Update Info


Security update for phpMyAdmin

Type: security
Severity: moderate
Issued: 2019-03-23
This update for phpMyAdmin fixes security issues and bugs.

Security issues addressed in the 4.8.4 release (bsc#1119245):

- CVE-2018-19968: Local file inclusion through transformation feature
- CVE-2018-19969: XSRF/CSRF vulnerability
- CVE-2018-19970: XSS vulnerability in navigation tree

This update also contains the following upstream bug fixes and improvements:

- Ensure that database names with a dot ('.') are handled properly when DisableIS is true
- Fix for message "Error while copying database (pma__column_info)"
- Move operation causes "SELECT * FROM `undefined`" error
- When logging with $cfg['AuthLog'] to syslog, successful login messages were not logged
  when $cfg['AuthLogSuccess'] was true
- Multiple errors and regressions with Designer



  • phpMyAdmin-4.8.4-bp150.3.6.1