| Summary: | phpmyadmin new security issue CVE-2018-12581 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | major | ||
| Priority: | Normal | CC: | davidwhodgins, herman.viaene, sysadmin-bugs, wilcal.int |
| Version: | 6 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA6-32-OK MGA6-64-OK | ||
| Source RPM: | phpmyadmin-4.7.8-1.mga6.src.rpm | CVE: | |
| Status comment: | Fixed upstream in 4.8.2 | ||
|
Description
David Walser
2018-06-24 23:12:22 CEST
openSUSE has issued an advisory for this on June 23: https://lists.opensuse.org/opensuse-updates/2018-06/msg00129.html Status comment:
(none) =>
Fixed upstream in 4.8.2 hmm. I have to have a closer look at this. 4.8.x has some major changes. Since this is only moderate, maybe we won't fix it. Moderate doesn't mean not important, and if 4.8.x is all that's supported, then it is what it is. Updated phpmyadmin package fix security vulnerability: A Cross-Site Scripting vulnerability was found in the Designer feature, where an attacker can deliver a payload to a user through a specially-crafted database name. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12581 ======================== Updated packages in core/updates_testing: ======================== phpmyadmin-4.7.8-2.mga6.noarch.rpm Source RPMs: phpmyadmin-4.7.8-2.mga6.src.rpm
Marc Krämer
2018-06-27 02:08:47 CEST
Assignee:
mageia =>
qa-bugs Hmmm, I have already version 4.8.0.1 installed on this laptop and as far as I can see in MCC this is an officially supported version.We are not going backwards??? CC:
(none) =>
herman.viaene In VirtualBox, M6, MATE, 32-bit Package(s) under test: mariadb phpmyadmin default install of mariadb & phpmyadmin [root@localhost wilcal]# urpmi mariadb Package mariadb-10.1.33-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.7.8-1.mga6.noarch is already installed start mysqladmin, set password to "mytest" open http://localhost/phpmyadmin/ create new database called test01. Close browser. Successfully reopen: http://localhost/phpmyadmin/ install phpmyadmin from updates_testing [root@localhost wilcal]# urpmi mariadb Package mariadb-10.1.33-1.mga6.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.7.8-2.mga6.noarch is already installed open http://localhost/phpmyadmin/ create new database called test02. Close browser. Successfully reopen: http://localhost/phpmyadmin/ I can access db's test01 & test02 CC:
(none) =>
wilcal.int
William Kenney
2018-06-29 22:14:24 CEST
Whiteboard:
(none) =>
MGA6-32-OK In VirtualBox, M6, MATE, 64-bit Package(s) under test: mariadb phpmyadmin default install of mariadb & phpmyadmin [root@localhost wilcal]# urpmi mariadb Package mariadb-10.1.33-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.7.8-1.mga6.noarch is already installed start mysqladmin, set password to "mytest" open http://localhost/phpmyadmin/ create new database called test01. Close browser. Successfully reopen: http://localhost/phpmyadmin/ install phpmyadmin from updates_testing [root@localhost wilcal]# urpmi mariadb Package mariadb-10.1.33-1.mga6.x86_64 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.7.8-2.mga6.noarch is already installed open http://localhost/phpmyadmin/ create new database called test02. Close browser. Successfully reopen: http://localhost/phpmyadmin/ I can access db's test01 & test02
William Kenney
2018-06-29 22:33:24 CEST
Whiteboard:
MGA6-32-OK =>
MGA6-32-OK MGA6-64-OK
Dave Hodgins
2018-06-30 04:29:56 CEST
Keywords:
(none) =>
advisory An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0304.html Status:
NEW =>
RESOLVED |