-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2025-c17ef0f176 2025-01-31 03:22:59.299527+00:00 -------------------------------------------------------------------------------- Name : phpMyAdmin Product : Fedora 40 Version : 5.2.2 Release : 1.fc40 URL : https://www.phpmyadmin.net/ Summary : A web interface for MySQL and MariaDB Description : phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the Web. Currently it can create and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, manage privileges,export data into various formats and is available in 50 languages -------------------------------------------------------------------------------- Update Information: phpMyAdmin 5.2.2 is released Welcome to the release of phpMyAdmin version 5.2.2, the "I should have released this sooner" release. This is primarily a bugfix release but also contains a few security fixes as noted below. fix possible security issue in sql-parser which could cause long execution times that could create a DOS attack (thanks to Maximilian Krög) fix an XSS vulnerability in the check tables feature (PMASA-2025-1, thanks to bluebird) fix an XSS vulnerability in the Insert tab (PMASA-2025-2, thanks to frequent contributor Kamil Tekiela) fix possible security issue with library code slim/psr7 (CVE-2023-30536) fix possible security issue relating to iconv (CVE-2024-2961, PMASA-2025-3) fix a full path disclosure in the Monitoring tab issue #18268 Fix UI issue the theme manager is disabled issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling issue #18106 Fix renaming database with a view issue #18120 Fix bug with numerical tables during renaming database issue #16851 Fix ($cfg['Order']) default column order doesn't have have any effect since phpMyAdmin 4.2.0 issue #18258 Speed improvements when exporting a database issue #18769 Improved collations support for MariaDB 10.10 There are many, many more fixes that you can see in the ChangeLog file included with this release or online -------------------------------------------------------------------------------- ChangeLog: * Wed Jan 22 2025 Remi Collet <remi@xxxxxxxxxxxx> - 5.2.2-1 - update to 5.2.2 (2025-01-21, security and bugfix release) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2328680 - CVE-2023-44270 phpMyAdmin: Improper input validation in PostCSS [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2328680 [ 2 ] Bug #2331101 - CVE-2024-55565 phpMyAdmin: nanoid mishandles non-integer values [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2331101 [ 3 ] Bug #2334290 - CVE-2024-56522 phpMyAdmin: unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2334290 [ 4 ] Bug #2334295 - CVE-2024-56519 phpMyAdmin: setSVGStyles does not sanitize the SVG font-family attribute [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2334295 [ 5 ] Bug #2334299 - CVE-2024-56521 phpMyAdmin: CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely when libcurl is used [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2334299 [ 6 ] Bug #2334343 - CVE-2024-56527 phpMyAdmin: Error function lacks an htmlspecialchars call for the error message. [fedora-40] https://bugzilla.redhat.com/show_bug.cgi?id=2334343 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-c17ef0f176' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
-- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
