Package "phpmyadmin"
Name: |
phpmyadmin
|
Description: |
MySQL web administration tool
|
Latest version: |
4:4.6.6-5ubuntu0.5 |
Release: |
bionic (18.04) |
Level: |
updates |
Repository: |
universe |
Homepage: |
https://www.phpmyadmin.net/ |
Links
Download "phpmyadmin"
Other versions of "phpmyadmin" in Bionic
Changelog
phpmyadmin (4:4.6.6-5ubuntu0.5) bionic-security; urgency=medium
* SECURITY UPDATE: Cross-site scripting (XSS)
- debian/patches/CVE-2020-26934.patch: make sure where_clause is not
modified
- debian/patches/fix-tests-for-CVE-2020-26934-and-CVE-2020-26935.patch:
Fix failing tests
- debian/patches/CVE-2018-7260.patch: Fix XSS vulnerability in central
columns feature
- debian/patches/CVE-2018-19970.patch: Fix stored Cross-Site Scripting
(XSS) in navigation tree.
- CVE-2020-26934
- CVE-2018-7260
- CVE-2018-19970
* SECURITY UPDATE: Cross-site request forgery (CSRF)
- debian/patches/CVE-2019-12616.patch: Retrieve parameters from $_POST
in AuthenticationCookie.
- debian/patches/fix-tests-for-CVE-2019-12616.patch: Fix tests for
CVE-2019-12616
* SECURITY UPDATE: SQL Injection
- debian/patches/CVE-2020-26935.patch: Check where clause signature in
TableSearchController
- debian/patches/CVE-2019-6798.patch: SQL injection in Designer
- debian/patches/CVE-2019-11768.patch: Fix escape database name when
saving page on designer.
- debian/patches/CVE-2020-5504.patch: escape username in the query
- debian/patches/CVE-2020-10804: escape username, password, and hostname
- debian/patches/CVE-2020-10802: Use Util::backquote in getDataRowAction
- debian/patches/CVE-2020-10803: Add where_clause check in
tbl_get_field.php
- debian/patches/fix-tests-for-CVE-2020-10803.patch: Fix
Display/ResultsTest errors
- CVE-2020-26935
- CVE-2019-6798
- CVE-2019-11768
- CVE-2020-5504
- CVE-2020-10804
- CVE-2020-10802
- CVE-2020-10803
* SECURITY UPDATE: Sensitive information exposure
- debian/patches/CVE-2018-19968.patch: Remove transform plugin includes
- debian/patches/CVE-2019-6799.patch: Prevent arbitrary file read by
the webserver
- CVE-2018-19968
- CVE-2019-6799
* FTBFS: PHPUnit namespace discrepancy
- debian/patches/fix-tests-bionic.patch: The version of PHPUnit packaged
with bionic is not compatible with these unit tests. Some minor namespace
tweaks were needed in order to get the test suite to run. One test case
provided by rulesProvider for testAddRules() was disabled.
-- Mike Salvatore <email address hidden> Tue, 17 Nov 2020 19:16:01 -0500
|
CVE-2020-26934 |
phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. |
CVE-2020-26935 |
An issue was discovered in SearchController in phpMyAdmin before 4.9.6 and 5.x before 5.0.3. A SQL injection vulnerability was discovered in how phpM |
CVE-2018-7260 |
Cross-site scripting (XSS) vulnerability in db_central_columns.php in phpMyAdmin before 4.7.8 allows remote authenticated users to inject arbitrary w |
CVE-2018-19970 |
In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafte |
CVE-2019-12616 |
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin u |
CVE-2019-6798 |
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL inje |
CVE-2019-11768 |
An issue was discovered in phpMyAdmin before 4.9.0.1. A vulnerability was reported where a specially crafted database name can be used to trigger an |
CVE-2020-5504 |
In phpMyAdmin 4 before 4.9.4 and 5 before 5.0.1, SQL injection exists in the user accounts page. A malicious user could inject custom SQL in place of |
CVE-2020-10804 |
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was found in retrieval of the current username (in libraries/class |
CVE-2020-10802 |
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability has been discovered where certain parameters are not properly esca |
CVE-2020-10803 |
In phpMyAdmin 4.x before 4.9.5 and 5.x before 5.0.2, a SQL injection vulnerability was discovered where malicious code could be used to trigger an XS |
CVE-2018-19968 |
An attacker can exploit phpMyAdmin before 4.8.4 to leak the contents of a local file because of an error in the transformation feature. The attacker |
CVE-2019-6799 |
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL |
|
About
-
Send Feedback to @ubuntu_updates