phpMyAdmin 4.8.5 has been released today (January 26), fixing security issues: https://www.phpmyadmin.net/news/2019/1/26/security-fix-phpmyadmin-485-released/ https://www.phpmyadmin.net/security/PMASA-2019-1/ https://www.phpmyadmin.net/security/PMASA-2019-2/ Mageia 6 is also affected.
Whiteboard: (none) => MGA6TOO
Suggested advisory: ======================== Updated phpmyadmin packages fix security vulnerabilities: - Possible SQL injection in Designer feature - When AllowArbitraryServer configuration set to true, with the use of a rogue MySQL server, an attacker can read any file on the server that the web server's user can access. References: https://www.phpmyadmin.net/security/PMASA-2019-1/ https://www.phpmyadmin.net/security/PMASA-2019-2/ Updated packages in core/updates_testing: ======================== phpmyadmin-4.7.8-4.mga6 SRPM: phpmyadmin-4.7.8-4.mga6.src.rpm
Whiteboard: MGA6TOO => (none)CC: (none) => mageiaVersion: Cauldron => 6Assignee: php => qa-bugs
MGA6-32 MATE on IBM Thinkpad R50e No installation issues, apart from the fact that mysql was not yet installed. I had to initiate this installation. At CLI: # systemctl start httpd # systemctl start mysqld # mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. etc .... to get a working mysql Then run phpmyadmin in the browser, create a new database and a new table with PK and unique key. All OK.
CC: (none) => herman.viaeneWhiteboard: (none) => MGA6-32-OK
Installed and tested without issues. Tests included: - Browsing databases, tables and data; - Creating a test table; - Inserting, updating and deleting rows; - Executing several SQL queries; System: Mageia 6, x86_64, Apache, MariaDB, Intel CPU. $ uname -a Linux marte 4.14.89-desktop-1.mga6 #1 SMP Mon Dec 17 13:14:48 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q apache ; rpm -q mariadb apache-2.4.37-1.2.mga6 mariadb-10.1.37-1.mga6
CC: (none) => mageiaWhiteboard: MGA6-32-OK => MGA6-32-OK MGA6-64-OK
Thank you both for the quick work. Hard to keep up...
Keywords: (none) => advisory, validated_updateCC: (none) => lewyssmith, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0057.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED