[gentoo-announce] [ GLSA 201904-16 ] phpMyAdmin: Multiple vulnerabilities - gentoo-announce

From:	Aaron Bauman <bman@g.o>
To:	gentoo-announce@l.g.o
Subject:	[gentoo-announce] [ GLSA 201904-16 ] phpMyAdmin: Multiple vulnerabilities
Date:	Mon, 15 Apr 2019 21:03:44
Message-Id:	`20190415205357.GH29860@monkey`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 201904-16

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                           https://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

 Severity: Normal

8

    Title: phpMyAdmin: Multiple vulnerabilities

9

     Date: April 15, 2019

10

     Bugs: #658742, #672938

11

       ID: 201904-16

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been found in phpMyAdmin, the worst of

19

which could result in the arbitrary execution of code.

20

21

Background

22

==========

23

24

phpMyAdmin is a web-based management tool for MySQL databases.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package              /     Vulnerable     /            Unaffected

31

    -------------------------------------------------------------------

32

  1  dev-db/phpmyadmin            < 4.8.4                    >= 4.8.4 

33

34

Description

35

===========

36

37

Multiple vulnerabilities have been discovered in phpMyAdmin. Please

38

review the CVE identifiers referenced below for details.

39

40

Impact

41

======

42

43

Please review the CVE identifiers referenced below for details.

44

45

Workaround

46

==========

47

48

There is no known workaround at this time.

49

50

Resolution

51

==========

52

53

All phpMyAdmin users should upgrade to the latest version:

54

55

  # emerge --sync

56

  # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.8.4"

57

58

References

59

==========

60

61

[ 1 ] CVE-2018-12613

62

      https://nvd.nist.gov/vuln/detail/CVE-2018-12613

63

[ 2 ] CVE-2018-19968

64

      https://nvd.nist.gov/vuln/detail/CVE-2018-19968

65

[ 3 ] CVE-2018-19969

66

      https://nvd.nist.gov/vuln/detail/CVE-2018-19969

67

[ 4 ] CVE-2018-19970

68

      https://nvd.nist.gov/vuln/detail/CVE-2018-19970

69

70

Availability

71

============

72

73

This GLSA and any updates to it are available for viewing at

74

the Gentoo Security Website:

75

76

 https://security.gentoo.org/glsa/201904-16

77

78

Concerns?

79

=========

80

81

Security is a primary focus of Gentoo Linux and ensuring the

82

confidentiality and security of our users' machines is of utmost

83

importance to us. Any security concerns should be addressed to

84

security@g.o or alternatively, you may file a bug at

85

https://bugs.gentoo.org.

86

87

License

88

=======

89

90

Copyright 2019 Gentoo Foundation, Inc; referenced text

91

belongs to its owner(s).

92

93

The contents of this document are licensed under the

94

Creative Commons - Attribution / Share Alike license.

95

96

https://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce

Attachments

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 201904-16
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	https://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Normal
8	Title: phpMyAdmin: Multiple vulnerabilities
9	Date: April 15, 2019
10	Bugs: #658742, #672938
11	ID: 201904-16
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been found in phpMyAdmin, the worst of
19	which could result in the arbitrary execution of code.
20
21	Background
22	==========
23
24	phpMyAdmin is a web-based management tool for MySQL databases.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 dev-db/phpmyadmin < 4.8.4 >= 4.8.4
33
34	Description
35	===========
36
37	Multiple vulnerabilities have been discovered in phpMyAdmin. Please
38	review the CVE identifiers referenced below for details.
39
40	Impact
41	======
42
43	Please review the CVE identifiers referenced below for details.
44
45	Workaround
46	==========
47
48	There is no known workaround at this time.
49
50	Resolution
51	==========
52
53	All phpMyAdmin users should upgrade to the latest version:
54
55	# emerge --sync
56	# emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.8.4"
57
58	References
59	==========
60
61	[ 1 ] CVE-2018-12613
62	https://nvd.nist.gov/vuln/detail/CVE-2018-12613
63	[ 2 ] CVE-2018-19968
64	https://nvd.nist.gov/vuln/detail/CVE-2018-19968
65	[ 3 ] CVE-2018-19969
66	https://nvd.nist.gov/vuln/detail/CVE-2018-19969
67	[ 4 ] CVE-2018-19970
68	https://nvd.nist.gov/vuln/detail/CVE-2018-19970
69
70	Availability
71	============
72
73	This GLSA and any updates to it are available for viewing at
74	the Gentoo Security Website:
75
76	https://security.gentoo.org/glsa/201904-16
77
78	Concerns?
79	=========
80
81	Security is a primary focus of Gentoo Linux and ensuring the
82	confidentiality and security of our users' machines is of utmost
83	importance to us. Any security concerns should be addressed to
84	security@g.o or alternatively, you may file a bug at
85	https://bugs.gentoo.org.
86
87	License
88	=======
89
90	Copyright 2019 Gentoo Foundation, Inc; referenced text
91	belongs to its owner(s).
92
93	The contents of this document are licensed under the
94	Creative Commons - Attribution / Share Alike license.
95
96	https://creativecommons.org/licenses/by-sa/2.5