openSUSE Security Update : phpMyAdmin (openSUSE-2011-94)

medium Nessus Plugin ID 74539

Synopsis

The remote openSUSE host is missing a security update.

Description

- update to 3.4.8

- bug #3425230 [interface] enum data split at space char (more space to edit)

- bug #3426840 [interface] ENUM/SET editor can't handle commas in values

- bug #3427256 [interface] no links to browse/empty views and tables

- bug #3430377 [interface] Deleted search results remain visible

- bug #3428627 [import] ODS import ignores memory limits

- bug #3426836 [interface] Visual column separation

- bug #3428065 [parser] TRUE not recognized by parser

+ patch #3433770 [config] Make location of php-gettext configurable

- patch #3430291 [import] Handle conflicts in some open_basedir situations

- bug #3431427 [display] Dropdown results - setting NULL does not work

- patch #3428764 [edit] Inline edit on multi-server configuration

- patch #3437354 [core] Notice: Array to string conversion in PHP 5.4

- [interface] When ShowTooltipAliasTB is true, VIEW is wrongly shown as the view name in main panel db Structure page

- bug #3439292 [core] Fail to synchronize column with name of keyword

- bug #3425156 [interface] Add column after drop

- [interface] Avoid showing the password in phpinfo()'s output

- bug #3441572 [GUI] 'newer version of phpMyAdmin' message not shown in IE8

- bug #3407235 [interface] Entering the key through a lookup window does not reset NULL

- [security] Self-XSS on database names (Synchronize), see PMASA-2011-18

- [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18

- [security] Self-XSS on column type (Create index), see PMASA-2011-18

- [security] Self-XSS on column type (table Search), see PMASA-2011-18

- [security] Self-XSS on invalid query (table overview), see PMASA-2011-18

Solution

Update the affected phpMyAdmin package.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=736772

Plugin Details

Severity: Medium

ID: 74539

File Name: openSUSE-2011-94.nasl

Version: 1.4

Type: local

Agent: unix

Published: 6/13/2014

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:phpmyadmin, cpe:/o:novell:opensuse:12.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 12/19/2011

Reference Information

CVE: CVE-2011-4634