Sicherheit: Cross-Site Scripting in php-phpmyadmin-motranslator
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in php-phpmyadmin-motranslator
ID: FEDORA-2018-a1650ed14f
Distribution: Fedora
Plattformen: Fedora 27
Datum: Di, 27. Februar 2018, 00:15
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7260


Fedora Update Notification
2018-02-26 16:53:03.955591

Name : php-phpmyadmin-motranslator
Product : Fedora 27
Version : 4.0
Release : 1.fc27
URL : https://github.com/phpmyadmin/motranslator
Summary : Translation API for PHP using Gettext MO files
Description :
Translation API for PHP using Gettext MO files.


* All strings are stored in memory for fast lookup
* Fast loading of MO files
* Low level API for reading MO files
* Emulation of Gettext API
* No use of eval() for plural equation


* Not suitable for huge MO files which you don't want to store in memory
* Input and output encoding has to match (preferably UTF-8)

Autoloader: /usr/share/php/PhpMyAdmin/MoTranslator/autoload.php

Update Information:

From upstream announcement: **Security fix: phpMyAdmin 4.7.8 is released**
Welcome to phpMyAdmin 4.7.8, a security releaes also containing regular
maintenance bug fixes. The security fix relates to a self-XSS vulnerability in
the central columns feature that is reported as PMASA-2018-1
https://www.phpmyadmin.net/security/PMASA-2018-1/. Thanks to Mayur Udiniya
https://www.linkedin.com/in/mayur-udiniya-09247b129/ for finding and responsibly
disclosing this flaw. We recommend all users upgrade to resolve this security
problem. A complete list of new features and bugs that have been fixed is
available in the ChangeLog file or changelog.php included with this release.
Notable changes since 4.7.7: * Fixed error handling with PHP 7.2 * Fixed
resetting default setting values * Fixed fallback value for collation
connection Additionally, there have been continuous improvements to many of
translations. If you don't see your language or find a problem, you can
contribute too; see https://www.phpmyadmin.net/translate/ for details.

[ 1 ] Bug #1547748 - CVE-2018-7260 phpMyAdmin: XSS in db_central_columns.php

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade php-phpmyadmin-motranslator' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Traut euch!
Neue Nachrichten