Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 10 articles for you...
89
security advisoryfedoracriticalFedora 27 Bugzilla Update 2018-1e0e37e148 Critical CSRF Issue
A CSRF vulnerability in Bugzilla's report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to. This security bug has been published as CVE-2018-5123. This updates contains Bugzilla 5.0.4, which fixes the issue.. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-1e0e37e148 2018-03-06 17:17:51.853788 --------------------------------------------------------------------------------Name : bugzilla Product : Fedora 27 Version : 5.0.4 Release : 1.fc27 URL : https://www.bugzilla.org/ Summary : Bug tracking system Description : Bugzilla is a popular bug tracking system used by multiple open source projects It requires a database engine installed - either MySQL, PostgreSQL or Oracle. Without one of these database engines (local or remote), Bugzilla will not work - see the Release Notes for details. --------------------------------------------------------------------------------Update Information: A CSRF vulnerability in Bugzilla's report.cgi would allow a third-party site to extract confidential information from a bug the victim had access to. This security bug has been published as CVE-2018-5123. This updates contains Bugzilla 5.0.4, which fixes the issue. --------------------------------------------------------------------------------References: [ 1 ] Bug #1438957 - icons are missing on bugzilla's front page https://bugzilla.redhat.com/show_bug.cgi?id=1438957 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade bugzilla' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list --
Mar 06, 2018
•Critical
Fedora
91
security advisorygentooprivilege escalationGentoo: GLSA-201607-11 Normal: Bugzilla Privilege Escalation
Multiple vulnerabilities have been found in Bugzilla, the worst of which could lead to the escalation of privileges.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201607-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Bugzilla: Multiple vulnerabilities Date: July 20, 2016 Bugs: #524316, #537448, #560406, #583236 ID: 201607-11 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been found in Bugzilla, the worst of which could lead to the escalation of privileges. Background ========= Bugzilla is the bug-tracking system from the Mozilla project. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/bugzilla < 5.0.3 *> 4.4.12 > = 5.0.3 Description ========== Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. Impact ===== Privileged account holders could execute system level commands, and the new user process could be exploited to allow for the escalation of privileges. Workaround ========= There is no known workaround at this time. Resolution ========= All Bugzilla 4.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/bugzilla-4.4.12" All Bugzilla 5.x users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/bugzilla-5.0.3" References ========= [ 1 ]CVE-2014-1572 https://www.cve.org/CVERecord?id=CVE-2014-1572 [ 2 ] CVE-2014-1573 https://www.cve.org/CVERecord?id=CVE-2014-1573 [ 3 ] CVE-2014-8630 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8630 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201607-11 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Jul 20, 2016
Gentoo
89
security advisorysecurity issuesoftware updateFedora 22: Advisory on Bugzilla Cross-Site Scripting and Data Leak
The following security issues have been discovered in Bugzilla: * Unfiltered HTML injected into a dependency graph could be used to create a cross-site scripting attack. * Some web browsers incorrectly parse CSV files as valid JavaScript code which could lead to data leak. This updates fixes these flaws.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-caf3f74321 2016-01-07 23:40:26.815681 -------------------------------------------------------------------------------- Name : bugzilla Product : Fedora 22 Version : 4.4.11 Release : 1.fc22 URL : https://www.bugzilla.org/ Summary : Bug tracking system Description : Bugzilla is a popular bug tracking system used by multiple open source projects It requires a database engine installed - either MySQL, PostgreSQL or Oracle. Without one of these database engines (local or remote), Bugzilla will not work - see the Release Notes for details. -------------------------------------------------------------------------------- Update Information: The following security issues have been discovered in Bugzilla: * Unfiltered HTML injected into a dependency graph could be used to create a cross-site scripting attack. * Some web browsers incorrectly parse CSV files as valid JavaScript code which could lead to data leak. This updates fixes these flaws. -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update bugzilla' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at -------------------------------------------------------------------------------- _______________________________________________ package-announce mailinglist
Jan 08, 2016
•Important
Fedora
89
security advisoryfedoracross-site scriptingFedora 23 Bugzilla Advisory: Security Fix for XSS and Data Leak
