Описание
Security update for phpMyAdmin
This update for phpMyAdmin fixes the following issues:
phpMyAdmin was updated to 4.9.2:
- CVE-2019-18622: SQL injection in Designer feature (boo#1157614)
- Fixes for 'Failed to set session cookie' error
- Advisor with MySQL 8.0.3 and newer
- Fix PHP deprecation errors
- Fix a situation where exporting users after a delete query could remove users
- Fix incorrect 'You do not have privileges to manipulate with the users!' warning
- Fix copying a database's privileges and several other problems moving columns with MariaDB
- Fix for phpMyAdmin not selecting all the values when using shift-click to select during Export
Список пакетов
SUSE Package Hub 12
phpMyAdmin-4.9.2-bp151.3.9.1
SUSE Package Hub 15
phpMyAdmin-4.9.2-bp151.3.9.1
SUSE Package Hub 15 SP1
phpMyAdmin-4.9.2-bp151.3.9.1
openSUSE Leap 15.0
phpMyAdmin-4.9.2-bp151.3.9.1
openSUSE Leap 15.1
phpMyAdmin-4.9.2-bp151.3.9.1
Ссылки
- E-Mail link for openSUSE-SU-2019:2599-1
- SUSE Security Ratings
- SUSE Bug 1157614
- SUSE CVE CVE-2019-18622 page
Описание
An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature.
Затронутые продукты
SUSE Package Hub 12:phpMyAdmin-4.9.2-bp151.3.9.1
SUSE Package Hub 15 SP1:phpMyAdmin-4.9.2-bp151.3.9.1
SUSE Package Hub 15:phpMyAdmin-4.9.2-bp151.3.9.1
openSUSE Leap 15.0:phpMyAdmin-4.9.2-bp151.3.9.1
Ссылки
- CVE-2019-18622
- SUSE Bug 1157614
- SUSE Bug 1158801