openSUSE Security Update : phpMyAdmin (openSUSE-2016-1027)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This phpMyAdmin update to version 4.4.15.8 fixes the following
issues :

Security issues fixed :

- Improve session cookie code for openid.php and
signon.php example files

- Full path disclosure in openid.php and signon.php
example files

- Unsafe generation of BlowfishSecret (when not supplied
by the user)

- Referrer leak when phpinfo is enabled

- Use HTTPS for wiki links

- Improve SSL certificate handling

- Fix full path disclosure in debugging code

- Administrators could trigger SQL injection attack
against users

- Weaknesses with cookie encryption see PMASA-2016-29
(CVE-2016-6606, CWE-661)

- Multiple XSS vulnerabilities see PMASA-2016-30
(CVE-2016-6607, CWE-661)

- Multiple XSS vulnerabilities see PMASA-2016-31
(CVE-2016-6608, CWE-661)

- PHP code injection see PMASA-2016-32 (CVE-2016-6609,
CWE-661)

- Full path disclosure see PMASA-2016-33 (CVE-2016-6610,
CWE-661)

- SQL injection attack see PMASA-2016-34 (CVE-2016-6611,
CWE-661)

- Local file exposure through LOAD DATA LOCAL INFILE see
PMASA-2016-35 (CVE-2016-6612, CWE-661)

- Local file exposure through symlinks with UploadDir see
PMASA-2016-36 (CVE-2016-6613, CWE-661)

- Path traversal with SaveDir and UploadDir see
PMASA-2016-37 (CVE-2016-6614, CWE-661)

- Multiple XSS vulnerabilities see PMASA-2016-38
(CVE-2016-6615, CWE-661)

- SQL injection vulnerability as control user see
PMASA-2016-39 (CVE-2016-6616, CWE-661)

- SQL injection vulnerability see PMASA-2016-40
(CVE-2016-6617, CWE-661)

- Denial-of-service attack through transformation feature
see PMASA-2016-41 (CVE-2016-6618, CWE-661)

- SQL injection vulnerability as control user see
PMASA-2016-42 (CVE-2016-6619, CWE-661)

- Verify data before unserializing see PMASA-2016-43
(CVE-2016-6620, CWE-661)

- SSRF in setup script see PMASA-2016-44 (CVE-2016-6621,
CWE-661)

- Denial-of-service attack with
$cfg['AllowArbitraryServer'] = true and persistent
connections see PMASA-2016-45 (CVE-2016-6622, CWE-661)

- Denial-of-service attack by using for loops see
PMASA-2016-46 (CVE-2016-6623, CWE-661)

- Possible circumvention of IP-based allow/deny rules with
IPv6 and proxy server see PMASA-2016-47 (CVE-2016-6624,
CWE-661)

- Detect if user is logged in see PMASA-2016-48
(CVE-2016-6625, CWE-661)

- Bypass URL redirection protection see PMASA-2016-49
(CVE-2016-6626, CWE-661)

- Referrer leak see PMASA-2016-50 (CVE-2016-6627, CWE-661)

- Reflected File Download see PMASA-2016-51
(CVE-2016-6628, CWE-661)

- ArbitraryServerRegexp bypass see PMASA-2016-52
(CVE-2016-6629, CWE-661)

- Denial-of-service attack by entering long password see
PMASA-2016-53 (CVE-2016-6630, CWE-661)

- Remote code execution vulnerability when running as CGI
see PMASA-2016-54 (CVE-2016-6631, CWE-661)

- Denial-of-service attack when PHP uses dbase extension
see PMASA-2016-55 (CVE-2016-6632, CWE-661)

- Remove tode execution vulnerability when PHP uses dbase
extension see PMASA-2016-56 (CVE-2016-6633, CWE-661)

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=994313

Solution :

Update the affected phpMyAdmin package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)