Detections
Analytics

Fedora 31 : phpMyAdmin (2020-a1b4afe7b5)

high Nessus Plugin ID 133014

Language:

Synopsis

The remote Fedora host is missing a security update.

Description

**Version 5.0.1** (2020-01-07)

 - issue #15719 Fixed error 500 when browsing a table when $cfg['LimitChars'] used a string and not an int value

 - issue #14936 Fixed display NULL on numeric fields has showing empty string since 5.0.0

 - issue #15722 Fix get Database structure fails with PHP error on replicated server

 - issue #15723 Fix can't browse certain tables since 5.0.0 update

 - issue Prevent line wrap in DB structure size column

 - issue Remove extra line break from downloaded blob content

 - issue #15725 Fixed error 500 when exporting - set time limit when $cfg['ExecTimeLimit'] used a string and not an int value

 - issue #15726 Fixed double delete icons on enum editor

 - issue #15717 Fixed warning popup not dissapearing on table stucture when using actions without any column selection

 - issue #15693 Fixed focus of active tab is lost by clicking refresh option on browse tab

 - issue #15734 Fix Uncaught TypeError: http_build_query() in setup

 - issue Fix double slash in path when $cfg['TempDir'] has a trailing slash

 - issue #14875 Fix shp file import tests where failing when php dbase extension was enabled

 - issue #14299 Fix JS error 'PMA_makegrid is not defined' when clicking on a table from the 'Insert' tab opened in a new tab

 - issue #15351 Fixed 2FA setting removed each time the user edits another configuration setting

 - issue [security] Fix SQL injection vulnerability on the user accounts page (PMASA-2020-1)

----

**Welcome to the release of phpMyAdmin version 5.0.0.**

This release includes many new features and improvements from the 4.9 series. We expect to maintain version 4 in a security capacity to support users with older PHP installations.

With this release, we are removing support of old PHP versions (5.5, 5.6, 7.0, and HHVM). These versions are outdated and are no longer supported by the PHP team.

Version 5.0 includes many coding improvements that modernize the interface. Many of these changes are transparent to users, but make the code easier to maintain. Much of this refactoring work is completed by our contract developer, Maurício Meneghini Fauth.

Some of the changes and new features include :

 - Enable columns names by default for CSV exports

 - Add Metro theme

 - Automatically add the index when creating an auto increment column

 - Improvements to exporting views

 - Prompt the user for confirmation before running an UPDATE query with no WHERE clause

 - Improvements to how errors are show to the user (including allowing easier copying of the error text to the clipboard)

 - Added keystrokes to clear the line (ctrl+l) and clear the entire console window (ctrl+u)

 - Use charset 'windows-1252' when export format is MS Excel

There are several more changes, please refer to the ChangeLog file included with the release for full details.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected phpMyAdmin package.

See Also

https://bodhi.fedoraproject.org/updates/FEDORA-2020-a1b4afe7b5

Plugin Details

Severity: High

ID: 133014

File Name: fedora_2020-a1b4afe7b5.nasl

Version: 1.1

Type: local

Agent: unix

Published: 1/17/2020

Updated: 1/17/2020

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:phpmyadmin, cpe:/o:fedoraproject:fedora:31

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 1/17/2020

Vulnerability Publication Date: 1/17/2020

Reference Information