Fedora 27 : php-phpmyadmin-motranslator / php-phpmyadmin-sql-parser / etc (2018-a1650ed14f)

medium Nessus Plugin ID 107010

Language:

Synopsis

The remote Fedora host is missing one or more security updates.

Description

From upstream announcement :

**Security fix: phpMyAdmin 4.7.8 is released**

Welcome to phpMyAdmin 4.7.8, a security releaes also containing regular maintenance bug fixes.

The security fix relates to a self-XSS vulnerability in the central columns feature that is reported as PMASA-2018-1 https://www.phpmyadmin.net/security/PMASA-2018-1/. Thanks to Mayur Udiniya https://www.linkedin.com/in/mayur-udiniya-09247b129/ for finding and responsibly disclosing this flaw.

We recommend all users upgrade to resolve this security problem.

A complete list of new features and bugs that have been fixed is available in the ChangeLog file or changelog.php included with this release.

Notable changes since 4.7.7 :

- Fixed error handling with PHP 7.2

- Fixed resetting default setting values

- Fixed fallback value for collation connection

Additionally, there have been continuous improvements to many of the translations. If you don't see your language or find a problem, you can contribute too; see https://www.phpmyadmin.net/translate/ for details.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php-phpmyadmin-motranslator, php-phpmyadmin-sql-parser and / or phpMyAdmin packages.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2018-a1650ed14f

https://www.linkedin.com/in/mayur-udiniya-09247b129/

https://www.phpmyadmin.net/security/PMASA-2018-1/

https://www.phpmyadmin.net/translate/

Plugin Details

Severity: Medium

ID: 107010

File Name: fedora_2018-a1650ed14f.nasl

Version: 3.6

Type: local

Agent: unix

Published: 2/27/2018

Updated: 1/6/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.8

CVSS v2

Risk Factor: Low

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php-phpmyadmin-motranslator, p-cpe:/a:fedoraproject:fedora:php-phpmyadmin-sql-parser, p-cpe:/a:fedoraproject:fedora:phpmyadmin, cpe:/o:fedoraproject:fedora:27

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2/26/2018

Vulnerability Publication Date: 2/21/2018

Reference Information

CVE: CVE-2018-7260