Upstream has released new versions today (February 29): https://www.phpmyadmin.net/news/2016/2/29/phpmyadmin-401015-44155-and-4551-are-released/ Updated packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated phpmyadmin package fixes security vulnerabilities: Multiple cross-site scripting (XSS) issues in phpMyAdmin before 4.4.5.5 (CVE-2016-2560, CVE-2016-2561). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2560 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2561 https://www.phpmyadmin.net/security/PMASA-2016-11/ https://www.phpmyadmin.net/security/PMASA-2016-12/ https://www.phpmyadmin.net/files/4.4.15.5/ https://www.phpmyadmin.net/news/2016/2/29/phpmyadmin-401015-44155-and-4551-are-released/ ======================== Updated packages in core/updates_testing: ======================== phpmyadmin-4.4.15.5-1.mga5 from phpmyadmin-4.4.15.5-1.mga5.src.rpm
Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=12834#c7 https://bugs.mageia.org/show_bug.cgi?id=14208#c6
Whiteboard: (none) => has_procedure
In VirtualBox, M5, KDE, 32-bit Package(s) under test: mariadb phpmyadmin default install of mariadb & phpmyadmin [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.23-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.4-1.mga5.noarch is already installed start mysqladmin, set password to "mytest" open http://localhost/phpmyadmin/ create new database called test01. Close browser. Successfully reopen: http://localhost/phpmyadmin/ install phpmyadmin from updates_testing [root@localhost wilcal]# urpmi phpmyadmin A requested package cannot be installed: phpmyadmin-4.4.15.5-1.mga5.noarch (due to unsatisfied pear(config.sample.inc.php))
CC: (none) => wilcal.int
Should be fixed. Updated packages in core/updates_testing: ======================== phpmyadmin-4.4.15.5-1.1.mga5 from phpmyadmin-4.4.15.5-1.1.mga5.src.rpm
Advisory uploaded with srpm from comment 3
Whiteboard: has_procedure => has_procedure advisory
New tarball included a test directory that should not be packaged. Removed it. Updated packages in core/updates_testing: ======================== phpmyadmin-4.4.15.5-1.2.mga5 from phpmyadmin-4.4.15.5-1.2.mga5.src.rpm Advisory fixed in SVN too.
In VirtualBox, M5, KDE, 32-bit install: mariadb phpmyadmin Install and setup mariadb & phpmyadmin In a su root terminal: systemctl start mysqld.service Set password to: mytest [root@localhost wilcal]# mysqladmin -u root password type password "mytest" twice In Browser: localhost/phpmyadmin user: root PW: mytest remember password "mytest" Package(s) under test: mariadb phpmyadmin default install of mariadb & phpmyadmin [[root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.23-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.4-1.mga5.noarch is already installed start mysqladmin, set password to "mytest" open http://localhost/phpmyadmin/ create new database called test01. Close browser. Successfully reopen: http://localhost/phpmyadmin/ & db test01 install phpmyadmin from updates_testing [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.23-1.mga5.i586 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.5-1.2.mga5.noarch is already installed open http://localhost/phpmyadmin/ create new database called test02. Close browser. Successfully reopen: http://localhost/phpmyadmin/ I can open db's test01 & test02
In VirtualBox, M5, KDE, 64-bit install: mariadb phpmyadmin Install and setup mariadb & phpmyadmin In a su root terminal: systemctl start mysqld.service Set password to: mytest [root@localhost wilcal]# mysqladmin -u root password type password "mytest" twice In Browser: localhost/phpmyadmin user: root PW: mytest remember password "mytest" Package(s) under test: mariadb phpmyadmin default install of mariadb & phpmyadmin [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.23-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.4-1.mga5.noarch is already installed start mysqladmin, set password to "mytest" open http://localhost/phpmyadmin/ create new database called test01. Close browser. Successfully reopen: http://localhost/phpmyadmin/ & db test01 install phpmyadmin from updates_testing [root@localhost wilcal]# urpmi mariadb Package mariadb-10.0.23-1.mga5.x86_64 is already installed [root@localhost wilcal]# urpmi phpmyadmin Package phpmyadmin-4.4.15.5-1.2.mga5.noarch is already installed open http://localhost/phpmyadmin/ create new database called test02. Close browser. Successfully reopen: http://localhost/phpmyadmin/ I can open db's test01 & test02
Looks good now. Anything else David?
Good to go. Thanks.
This update works fine. Testing complete for MGA5, 32-bit & 64-bit Validating the update. Could someone from the sysadmin team push to updates. Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure advisory => has_procedure advisory MGA5-32-OK MGA5-64-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0092.html
Status: NEW => RESOLVEDResolution: (none) => FIXED
URL: (none) => http://lwn.net/Vulnerabilities/678631/