Sicherheit: Cross-Site Scripting in php-phpmyadmin-sql-parser
Aktuelle Meldungen Distributionen
Name: Cross-Site Scripting in php-phpmyadmin-sql-parser
ID: FEDORA-2018-a1650ed14f
Distribution: Fedora
Plattformen: Fedora 27
Datum: Di, 27. Februar 2018, 00:18
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7260
Applikationen: php-phpmyadmin-sql-parser


Fedora Update Notification
2018-02-26 16:53:03.955591

Name : php-phpmyadmin-sql-parser
Product : Fedora 27
Version : 4.2.4
Release : 3.fc27
URL : https://github.com/phpmyadmin/sql-parser
Summary : A validating SQL lexer and parser with a focus on MySQL dialect
Description :
A validating SQL lexer and parser with a focus on MySQL dialect.

This library was originally developed for phpMyAdmin during
the Google Summer of Code 2015.

Autoloader: /usr/share/php/PhpMyAdmin/SqlParser/autoload.php

Update Information:

From upstream announcement: **Security fix: phpMyAdmin 4.7.8 is released**
Welcome to phpMyAdmin 4.7.8, a security releaes also containing regular
maintenance bug fixes. The security fix relates to a self-XSS vulnerability in
the central columns feature that is reported as PMASA-2018-1
https://www.phpmyadmin.net/security/PMASA-2018-1/. Thanks to Mayur Udiniya
https://www.linkedin.com/in/mayur-udiniya-09247b129/ for finding and responsibly
disclosing this flaw. We recommend all users upgrade to resolve this security
problem. A complete list of new features and bugs that have been fixed is
available in the ChangeLog file or changelog.php included with this release.
Notable changes since 4.7.7: * Fixed error handling with PHP 7.2 * Fixed
resetting default setting values * Fixed fallback value for collation
connection Additionally, there have been continuous improvements to many of
translations. If you don't see your language or find a problem, you can
contribute too; see https://www.phpmyadmin.net/translate/ for details.

[ 1 ] Bug #1547748 - CVE-2018-7260 phpMyAdmin: XSS in db_central_columns.php

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade php-phpmyadmin-sql-parser' at the command line.
For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Pro-Linux @Facebook
Neue Nachrichten