phpMyAdmin, availability of security patches?

Discussion in 'ISPConfig 3 Priority Support' started by Taleman, Dec 18, 2018.

Tags:
  1. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Looks like neither Debian 9 nor Ubuntu 18.04 are getting fixes for latest phpMyAdmin security flaws. Neither OS has the latest 4.8 version even in testing or other coming distributions yet.
    Are those latest fixes already added to Debian and Ubuntu previously? I tried to look last weeks happenings, but did not find any mention.
    https://www.phpmyadmin.net/news/2018/12/11/security-fix-phpmyadmin-484-released/
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

  3. till

    till Super Moderator Staff Member ISPConfig Developer

  4. Croydon

    Croydon ISPConfig Developer ISPConfig Developer

    Same for Ubuntu. No active maintaining in either distribution. I'd recommend not to use the system-packages currently.
     
  5. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    at least with ubuntu18 phpmyadmin is broken and does not work with the default-php. You can install phpmyadmin with apt to get the "basics", but you should update the version.
    Code:
    #!/bin/bash
    PHPMYADMIN=4.8.3
    cd /tmp
    wget https://files.phpmyadmin.net/phpMyAdmin/${PHPMYADMIN}/phpMyAdmin-${PHPMYADMIN}-all-languages.zip
    unzip phpMyAdmin-${PHPMYADMIN}-all-languages.zip
    cd phpMyAdmin-${PHPMYADMIN}-all-languages
    cp -R * /usr/share/phpmyadmin
    
     
    Last edited: Dec 19, 2018
  6. Taleman

    Taleman Well-Known Member HowtoForge Supporter

    Is that install script old? It uses 4.8.3 but the new PHP released on Monday is version 4.8.4.
    If you have been running with that since summer, it looks like overwriting the apt-get installed /usr/share/phpmyadmin works. That would be a simple way to get that new phpMyAdmin.
     

Share This Page