phpMyAdmin 4.6.5.1 (2016-11-26) ===============================
A patch-level release fixing two small issues :
an issue affecting a small number of users using $cfg[‘Servers’][$i][‘hide_db’] or $cfg[‘Servers’][$i][‘only_db’].
an issue affecting the create table dialog where the partition selection tool was overzealous and made it difficult to create a new table.
There are also minor improvements to the Czech language file.
phpMyAdmin 4.6.5 (2016-11-25) =============================
A release containing security fixes and bug fixes. Aside from the security improvements, many bugs have been fixed including :
Fix for expanding in navigation pane
Reintroduced a simplified version of PmaAbsoluteUri directive (needed with reverse proxies)
Fix editing of ENUM/SET/DECIMAL field structures
Improvements to the parser
And many, many more. Please see the ChangeLog for full details of bugs fixes.
Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2016-2424eeca35.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(95670);
script_version("3.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2016-4412");
script_xref(name:"FEDORA", value:"2016-2424eeca35");
script_name(english:"Fedora 24 : phpMyAdmin (2016-2424eeca35)");
script_summary(english:"Checks rpm output for the updated package.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Fedora host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"phpMyAdmin 4.6.5.1 (2016-11-26) ===============================
A patch-level release fixing two small issues :
- an issue affecting a small number of users using
$cfg['Servers'][$i]['hide_db'] or
$cfg['Servers'][$i]['only_db'].
- an issue affecting the create table dialog where the
partition selection tool was overzealous and made it
difficult to create a new table.
There are also minor improvements to the Czech language file.
phpMyAdmin 4.6.5 (2016-11-25) =============================
A release containing security fixes and bug fixes. Aside from the
security improvements, many bugs have been fixed including :
- Fix for expanding in navigation pane
- Reintroduced a simplified version of PmaAbsoluteUri
directive (needed with reverse proxies)
- Fix editing of ENUM/SET/DECIMAL field structures
- Improvements to the parser
And many, many more. Please see the ChangeLog for full details of bugs
fixes.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora update system website.
Tenable has attempted to automatically clean and format it as much as
possible without introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://bodhi.fedoraproject.org/updates/FEDORA-2016-2424eeca35"
);
script_set_attribute(
attribute:"solution",
value:"Update the affected phpMyAdmin package."
);
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:P/I:P/A:N");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:phpMyAdmin");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
script_set_attribute(attribute:"vuln_publication_date", value:"2016/12/11");
script_set_attribute(attribute:"patch_publication_date", value:"2016/12/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2016/12/12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Fedora Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
os_ver = os_ver[1];
if (! preg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24", "Fedora " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
flag = 0;
if (rpm_check(release:"FC24", reference:"phpMyAdmin-4.6.5.1-2.fc24")) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "phpMyAdmin");
}
Vendor | Product | Version | CPE |
---|---|---|---|
fedoraproject | fedora | phpmyadmin | p-cpe:/a:fedoraproject:fedora:phpmyadmin |
fedoraproject | fedora | 24 | cpe:/o:fedoraproject:fedora:24 |