[3.5] phpmyadmin: Multiple issues (CVE-2016-5701, CVE-2016-5703, CVE-2016-5705, CVE-2016-5706, CVE-2016-5730, CVE-2016-5731, CVE-2016-5733, CVE-2016-5734, CVE-2016-5739)
CVE-2016-5701: BBCode injection vulnerability
Affected Versions
Version 4.6.x (prior to 4.6.3), 4.4.15.x (prior to 4.4.15.7), and 4.0.10.x (prior to 4.0.10.16) are affected
Upgrade to phpMyAdmin 4.6.3, 4.4.15.7 or newer
Reference:
https://www.phpmyadmin.net/security/PMASA-2016-17/
CVE-2016-5703: SQL injection attack
Affected Versions
Versions 4.6.x (prior to 4.6.3) and 4.4.x (prior to 4.4.15.7) are affected
Upgrade to phpMyAdmin 4.6.3, 4.4.15.7 or newer
Reference:
https://www.phpmyadmin.net/security/PMASA-2016-19/
CVE-2016-5705: Multiple XSS vulnerabilities
Affected Versions
All 4.4.x versions (prior to 4.4.15.7) and 4.6.x versions (prior to 4.6.3) are affected
Upgrade to phpMyAdmin 4.4.15.7 or 4.6.3 or newer.
Reference:
https://www.phpmyadmin.net/security/PMASA-2016-21/
CVE-2016-5706: DOS attack
Affected Versions
All 4.6.x versions (prior to 4.6.3), 4.4.x versions (prior to 4.4.15.7), and 4.0.x versions (prior to 4.0.10.16) are affected
Upgrade to phpMyAdmin 4.6.3, 4.4.15.7, or 4.0.10.16 or newer.
Reference:
https://www.phpmyadmin.net/security/PMASA-2016-22/
CVE-2016-5730: Multiple full path disclosure vulnerabilities
Affected Versions
All 4.6.x versions (prior to 4.6.3), 4.4.x versions (prior to 4.4.15.7), and 4.0.x versions (prior to 4.0.10.16) are affected
Upgrade to phpMyAdmin 4.6.3, 4.4.15.7, or 4.0.10.16 or newer
Reference:
https://www.phpmyadmin.net/security/PMASA-2016-23/
CVE-2016-5731: XSS through FPD
Affected Versions
All 4.6.x versions (prior to 4.6.3), 4.4.x versions (prior to 4.4.15.7), and 4.0.x versions (prior to 4.0.10.16) are affected
Upgrade to phpMyAdmin 4.6.3, 4.4.15.7, or 4.0.10.16 or newer or apply patch listed below.
Reference:
https://www.phpmyadmin.net/security/PMASA-2016-24/
CVE-2016-5733: Multiple XSS vulnerabilities
Affected Versions
All 4.6.x versions (prior to 4.6.3), 4.4.x versions (prior to 4.4.15.7), and 4.0.x versions (prior to 4.0.10.16) are affected
Upgrade to phpMyAdmin 4.6.3, 4.4.15.7, or 4.0.10.16 or newer
References:
https://www.phpmyadmin.net/security/PMASA-2016-26/
CVE-2016-5734: Unsafe handling of preg_replace parameters
Affected Versions
All 4.6.x versions (prior to 4.6.3), 4.4.x versions (prior to 4.4.15.7), and 4.0.x versions (prior to 4.0.10.16) are affected
Upgrade to phpMyAdmin 4.6.3, 4.4.15.7, or 4.0.10.16 or newer
https://www.phpmyadmin.net/security/PMASA-2016-27/
CVE-2016-5739: Referrer leak in transformations
Affected Versions
All 4.6.x versions (prior to 4.6.3), 4.4.x versions (prior to 4.4.15.7), and 4.0.x versions (prior to 4.0.10.16) are affected
Upgrade to phpMyAdmin 4.6.3, 4.4.15.7, or 4.0.10.16 or newer
Reference:
https://www.phpmyadmin.net/security/PMASA-2016-28/
(from redmine: issue id 5834, created on 2016-06-29, closed on 2016-07-07)
- Relations:
- parent #5833 (closed)
- Changesets:
- Revision b7fe9707 on 2016-07-05T09:53:39Z:
main/phpmyadmin: security upgrade to 4.6.3
Fixes #5834
Fixes #5840