phpMyAdmin: Multiple vulnerabilities — GLSA 201701-32

Multiple vulnerabilities have been found in phpMyAdmin, the worst of which could lead to arbitrary code execution.

Affected packages

Background

phpMyAdmin is a web-based management tool for MySQL databases.

Description

Multiple vulnerabilities have been discovered in phpMyAdmin. Please review the CVE identifiers referenced below for details.

Impact

A authenticated remote attacker could exploit these vulnerabilities to execute arbitrary PHP Code, inject SQL code, or to conduct Cross-Site Scripting attacks.

In certain configurations, an unauthenticated remote attacker could cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-db/phpmyadmin-4.6.5.1"
 

References

• CVE-2016-4412
• CVE-2016-5097
• CVE-2016-5098
• CVE-2016-5099
• CVE-2016-5701
• CVE-2016-5702
• CVE-2016-5703
• CVE-2016-5704
• CVE-2016-5705
• CVE-2016-5706
• CVE-2016-5730
• CVE-2016-5731
• CVE-2016-5732
• CVE-2016-5733
• CVE-2016-5734
• CVE-2016-5739
• CVE-2016-6606
• CVE-2016-6607
• CVE-2016-6608
• CVE-2016-6609
• CVE-2016-6610
• CVE-2016-6611
• CVE-2016-6612
• CVE-2016-6613
• CVE-2016-6614
• CVE-2016-6615
• CVE-2016-6616
• CVE-2016-6617
• CVE-2016-6618
• CVE-2016-6619
• CVE-2016-6620
• CVE-2016-6622
• CVE-2016-6623
• CVE-2016-6624
• CVE-2016-6625
• CVE-2016-6626
• CVE-2016-6627
• CVE-2016-6628
• CVE-2016-6629
• CVE-2016-6630
• CVE-2016-6631
• CVE-2016-6632
• CVE-2016-6633
• CVE-2016-9847
• CVE-2016-9848
• CVE-2016-9849
• CVE-2016-9850
• CVE-2016-9851
• CVE-2016-9852
• CVE-2016-9853
• CVE-2016-9854
• CVE-2016-9855
• CVE-2016-9856
• CVE-2016-9857
• CVE-2016-9858
• CVE-2016-9859
• CVE-2016-9860
• CVE-2016-9861
• CVE-2016-9862
• CVE-2016-9863
• CVE-2016-9864
• CVE-2016-9865
• CVE-2016-9866

Release date
January 11, 2017

Latest revision
January 11, 2017: 1

Severity
normal

Exploitable
remote

Bugzilla entries

• 586964
• 593582
• 600814