openSUSE-SU-2016:0067-1

Опубликовано: 11 янв. 2016

Источник: suse-cvrf

Описание

Security update for phpMyAdmin

phpMyAdmin was updated to 4.4.15.2 to fix one security issue and one non-security bug.

The following vulnerability was fixed:

CVE-2015-8669: It was possible to trigger phpMyAdmin to display a PHP error message which contains the full path of the directory where phpMyAdmin is installed (boo#960282)

The following bug was fixed:

boo#960854: dependency of php-json was missing

Список пакетов

openSUSE Leap 42.1

phpMyAdmin-4.4.15.2-8.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-01/msg00014.html
E-Mail link for openSUSE-SU-2016:0067-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12, 4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers to obtain sensitive information via a crafted request, which reveals the full path in an error message.

Затронутые продукты

openSUSE Leap 42.1:phpMyAdmin-4.4.15.2-8.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-8669.html
CVE-2015-8669
https://bugzilla.suse.com/960282
SUSE Bug 960282

openSUSE-SU-2016:0067-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2015-8669

Описание

Затронутые продукты

Ссылки