Описание
Security update for phpMyAdmin
This update for phpMyAdmin to version 4.8.5 fixes the following issues:
Security issues fixed:
- CVE-2019-6799: Fixed an arbitrary file read vulnerability (boo#1123272)
- CVE-2019-6798: Fixed a SQL injection in the designer interface (boo#1123271)
Other changes:
- Fix rxport to SQL format not available
- Fix QR code not shown when adding two-factor authentication to a user account
- Fix issue with adding a new user in MySQL 8.0.11 and newer
- Fix frozen interface relating to Text_Plain_Sql plugin
- Fix missing table level operations tab
Список пакетов
SUSE Package Hub 12
phpMyAdmin-4.8.5-bp150.3.9.1
SUSE Package Hub 15
phpMyAdmin-4.8.5-bp150.3.9.1
openSUSE Leap 15.0
phpMyAdmin-4.8.5-bp150.3.9.1
Ссылки
- E-Mail link for openSUSE-SU-2019:0194-1
- SUSE Security Ratings
- SUSE Bug 1123271
- SUSE Bug 1123272
- SUSE CVE CVE-2019-6798 page
- SUSE CVE CVE-2019-6799 page
Описание
An issue was discovered in phpMyAdmin before 4.8.5. A vulnerability was reported where a specially crafted username can be used to trigger a SQL injection attack through the designer feature.
Затронутые продукты
SUSE Package Hub 12:phpMyAdmin-4.8.5-bp150.3.9.1
SUSE Package Hub 15:phpMyAdmin-4.8.5-bp150.3.9.1
openSUSE Leap 15.0:phpMyAdmin-4.8.5-bp150.3.9.1
Ссылки
- CVE-2019-6798
- SUSE Bug 1123271
Описание
An issue was discovered in phpMyAdmin before 4.8.5. When the AllowArbitraryServer configuration setting is set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration, and the inadvertent ignoring of "options(MYSQLI_OPT_LOCAL_INFILE" calls.
Затронутые продукты
SUSE Package Hub 12:phpMyAdmin-4.8.5-bp150.3.9.1
SUSE Package Hub 15:phpMyAdmin-4.8.5-bp150.3.9.1
openSUSE Leap 15.0:phpMyAdmin-4.8.5-bp150.3.9.1
Ссылки
- CVE-2019-6799
- SUSE Bug 1123272