Advisories » MGASA-2023-0049

Updated phpmyadmin packages fix security vulnerability

Publication date: 14 Feb 2023
Modification date: 14 Feb 2023
Type: security
Affected Mageia releases : 8

Description

Security fix for an XSS vulnerability in the drag-and-drop upload
functionality (PMASA-2023-01)

Additional bugfixes including -
  issue #17506 Fix error when configuring 2FA without XMLWriter or Imagick
  issue #17519 Fix Export pages not working in certain conditions
  issue #17121 Fix password_hash function incorrectly adding single quotes
  to password before hashing
  issue #17736 Add utf8mb3 as an alias of utf8 on the charset description
  page
  issue #17248 Support the UUID data type for MariaDB >= 10.7
  issue #16042 Fixes malformed downloads when using gzip compression type
  and FireFox browser
  Add `spellcheck="false"` to all password fields and some text fields to
  avoid spell-jacking data leaks
  Fixes for JavaScript errors when using Designer
  Fixes for PHP 8.2 compatibility
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31527
• https://www.phpmyadmin.net/news/2023/2/8/phpmyadmin-4911-and-521-are-released/

SRPMS

8/core

• phpmyadmin-5.2.1-1.mga8