-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : phpmyadmin Version : 4:4.2.12-2+deb8u5 CVE ID : CVE-2019-6799 Debian Bug : 920823
An information leak issue was discovered in phpMyAdmin. An attacker can read any file on the server that the web server's user can access. This is related to the mysql.allow_local_infile PHP configuration. When the AllowArbitraryServer configuration setting is set to false (default), the attacker needs a local MySQL account. When set to true, the attacker can exploit this with the use of a rogue MySQL server. For Debian 8 "Jessie", this problem has been fixed in version 4:4.2.12-2+deb8u5. We recommend that you upgrade your phpmyadmin packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAlx2ll4ACgkQj/HLbo2J BZ9uwwgAioP4kzTcsHE2yIA4ZdW96aszHsyv8vqReg+ir4MtRodhRvlA/tAszdz2 ov0DThc43uUEGBYCASpUYY8r5lD8EeCLLKkrZwanW4zvNF7m4few4JwfvZoWIMRw PeB1mnkSF7dg0qPC+4OLRuaYgfyMeLSDIVJbmNlFfUYxK/0t1XvqTBUpPupgjPnv uZw8OJzhjdaq5R/FaCR+gs5fD9f3CNy4lKPoGv0MVOCqaMW/2/AqvIEMTkjbNDmp hzQfS/n8k5FPkfev8KfBaWBDn+y78FbZZQ81oqwzK5bRyyU2PMa8SnJldJgITOo7 oq2uNscdwfJnhTpIvbPfxKCrSFJ5kQ== =CJqr -----END PGP SIGNATURE-----
