Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora 22: Advisory on Bugzilla Cross-Site Scripting and Data Leak

fedora
Calendar Grey January 8, 2016
Dist Fedora Esm H88
A recent security patch addresses vulnerabilities related to unvalidated HTML and CSV processing in Bugzilla for Fedora, bolstering system protection.
The following security issues have been discovered in Bugzilla: * Unfiltered HTML injected into a dependency graph could be used to create a cross-site scripting attack

Summary

Bugzilla is a popular bug tracking system used by multiple open source projects

It requires a database engine installed - either MySQL, PostgreSQL or Oracle.

Without one of these database engines (local or remote), Bugzilla will not work

- see the Release Notes for details.

Update Information:

The following security issues have been discovered in Bugzilla: * Unfiltered HTML injected into a dependency graph could be used to create a cross-site scripting attack. * Some web browsers incorrectly parse CSV files as valid JavaScript code which could lead to data leak. This updates fixes these flaws.

Change Log

References

Fedora Update Notification FEDORA-2015-caf3f74321 2016-01-07 23:40:26.815681
Name : bugzilla Product : Fedora 22 Version : 4.4.11 Release : 1.fc22 URL : https://www.bugzilla.org/ Summary : Bug tracking system Description : Bugzilla is a popular bug tracking system used by multiple open source projects It requires a database engine installed - either MySQL, PostgreSQL or Oracle. Without one of these database engines (local or remote), Bugzilla will not work - see the Release Notes for details.

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update bugzilla' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: bugzilla
Product: Fedora 22
Version: 4.4.11
Release: 1.fc22
Summary: Bug tracking system

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here