Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

Fedora 23 Bugzilla Advisory: Security Fix for XSS and Data Leak

fedora
Calendar Grey January 7, 2016
Dist Fedora Esm H88
Vulnerabilities in Bugzilla for Fedora 23 have been patched in this release, resolving XSS and information exposure vulnerabilities.
The following security issues have been discovered in Bugzilla: * Unfiltered HTML injected into a dependency graph could be used to create a cross-site scripting attack

Summary

Bugzilla is a popular bug tracking system used by multiple open source projects

It requires a database engine installed - either MySQL, PostgreSQL or Oracle.

Without one of these database engines (local or remote), Bugzilla will not work

- see the Release Notes for details.

Update Information:

The following security issues have been discovered in Bugzilla: * Unfiltered HTML injected into a dependency graph could be used to create a cross-site scripting attack. * Some web browsers incorrectly parse CSV files as valid JavaScript code which could lead to data leak. This updates fixes these flaws.

Change Log

References

Fedora Update Notification FEDORA-2015-247b517a18 2016-01-07 16:45:29.330088
Name : bugzilla Product : Fedora 23 Version : 4.4.11 Release : 1.fc23 URL : https://www.bugzilla.org/ Summary : Bug tracking system Description : Bugzilla is a popular bug tracking system used by multiple open source projects It requires a database engine installed - either MySQL, PostgreSQL or Oracle. Without one of these database engines (local or remote), Bugzilla will not work - see the Release Notes for details.

Update Instructions

This update can be installed with the "yum" update program. Use su -c 'yum update bugzilla' at the command line. For more information, refer to "Managing Software with yum", available at .

Severity
important
Lowest
Low
Medium
High
Critical

Name: bugzilla
Product: Fedora 23
Version: 4.4.11
Release: 1.fc23
Summary: Bug tracking system

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here