Debian: DSA-2480-1 High: Request Tracker 3.8 Remote Security Flaws
debian
May 24, 2012
Several vulnerabilities were discovered in Request Tracker, an issue tracking system: CVE-2011-2082
Summary
Several vulnerabilities were discovered in Request Tracker, an issue
tracking system:
CVE-2011-2082
The vulnerable-passwords scripts introduced for CVE-2011-0009
failed to correct the password hashes of disabled users.
CVE-2011-2083
Several cross-site scripting issues have been discovered.
CVE-2011-2084
Password hashes could be disclosed by privileged users.
CVE-2011-2085
Several cross-site request forgery vulnerabilities have been
found. If this update breaks your setup, you can restore the old
behaviour by setting $RestrictReferrer to 0.
CVE-2011-4458
The code to support variable envelope return paths allowed the
execution of arbitrary code.
CVE-2011-4459
Disabled groups were not fully accounted as disabled.
CVE-2011-4460
SQL injection vulnerability, only exploitable by privileged users.
For the stable distribution (squeeze), this problem has been fixed in
version 3.8.8-7+squeeze2.
For the unstable distribution (sid), this problem has been fixed in
version 4.0.5-3.
We rec...
PREVIOUS
NEXT
Package: request-tracker3.8
CVE ID: CVE-2011-2082 CVE-2011-2083 CVE-2011-2084 CVE-2011-2085
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!