-2016-6614,CVE-2016-6615,CVE-2016-6616,CVE-2016-6617,CVE-2016-6618,CVE-2016-6619,CVE-2016-6620,CVE-2016-6621,CVE-2016-6622,CVE-2016-6623,CVE-2016-6624,CVE-2016-6625,CVE-2016-6626,CVE-2016-6627,CVE-2016-6628,CVE-2016-6629,CVE-2016-6630,CVE-2016-6631,CVE-2016-6632,CVE-2016-6633 Sources used: openSUSE Leap 42.1 (src): phpMyAdmin-4.4.15.8-25.1 openSUSE 13.2 (src): phpMyAdmin-4.4.15.8-39.1
openSUSE-SU-2016:2176-1: An update that fixes 28 vulnerabilities is now available. Category: security (moderate) Bug References: 994313 CVE References: CVE-2016-6606,CVE-2016-6607,CVE-2016-6608,CVE-2016-6609,CVE-2016-6610,CVE-2016-6611,CVE-2016-6612,CVE-2016-6613,CVE-2016-6614,CVE-2016-6615,CVE-2016-6616,CVE-2016-6617,CVE-2016-6618,CVE-2016-6619,CVE-2016-6620,CVE-2016-6621,CVE-2016-6622,CVE-2016-6623,CVE-2016-6624,CVE-2016-6625,CVE-2016-6626,CVE-2016-6627,CVE-2016-6628,CVE-2016-6629,CVE-2016-6630,CVE-2016-6631,CVE-2016-6632,CVE-2016-6633 Sources used: openSUSE 13.1 (src): phpMyAdmin-4.4.15.8-63.1
CVE-2016-6606 CVE-2016-6607 CVE-2016-6608 CVE-2016-6609 CVE-2016-6610 CVE-2016-6611 CVE-2016-6612 CVE-2016-6613 CVE-2016-6614 CVE-2016-6615 CVE-2016-6616 CVE-2016-6617 CVE-2016-6618 CVE-2016-6619 CVE-2016-6620 CVE-2016-6621 CVE-2016-6622 CVE-2016-6623 CVE-2016-6624 CVE-2016-6625 CVE-2016-6626 CVE-2016-6627 CVE-2016-6628 CVE-2016-6629 CVE-2016-6630 CVE-2016-6631 CVE-2016-6632 CVE-2016-6633 fixed by it