Detections
Analytics

openSUSE Security Update : phpMyAdmin (openSUSE-2016-1406)

medium Nessus Plugin ID 95560

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update to phpMyAdmin 4.4.15.9 fixes security issues and bugs.

The following security issues were fixed :

 - Unsafe generation of $cfg['blowfish_secret'] (PMASA-2016-58)

 - phpMyAdmin's phpinfo functionality is removed (PMASA-2016-59)

 - AllowRoot and allow/deny rule bypass with specially crafted username (PMASA-2016-60)

 - Username matching weaknesses with allow/deny rules (PMASA-2016-61)

 - Possible to bypass logout timeout (PMASA-2016-62)

 - Full path disclosure (FPD) weaknesses (PMASA-2016-63)

 - Multiple XSS weaknesses (PMASA-2016-64)

 - Multiple denial-of-service (DOS) vulnerabilities (PMASA-2016-65)

 - Possible to bypass white-list protection for URL redirection (PMASA-2016-66)

 - BBCode injection to login page (PMASA-2016-67)

 - Denial-of-service (DOS) vulnerability in table partitioning (PMASA-2016-68)

 - Multiple SQL injection vulnerabilities (PMASA-2016-69 )

 - Incorrect serialized string parsing (PMASA-2016-70)

 - CSRF token not stripped from the URL (PMASA-2016-71)

The following bugfix changes are included :

 - Fix for expanding in navigation pane

 - Reintroduced a simplified version of PmaAbsoluteUri directive (needed with reverse proxies)

 - Fix editing of ENUM/SET/DECIMAL field structures

 - Improvements to the parser

Solution

Update the affected phpMyAdmin package.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1012271

Plugin Details

Severity: Medium

ID: 95560

File Name: openSUSE-2016-1406.nasl

Version: 2.3

Type: local

Agent: unix

Published: 12/6/2016

Updated: 1/19/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:phpmyadmin, cpe:/o:novell:opensuse:13.2, cpe:/o:novell:opensuse:42.1, cpe:/o:novell:opensuse:42.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Patch Publication Date: 12/5/2016