Bug 1399197 (CVE-2016-4412, CVE-2016-6606, CVE-2016-6607, CVE-2016-6608, CVE-2016-6609, CVE-2016-6610, CVE-2016-6611, CVE-2016-6612, CVE-2016-6613, CVE-2016-6614, CVE-2016-6615, CVE-2016-6616, CVE-2016-6617, CVE-2016-6618, CVE-2016-6619, CVE-2016-6620, CVE-2016-6621, CVE-2016-6622, CVE-2016-6623, CVE-2016-6624, CVE-2016-6625, CVE-2016-6626, CVE-2016-6627, CVE-2016-6628, CVE-2016-6629, CVE-2016-6630, CVE-2016-6631, CVE-2016-6632, CVE-2016-6633, CVE-2016-9847, CVE-2016-9848, CVE-2016-9849, CVE-2016-9850, CVE-2016-9851, CVE-2016-9852, CVE-2016-9853, CVE-2016-9854, CVE-2016-9855, CVE-2016-9856, CVE-2016-9857, CVE-2016-9858, CVE-2016-9859, CVE-2016-9860, CVE-2016-9861, CVE-2016-9862, CVE-2016-9863, CVE-2016-9864, CVE-2016-9865, CVE-2016-9866)

Summary:	phpMyAdmin: Multiple vulnerabilities fixed in 4.0.10.18, 4.4.15.9 and 4.6.5 versions
Product:	[Other] Security Response	Reporter:	Andrej Nemec <anemec>
Component:	vulnerability	Assignee:	Red Hat Product Security <security-response-team>
Status:	CLOSED WONTFIX	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	CC:	redhat-bugzilla, tdawson
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:	impact=moderate,public=20161125,reported=20161125,source=gentoo,fedora-all/phpMyAdmin=affected,epel-all/phpMyAdmin=affected,openshift-1/phpMyAdmin=wontfix
Fixed In Version:	phpMyAdmin 4.0.10.18, phpMyAdmin 4.4.15.9, phpMyAdmin 4.6.5	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2019-06-08 03:02:41 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---
Bug Depends On:	1399198, 1399199
Bug Blocks:

Description Andrej Nemec 2016-11-28 14:26:20 UTC

The phpMyAdmin project is pleased to announce the release of phpMyAdmin versions 4.6.5 (including bug and security fixes), 4.4.15.9 (security fixes), and 4.0.10.18 (security fixes). We recommend all users update their phpMyAdmin installations.

These security fixes are advisories PMASA-2016-57 to PMASA-2016-71

External References:

https://www.phpmyadmin.net/news/2016/11/25/phpmyadmin-401018-44159-and-465-are-released/

Comment 1 Andrej Nemec 2016-11-28 14:27:37 UTC

Created phpMyAdmin tracking bugs for this issue:

Affects: fedora-all [bug 1399198]
Affects: epel-all [bug 1399199]

Comment 2 Andrej Nemec 2016-11-28 15:24:40 UTC

References:

https://www.phpmyadmin.net/security/PMASA-2016-58/
https://www.phpmyadmin.net/security/PMASA-2016-59/
https://www.phpmyadmin.net/security/PMASA-2016-60/
https://www.phpmyadmin.net/security/PMASA-2016-61/
https://www.phpmyadmin.net/security/PMASA-2016-62/
https://www.phpmyadmin.net/security/PMASA-2016-63/
https://www.phpmyadmin.net/security/PMASA-2016-64/
https://www.phpmyadmin.net/security/PMASA-2016-65/
https://www.phpmyadmin.net/security/PMASA-2016-66/
https://www.phpmyadmin.net/security/PMASA-2016-69/
https://www.phpmyadmin.net/security/PMASA-2016-70/
https://www.phpmyadmin.net/security/PMASA-2016-71/

Comment 3 Andrej Nemec 2016-12-13 09:40:30 UTC

Multiple more PMASAs will be fixed by this release.

These are PMASA-2016-29 to PMASA-2016-57. Mitre assigned CVEs for these issues.