SUSE Package Hub - openSUSE-2025-81

Update Info

openSUSE-2025-81

Security update for phpMyAdmin

Type: security

Severity: important

Issued: 2025-03-03

Description:

This update for phpMyAdmin fixes the following issues:

Update to version 5.2.2:

- CVE-2025-24530: XSS in the "Check Tables" feature (bsc#1236312).
- CVE-2025-24529: XSS in the "Insert" tab (bsc#1236311).
- CVE-2024-2961: glibc/iconv: out-of-bounds writes when writing escape sequences (bsc#1222992).
- CVE-2023-30536: slim/psr7: improper header validation (bsc#1238159).

References

CVE: CVE-2025-24530
CVE: CVE-2025-24529
CVE: CVE-2024-2961
CVE: CVE-2023-30536
Bugzilla: 1238159 VUL-0: CVE-2023-30536: phpMyAdmin: slim/psr7: improper header validation can lead to application errors or invalid HTTP requests being sent out with a PSR-18 HTTP client
Bugzilla: 1236312 VUL-0: CVE-2025-24530: phpMyAdmin: XSS Vulnerability in phpMyAdmin Check Tables Feature
Bugzilla: 1236311 VUL-0: CVE-2025-24529: phpMyAdmin: XSS in phpMyAdmin Insert Tab
Bugzilla: 1222992 VUL-0: CVE-2024-2961: glibc: iconv() function in the GNU C Library may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set

Packages

phpMyAdmin-5.2.2-bp156.4.3.1