Security update for phpMyAdmin SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:2599-1 Final 1 1 2019-12-01T09:13:34Z current 2019-12-01T09:13:34Z 2019-12-01T09:13:34Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for phpMyAdmin This update for phpMyAdmin fixes the following issues: phpMyAdmin was updated to 4.9.2: * CVE-2019-18622: SQL injection in Designer feature (boo#1157614) * Fixes for 'Failed to set session cookie' error * Advisor with MySQL 8.0.3 and newer * Fix PHP deprecation errors * Fix a situation where exporting users after a delete query could remove users * Fix incorrect 'You do not have privileges to manipulate with the users!' warning * Fix copying a database's privileges and several other problems moving columns with MariaDB * Fix for phpMyAdmin not selecting all the values when using shift-click to select during Export The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2019-2599 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DLAGVPQT63KFOAQIHXSRYTV7A76K5KN3/#DLAGVPQT63KFOAQIHXSRYTV7A76K5KN3 E-Mail link for openSUSE-SU-2019:2599-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1157614 SUSE Bug 1157614 https://www.suse.com/security/cve/CVE-2019-18622/ SUSE CVE CVE-2019-18622 page SUSE Package Hub 12 SUSE Package Hub 15 SUSE Package Hub 15 SP1 openSUSE Leap 15.0 openSUSE Leap 15.1 phpMyAdmin-4.9.2-bp151.3.9.1 phpMyAdmin-4.9.2-bp151.3.9.1 as a component of SUSE Package Hub 12 phpMyAdmin-4.9.2-bp151.3.9.1 as a component of SUSE Package Hub 15 phpMyAdmin-4.9.2-bp151.3.9.1 as a component of SUSE Package Hub 15 SP1 phpMyAdmin-4.9.2-bp151.3.9.1 as a component of openSUSE Leap 15.0 phpMyAdmin-4.9.2-bp151.3.9.1 as a component of openSUSE Leap 15.1 An issue was discovered in phpMyAdmin before 4.9.2. A crafted database/table name can be used to trigger a SQL injection attack through the designer feature. CVE-2019-18622 SUSE Package Hub 12:phpMyAdmin-4.9.2-bp151.3.9.1 SUSE Package Hub 15 SP1:phpMyAdmin-4.9.2-bp151.3.9.1 SUSE Package Hub 15:phpMyAdmin-4.9.2-bp151.3.9.1 openSUSE Leap 15.0:phpMyAdmin-4.9.2-bp151.3.9.1 openSUSE Leap 15.1:phpMyAdmin-4.9.2-bp151.3.9.1 moderate 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DLAGVPQT63KFOAQIHXSRYTV7A76K5KN3/#DLAGVPQT63KFOAQIHXSRYTV7A76K5KN3 https://www.suse.com/security/cve/CVE-2019-18622.html CVE-2019-18622 https://bugzilla.suse.com/1157614 SUSE Bug 1157614 https://bugzilla.suse.com/1158801 SUSE Bug 1158801