Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Fedora 22: 2015-15767 Critical Bugzilla Email Validation Issue

fedora
Calendar Grey October 28, 2015
Dist Fedora Esm H88
Patch released for Bugzilla vulnerability in Fedora 22. Resolves issues with corrupt login identifiers and enhances email verification process.
Security fix for CVE-2015-4499 A security problem was found in supported versions of Bugzilla

Summary

Bugzilla is a popular bug tracking system used by multiple open source projects

It requires a database engine installed - either MySQL, PostgreSQL or Oracle.

Without one of these database engines (local or remote), Bugzilla will not work

- see the Release Notes for details.

Update Information:

Security fix for CVE-2015-4499 A security problem was found in supported versions of Bugzilla. Login names longer than 127 characters can be corrupted, which could lead to the creation of a user account with an unexpected email address. Bugzilla 4.4.10 fixes the issue for the 4.4 branch of Bugzilla.

Change Log

References


[ 1 ] Bug #1262404 - CVE-2015-4499 bugzilla: Email address is not properly validated during registration https://bugzilla.redhat.com/show_bug.cgi?id=1262404

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update bugzilla' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: bugzilla
Product: Fedora 22
Version: 4.4.10
Release: 1.fc22
Summary: Bug tracking system

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.