Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Gentoo: GLSA-201006-19 Moderate: Bugzilla Multiple Threats

gentoo
Calendar Grey June 4, 2010
Dist Gentoo Esm H88
Revise Bugzilla to address several moderate risk vulnerabilities and enhance the security of your Gentoo operating system efficiently.
Bugzilla is prone to multiple medium severity vulnerabilities.

Summary

Multiple vulnerabilities have been reported in Bugzilla. Please review the CVE identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory gentoo medium severity sql injection xss bugzilla csrf

Resolution

All Bugzilla users should upgrade to an unaffected version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/bugzilla-3.2.6"
Bugzilla 2.x and 3.0 have reached their end of life. There will be no more security updates. All Bugzilla 2.x and 3.0 users should update to a supported Bugzilla 3.x version.

References

[ 1 ] CVE-2008-4437 https://www.cve.org/CVERecord?id=CVE-2008-4437 [ 2 ] CVE-2008-6098 https://www.cve.org/CVERecord?id=CVE-2008-6098 [ 3 ] CVE-2009-0481 https://www.cve.org/CVERecord?id=CVE-2009-0481 [ 4 ] CVE-2009-0482 https://www.cve.org/CVERecord?id=CVE-2009-0482 [ 5 ] CVE-2009-0483 https://www.cve.org/CVERecord?id=CVE-2009-0483 [ 6 ] CVE-2009-0484 https://www.cve.org/CVERecord?id=CVE-2009-0484 [ 7 ] CVE-2009-0485 https://www.cve.org/CVERecord?id=CVE-2009-0485 [ 8 ] CVE-2009-0486 https://www.cve.org/CVERecord?id=CVE-2009-0486 [ 9 ] CVE-2009-1213 https://www.cve.org/CVERecord?id=CVE-2009-1213 [ 10 ] CVE-2009-3125 https://www.cve.org/CVERecord?id=CVE-2009-3125 [ 11 ] CVE-2009-3165 https://www.cve.org/CVERecord?id=CVE-2009-3165 [ 12 ] CVE-2009-3166 https://www.cve.org/CVERecord?id=CVE-2009-3166 [ 13 ] CVE-2009-3387 https://www.cve.org/CVERecord?id=CV...

Read the Full Advisory

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201006-19
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: Bugzilla: Multiple vulnerabilities
Date: June 04, 2010
Bugs: #239564, #258592, #264572, #284824, #303437, #303725
ID: 201006-19:02

Topics%20covered

Topics Covered

security advisory gentoo medium severity sql injection xss bugzilla csrf

Synopsis

Bugzilla is prone to multiple medium severity vulnerabilities.

Background

Bugzilla is a bug tracking system from the Mozilla project.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/bugzilla < 3.2.6 >= 3.2.6

Impact

===== A remote attacker might be able to disclose local files, bug information, passwords, and other data under certain circumstances. Furthermore, a remote attacker could conduct SQL injection, Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) attacks via various vectors.

Workaround

There is no known workaround at this time.

Related News

Your message here