| Summary: | phpmyadmin new security issue CVE-2020-5504 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | mageia, sysadmin-bugs, tmb |
| Version: | 7 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA7-64-OK | ||
| Source RPM: | phpmyadmin-4.9.3-1.mga7.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2020-01-08 15:17:42 CET
Updated phpmyadmin package fix security vulnerability: A SQL injection flaw has been discovered in the user accounts page. A malicious user could inject custom SQL in place of their own username when creating queries to this page. An attacker must have a valid MySQL account to access the server. References: https://www.phpmyadmin.net/news/2020/1/8/phpmyadmin-494-and-501-are-released/ https://www.phpmyadmin.net/security/PMASA-2020-1/ ======================== Updated packages in core/updates_testing: ======================== phpmyadmin-4.9.4-1.mga7.noarch.rpm Source RPMs: phpmyadmin-4.9.4-1.mga7.src.rpm Assignee:
mageia =>
qa-bugs Installed and tested without issues. Tested local and remote servers. No regressions. System: Mageia 7, x86_64, Apache, MariaDB, Firefox, Chromium, Intel CPU. $ uname -a Linux marte 5.4.6-desktop-2.mga7 #1 SMP Mon Dec 23 12:05:27 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q phpmyadmin apache mariadb phpmyadmin-4.9.4-1.mga7 apache-2.4.41-1.2.mga7 mariadb-10.3.20-1.mga7 CC:
(none) =>
mageia
PC LX
2020-01-09 13:05:42 CET
Whiteboard:
(none) =>
MGA7-64-OK
Thomas Backlund
2020-01-11 23:39:48 CET
Keywords:
(none) =>
advisory, validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2020-0033.html Status:
NEW =>
RESOLVED |