Bug 26372

Summary:	phpmyadmin new security issues CVE-2020-1080[2-4]
Product:	Mageia	Reporter:	David Walser <luigiwalser>
Component:	Security	Assignee:	QA Team <qa-bugs>
Status:	RESOLVED FIXED	QA Contact:	Sec team <security>
Severity:	major
Priority:	Normal	CC:	andrewsfarm, davidwhodgins, herman.viaene, sysadmin-bugs, tmb
Version:	7	Keywords:	advisory, validated_update
Target Milestone:	---
Hardware:	All
OS:	Linux
Whiteboard:	MGA7-64-OK
Source RPM:	phpmyadmin-4.9.4-1.mga7.src.rpm	CVE:
Status comment:

Description David Walser 2020-03-22 17:03:59 CET

phpMyAdmin 4.9.5 and 5.0.2 have been released on March 21, fixing security issues:
https://www.phpmyadmin.net/news/2020/3/21/phpmyadmin-495-and-502-are-released/
https://www.phpmyadmin.net/security/PMASA-2020-2/
https://www.phpmyadmin.net/security/PMASA-2020-3/
https://www.phpmyadmin.net/security/PMASA-2020-4/

David Walser 2020-03-22 17:04:08 CET

Whiteboard: (none) => MGA7TOO

Comment 1 Marc Krämer 2020-03-23 21:21:24 CET

Updated phpmyadmin packages fix security vulnerabilities:

Some SQL injections via table names and parameters were fixed.
 

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10802
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10803
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10804
https://www.phpmyadmin.net/news/2020/3/21/phpmyadmin-495-and-502-are-released/
========================

Updated packages in core/updates_testing:
========================
phpmyadmin-4.9.5-1.mga7.noarch.rpm


SRPM:
phpmyadmin-4.9.5-1.mga7.src.rpm

Assignee: mageia => qa-bugs

Thomas Backlund 2020-03-24 17:57:03 CET

Version: Cauldron => 7
Whiteboard: MGA7TOO => (none)
CC: (none) => tmb

Comment 2 David Walser 2020-03-24 23:43:03 CET

Debian has issued an advisory for this on March 22:
https://www.debian.org/lts/security/2020/dla-2154

Source RPM: phpmyadmin-5.0.1-2.mga8.src.rpm, phpmyadmin-4.9.4-1.mga7.src.rpm => phpmyadmin-4.9.4-1.mga7.src.rpm

Comment 3 Herman Viaene 2020-03-25 11:08:47 CET

MGA7-64 Plasma on Lenovo B50
No installation issues
Tested by connection to existing mysql installation, created a new database in it, created a new table wit two indexes, added a row of data, deleted the table and the database, all worked OK.
Good for me.

CC: (none) => herman.viaene
Whiteboard: (none) => MGA7-64-OK

Comment 4 Thomas Andrews 2020-03-25 16:29:06 CET

Validating. Advisory information in Comment 1.

Keywords: (none) => validated_update
CC: (none) => andrewsfarm, sysadmin-bugs

Dave Hodgins 2020-03-31 23:22:28 CEST

CC: (none) => davidwhodgins
Keywords: (none) => advisory

Comment 5 Mageia Robot 2020-04-01 03:58:30 CEST

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2020-0150.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED