[SECURITY] [DLA 1821-1] phpmyadmin security update

2019-06-1720:41:59

lists.debian.org

132

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

42.5%

JSON

Package : phpmyadmin
Version : 4:4.2.12-2+deb8u6
CVE ID : CVE-2016-6606 CVE-2016-6607 CVE-2016-6611 CVE-2016-6612
CVE-2016-6613 CVE-2016-6624 CVE-2016-6626 CVE-2016-6627
CVE-2016-6628 CVE-2016-6630 CVE-2016-6631 CVE-2016-6632
CVE-2016-9849 CVE-2016-9850 CVE-2016-9861 CVE-2016-9864
CVE-2019-12616
Debian Bug : 930017

Multiple security vulnerabilities were fixed in phpmyadmin, a MySQL web
administration tool, which prevent possible SQL injection attacks, CSRF,
the bypass of user restrictions, information disclosure or
denial-of-service.

For Debian 8 "Jessie", these problems have been fixed in version
4:4.2.12-2+deb8u6.

We recommend that you upgrade your phpmyadmin packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

OSVersionArchitecturePackageVersionFilename
Debian7allphpmyadmin< 4:3.4.11.1-2+deb7u6phpmyadmin_4:3.4.11.1-2+deb7u6_all.deb
Debian8allphpmyadmin< 4:4.2.12-2+deb8u6phpmyadmin_4:4.2.12-2+deb8u6_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	all	phpmyadmin	< 4:3.4.11.1-2+deb7u6	phpmyadmin_4:3.4.11.1-2+deb7u6_all.deb
Debian	8	all	phpmyadmin	< 4:4.2.12-2+deb8u6	phpmyadmin_4:4.2.12-2+deb8u6_all.deb