[3.3] phpmyadmin: Multiple issues (CVE-2016-2559, CVE-2016-2560, CVE-2016-2561, CVE-2016-2562)
CVE-2016-2559: XSS vulnerability in SQL parser.
Affected Versions
Versions 4.5.x (prior to 4.5.5.1) are affected.
Upgrade to phpMyAdmin 4.5.5.1 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-10/
CVE-2016-2560: Multiple XSS vulnerabilities.
Affected Versions
Versions 4.0.x (prior to 4.0.10.15), 4.4.x (prior to 4.4.15.5) and 4.5.x (prior to 4.5.5.1) are affected.
Upgrade to phpMyAdmin 4.0.10.15, 4.4.15.4, 4.5.5.1, or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-11/
CVE-2016-2561: Multiple XSS vulnerabilities.
Affected Versions
Versions 4.4.x (prior to 4.4.15.5) and 4.5.x (prior to 4.5.5.1) are affected.
Upgrade to phpMyAdmin 4.4.15.5, 4.5.5.1, or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-12/
CVE-2016-2562: Vulnerability allowing man-in-the-middle attack on API call to GitHub.
Affected Versions
Versions 4.5.x (prior to 4.5.5.1) are affected.
Upgrade to phpMyAdmin 4.5.5.1 or newer.
References:
https://www.phpmyadmin.net/security/PMASA-2016-13/
(from redmine: issue id 5606, created on 2016-05-20, closed on 2016-06-23)
- Relations:
- parent #5605 (closed)
- Changesets:
- Revision 39a6f372 on 2016-06-21T09:43:25Z:
main/phpmyadmin: security upgrade to 4.5.5.1. Fixes #5606
(CVE-2016-2559, CVE-2016-2560, CVE-2016-2561, CVE-2016-2562)