Fedora 40 Update: phpMyAdmin-5.2.2-1.fc40
Fedora 40 Update: lemonldap-ng-2.20.2-1.fc40
Fedora 40 Update: expat-2.6.4-1.fc40
Fedora 41 Update: java-21-openjdk-21.0.6.0.7-1.fc41
Fedora 41 Update: lemonldap-ng-2.20.2-1.fc41
Fedora 41 Update: phpMyAdmin-5.2.2-1.fc41
[SECURITY] Fedora 40 Update: phpMyAdmin-5.2.2-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-c17ef0f176
2025-01-31 03:22:59.299527+00:00
--------------------------------------------------------------------------------
Name : phpMyAdmin
Product : Fedora 40
Version : 5.2.2
Release : 1.fc40
URL : https://www.phpmyadmin.net/
Summary : A web interface for MySQL and MariaDB
Description :
phpMyAdmin is a tool written in PHP intended to handle the administration of
MySQL over the Web. Currently it can create and drop databases,
create/drop/alter tables, delete/edit/add fields, execute any SQL statement,
manage keys on fields, manage privileges,export data into various formats and
is available in 50 languages
--------------------------------------------------------------------------------
Update Information:
phpMyAdmin 5.2.2 is released
Welcome to the release of phpMyAdmin version 5.2.2, the "I should have released
this sooner" release. This is primarily a bugfix release but also contains a few
security fixes as noted below.
fix possible security issue in sql-parser which could cause long execution times
that could create a DOS attack (thanks to Maximilian Krög)
fix an XSS vulnerability in the check tables feature (PMASA-2025-1, thanks to
bluebird)
fix an XSS vulnerability in the Insert tab (PMASA-2025-2, thanks to frequent
contributor Kamil Tekiela)
fix possible security issue with library code slim/psr7 (CVE-2023-30536)
fix possible security issue relating to iconv (CVE-2024-2961, PMASA-2025-3)
fix a full path disclosure in the Monitoring tab
issue #18268 Fix UI issue the theme manager is disabled
issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key
issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie
smuggling
issue #18106 Fix renaming database with a view
issue #18120 Fix bug with numerical tables during renaming database
issue #16851 Fix ($cfg['Order']) default column order doesn't have have any
effect since phpMyAdmin 4.2.0
issue #18258 Speed improvements when exporting a database
issue #18769 Improved collations support for MariaDB 10.10
There are many, many more fixes that you can see in the ChangeLog file included
with this release or online
--------------------------------------------------------------------------------
ChangeLog:
* Wed Jan 22 2025 Remi Collet [remi@remirepo.net] - 5.2.2-1
- update to 5.2.2 (2025-01-21, security and bugfix release)
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2328680 - CVE-2023-44270 phpMyAdmin: Improper input validation in PostCSS [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2328680
[ 2 ] Bug #2331101 - CVE-2024-55565 phpMyAdmin: nanoid mishandles non-integer values [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2331101
[ 3 ] Bug #2334290 - CVE-2024-56522 phpMyAdmin: unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2334290
[ 4 ] Bug #2334295 - CVE-2024-56519 phpMyAdmin: setSVGStyles does not sanitize the SVG font-family attribute [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2334295
[ 5 ] Bug #2334299 - CVE-2024-56521 phpMyAdmin: CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely when libcurl is used [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2334299
[ 6 ] Bug #2334343 - CVE-2024-56527 phpMyAdmin: Error function lacks an htmlspecialchars call for the error message. [fedora-40]
https://bugzilla.redhat.com/show_bug.cgi?id=2334343
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-c17ef0f176' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
[SECURITY] Fedora 40 Update: lemonldap-ng-2.20.2-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-07901b1995
2025-01-31 03:22:59.299532+00:00
--------------------------------------------------------------------------------
Name : lemonldap-ng
Product : Fedora 40
Version : 2.20.2
Release : 1.fc40
URL : https://lemonldap-ng.org
Summary : Web Single Sign On (SSO) and Access Management
Description :
LemonLdap::NG is a modular Web-SSO based on Apache::Session modules. It
simplifies the build of a protected area with a few changes in the
application. It manages both authentication and authorization and provides
headers for accounting.
So you can have a full AAA protection for your web space as described below.
--------------------------------------------------------------------------------
Update Information:
[Security][CVE-2024-52948] CSRF on 2FA registration
[Security] Open redirect vulnerability in logout
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 21 2025 Clement Oudot [clem.oudot@gmail.com] - 2.20.2-1
- Update to 2.20.2
* Fri Jan 17 2025 Fedora Release Engineering [releng@fedoraproject.org] - 2.20.1-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_42_Mass_Rebuild
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2339165 - lemonldap-ng-2.20.2 is available
https://bugzilla.redhat.com/show_bug.cgi?id=2339165
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2025-07901b1995' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 40 Update: expat-2.6.4-1.fc40
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-2462a2fc4c
2025-01-31 03:22:59.299470+00:00
--------------------------------------------------------------------------------
Name : expat
Product : Fedora 40
Version : 2.6.4
Release : 1.fc40
URL : https://libexpat.github.io/
Summary : An XML parser library
Description :
This is expat, the C library for parsing XML, written by James Clark. Expat
is a stream oriented XML parser. This means that you register handlers with
the parser prior to starting the parse. These handlers are called when the
parser discovers the associated structures in the document being parsed. A
start tag is an example of the kind of structures for which you may
register handlers.
--------------------------------------------------------------------------------
Update Information:
Rebase to version 2.6.4
--------------------------------------------------------------------------------
ChangeLog:
* Thu Nov 7 2024 Tomas Korbar [tkorbar@redhat.com] - 2.6.4-1
- Rebase to version 2.6.4
- Resolves: CVE-2024-50602
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-2462a2fc4c' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
--
[SECURITY] Fedora 41 Update: java-21-openjdk-21.0.6.0.7-1.fc41
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2025-9f92cbc27f
2025-01-31 03:06:46.145086+00:00
--------------------------------------------------------------------------------
Name : java-21-openjdk
Product : Fedora 41
Version : 21.0.6.0.7
Release : 1.fc41
URL : http://openjdk.java.net/
Summary : OpenJDK 21 Runtime Environment
Description :
The OpenJDK 21 runtime environment.
--------------------------------------------------------------------------------
Update Information:
January CPU 2025
--------------------------------------------------------------------------------
ChangeLog:
* Tue Jan 28 2025 Jiri Vanek [jvanek@redhat.com] - 1:21.0.6.0.7-1
- January CPU 2025
* Tue Jan 28 2025 Jiri Vanek [jvanek@redhat.com] - 1:21.0.5.0.11-4
- Revert "Rebuilt for