Author Topic: phpMyAdmin security update  (Read 151 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
phpMyAdmin security update
« on: December 13, 2018, 11:50:48 PM »
Should I update manually or will it be in a CWP update?

Offline
**
Re: phpMyAdmin security update
« Reply #1 on: December 14, 2018, 01:04:24 AM »
Well, I don't know what security question you are pointing, but security questions are important, and sometimes cannot wait.

I've never tried this before, but you can try this site:
https://blog.bullten.com/centos-web-panel/upgrading-phpmyadmin-in-new-version-of-cwp/

Don't forget to make backups *before*.

Regards,
Netino

Offline
*
Re: phpMyAdmin security update
« Reply #2 on: December 14, 2018, 03:12:46 PM »
https://www.phpmyadmin.net/news/

The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.4. Among other bug fixes, this contains several important security fixes.

The security fixes involve:

Local file inclusion (https://www.phpmyadmin.net/security/PMASA-2018-6/),
XSRF/CSRF vulnerabilities allowing a specially-crafted URL to perform harmful operations (https://www.phpmyadmin.net/security/PMASA-2018-7/), and
an XSS vulnerability in the navigation tree (https://www.phpmyadmin.net/security/PMASA-2018-8/)
In addition to the security fixes, this release also includes these bug fixes and more as part of our regular release cycle:

Issue with changing theme
Ensure that database names with a dot ('.') are handled properly when DisableIS is true
Fix for message "Error while copying database (pma__column_info)"
Move operation causes "SELECT * FROM `undefined`" error
When logging with $cfg['AuthLog'] to syslog, successful login messages were not logged when $cfg['AuthLogSuccess'] was true
Multiple errors and regressions with Designer

To manually update download the package https://www.phpmyadmin.net/downloads/

Rename /usr/local/cwpsrv/var/services/pma/  to /usr/local/cwpsrv/var/services/pmaBAK/

Create a new pma folder ... 

Unzip it and upload to /usr/local/cwpsrv/var/services/pma/

Copy  config.inc.php from the pmaBAK to the new pma folder.

You will get a warning when you first open phpMyAdmin but it shows instructions on how to fix it. Go to any database and open the operations tab. Creates an index I believe.

Delete the pmaBAK folder after testing the new install.
« Last Edit: December 14, 2018, 03:30:24 PM by GTMAN »