Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 487
Alerts This Week
Warning Icon 1 487

Fedora 23: Critical Bugzilla Email Issue Identified as 2015-15769

fedora
Calendar Grey October 5, 2015
Dist Fedora Esm H88
The recent Bugzilla patch deployed for Fedora 23 rectifies problems linked to faulty login identifiers, effectively tackling email format validation concerns across all maintained iterations.
Security fix for CVE-2015-4499 A security problem was found in supported versions of Bugzilla

Summary

Bugzilla is a popular bug tracking system used by multiple open source projects

It requires a database engine installed - either MySQL, PostgreSQL or Oracle.

Without one of these database engines (local or remote), Bugzilla will not work

- see the Release Notes for details.

Update Information:

Security fix for CVE-2015-4499 A security problem was found in supported versions of Bugzilla. Login names longer than 127 characters can be corrupted, which could lead to the creation of a user account with an unexpected email address. Bugzilla 4.4.10 fixes the issue for the 4.4 branch of Bugzilla.

Change Log

References


[ 1 ] Bug #1262404 - CVE-2015-4499 bugzilla: Email address is not properly validated during registration https://bugzilla.redhat.com/show_bug.cgi?id=1262404

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update bugzilla' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
critical
Lowest
Low
Medium
High
Critical

Name: bugzilla
Product: Fedora 23
Version: 4.4.10
Release: 1.fc23
Summary: Bug tracking system

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.