[3.2] phpmyadmin: Multiple issues (CVE-2015-8669, CVE-2016-2038, CVE-2016-2039, CVE-2016-2040, ...)
CVE-2015-8669: Full path disclosure vulnerability
Affected Versions:
Versions 4.0.x (prior to 4.0.10.12), 4.4.x (prior to 4.4.15.2) and 4.5.x (prior to 4.5.3.1) are affected.
Upgrade to phpMyAdmin 4.0.10.12 or newer, 4.4.15.2 or newer, 4.5.3.1 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2015-6/
CVE-2016-2038: Multiple full path disclosure vulnerabilities.
Affected Versions:
Versions 4.0.x (prior to 4.0.10.13), 4.4.x (prior to 4.4.15.3) and 4.5.x (prior to 4.5.4) are affected.
Upgrade to phpMyAdmin 4.0.10.13 or newer, 4.4.15.3 or newer, 4.5.4 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-1/
CVE-2016-2039: Unsafe generation of XSRF/CSRF token.
Affected Versions:
Versions 4.0.x (prior to 4.0.10.13), 4.4.x (prior to 4.4.15.3) and 4.5.x (prior to 4.5.4) are affected.
Upgrade to phpMyAdmin 4.0.10.13 or newer, 4.4.15.3 or newer, 4.5.4 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-2/
CVE-2016-2040: Multiple XSS vulnerabilities.
Affected Versions:
Versions 4.0.x (prior to 4.0.10.13), 4.4.x (prior to 4.4.15.3) and 4.5.x (prior to 4.5.4) are affected.
Upgrade to phpMyAdmin 4.0.10.13 or newer, 4.4.15.3 or newer, 4.5.4 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-3/
CVE-2016-1927: Insecure password generation in JavaScript.
Affected Versions:
Versions 4.0.x (prior to 4.0.10.13), 4.4.x (prior to 4.4.15.3) and 4.5.x (prior to 4.5.4) are affected.
Upgrade to phpMyAdmin 4.0.10.13 or newer, 4.4.15.3 or newer, 4.5.4 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-4/
CVE-2016-2041: Unsafe comparison of XSRF/CSRF token.
Affected Versions:
Versions 4.0.x (prior to 4.0.10.13), 4.4.x (prior to 4.4.15.3) and 4.5.x (prior to 4.5.4) are affected.
Upgrade to phpMyAdmin 4.0.10.13 or newer, 4.4.15.3 or newer, 4.5.4 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-5/
CVE-2016-2042: Multiple full path disclosure vulnerabilities.
Affected Versions:
Versions 4.4.x (prior to 4.4.15.3) and 4.5.x (prior to 4.5.4) are affected.
Upgrade to phpMyAdmin 4.4.15.3 or newer, 4.5.4 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-6/
CVE-2016-2043: XSS vulnerability in normalization page.
Affected Versions:
Versions 4.4.x (prior to 4.4.15.3) and 4.5.x (prior to 4.5.4) are affected.
Upgrade to phpMyAdmin 4.4.15.3 or newer, 4.5.4 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-7/
(from redmine: issue id 5067, created on 2016-02-04, closed on 2016-02-09)
- Relations:
- parent #5065 (closed)
- Changesets:
- Revision bba25ca9 on 2016-02-09T09:41:37Z:
main/phpmyadmin: security upgrade to 4.4.15.4 (Multiple CVEs). Fixes #5067
CVE-2015-8669
CVE-2016-2038
CVE-2016-2039
CVE-2016-2040
CVE-2016-1927
CVE-2016-2041
CVE-2016-2042
CVE-2016-2043