Fedora 27 : php-phpmyadmin-motranslator / php-phpmyadmin-sql-parser / etc (2018-a1650ed14f)

Low Nessus Plugin ID 107010

Synopsis

The remote Fedora host is missing one or more security updates.

Description

From upstream announcement :

**Security fix: phpMyAdmin 4.7.8 is released**

Welcome to phpMyAdmin 4.7.8, a security releaes also containing regular maintenance bug fixes.

The security fix relates to a self-XSS vulnerability in the central columns feature that is reported as PMASA-2018-1 https://www.phpmyadmin.net/security/PMASA-2018-1/. Thanks to Mayur Udiniya https://www.linkedin.com/in/mayur-udiniya-09247b129/ for finding and responsibly disclosing this flaw.

We recommend all users upgrade to resolve this security problem.

A complete list of new features and bugs that have been fixed is available in the ChangeLog file or changelog.php included with this release.

Notable changes since 4.7.7 :

- Fixed error handling with PHP 7.2

- Fixed resetting default setting values

- Fixed fallback value for collation connection

Additionally, there have been continuous improvements to many of the translations. If you don't see your language or find a problem, you can contribute too; see https://www.phpmyadmin.net/translate/ for details.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected php-phpmyadmin-motranslator, php-phpmyadmin-sql-parser and / or phpMyAdmin packages.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2018-a1650ed14f

https://www.linkedin.com/in/mayur-udiniya-09247b129/

https://www.phpmyadmin.net/security/PMASA-2018-1/

https://www.phpmyadmin.net/translate/

Plugin Details

Severity: Low

ID: 107010

File Name: fedora_2018-a1650ed14f.nasl

Version: 3.3

Type: local

Agent: unix

Published: 2018/02/27

Modified: 2018/03/12

Dependencies: 12634

Risk Information

Risk Factor: Low

CVSSv2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSSv3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:php-phpmyadmin-motranslator, p-cpe:/a:fedoraproject:fedora:php-phpmyadmin-sql-parser, p-cpe:/a:fedoraproject:fedora:phpMyAdmin, cpe:/o:fedoraproject:fedora:27

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 2018/02/26

Reference Information

CVE: CVE-2018-7260