The following security issues have been discovered in Bugzilla: * Unfiltered HTML injected into a dependency graph could be used to create a cross-site scripting attack. * Some web browsers incorrectly parse CSV files as valid JavaScript code which could lead to data leak. This updates fixes these flaws.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-247b517a18 2016-01-07 16:45:29.330088 -------------------------------------------------------------------------------- Name : bugzilla Product : Fedora 23 Version : 4.4.11 Release : 1.fc23 URL : https://www.bugzilla.org/ Summary : Bug tracking system Description : Bugzilla is a popular bug tracking system used by multiple open source projects It requires a database engine installed - either MySQL, PostgreSQL or Oracle. Without one of these database engines (local or remote), Bugzilla will not work - see the Release Notes for details. -------------------------------------------------------------------------------- Update Information: The following security issues have been discovered in Bugzilla: * Unfiltered HTML injected into a dependency graph could be used to create a cross-site scripting attack. * Some web browsers incorrectly parse CSV files as valid JavaScript code which could lead to data leak. This updates fixes these flaws. -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update bugzilla' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailinglist
Jan 07, 2016
•Important
Fedora
89
security advisoryfedoracritical updateFedora 22: 2015-15767 Critical Bugzilla Email Validation Issue
Security fix for CVE-2015-4499 A security problem was found in supported versions of Bugzilla. Login names longer than 127 characters can be corrupted, which could lead to the creation of a user account with an unexpected email address. Bugzilla 4.4.10 fixes the issue for the 4.4 branch of Bugzilla.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-15767 2015-10-28 16:02:18.285831 -------------------------------------------------------------------------------- Name : bugzilla Product : Fedora 22 Version : 4.4.10 Release : 1.fc22 URL : https://www.bugzilla.org/ Summary : Bug tracking system Description : Bugzilla is a popular bug tracking system used by multiple open source projects It requires a database engine installed - either MySQL, PostgreSQL or Oracle. Without one of these database engines (local or remote), Bugzilla will not work - see the Release Notes for details. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-4499 A security problem was found in supported versions of Bugzilla. Login names longer than 127 characters can be corrupted, which could lead to the creation of a user account with an unexpected email address. Bugzilla 4.4.10 fixes the issue for the 4.4 branch of Bugzilla. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262404 - CVE-2015-4499 bugzilla: Email address is not properly validated during registration https://bugzilla.redhat.com/show_bug.cgi?id=1262404 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update bugzilla' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Projectcan be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Oct 28, 2015
•Critical
Fedora
89
security advisoryfedorasoftware updateFedora 21 Bugzilla Update 4.4.10: Critical Email Validation Fix
Security fix for CVE-2015-4499 A security problem was found in supported versions of Bugzilla. Login names longer than 127 characters can be corrupted, which could lead to the creation of a user account with an unexpected email address. Bugzilla 4.4.10 fixes the issue for the 4.4 branch of Bugzilla.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-15768 2015-10-28 16:02:15.250593 -------------------------------------------------------------------------------- Name : bugzilla Product : Fedora 21 Version : 4.4.10 Release : 1.fc21 URL : https://www.bugzilla.org/ Summary : Bug tracking system Description : Bugzilla is a popular bug tracking system used by multiple open source projects It requires a database engine installed - either MySQL, PostgreSQL or Oracle. Without one of these database engines (local or remote), Bugzilla will not work - see the Release Notes for details. -------------------------------------------------------------------------------- Update Information: Security fix for CVE-2015-4499 A security problem was found in supported versions of Bugzilla. Login names longer than 127 characters can be corrupted, which could lead to the creation of a user account with an unexpected email address. Bugzilla 4.4.10 fixes the issue for the 4.4 branch of Bugzilla. -------------------------------------------------------------------------------- References: [ 1 ] Bug #1262404 - CVE-2015-4499 bugzilla: Email address is not properly validated during registration https://bugzilla.redhat.com/show_bug.cgi?id=1262404 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update bugzilla' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Projectcan be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Oct 28, 2015
•Critical
Fedora
198
security advisoryhigh severitysecurity issueArch Linux ASA-201510-4 High Severity Unauthorized Account Issue
The package bugzilla before version 5.0.1-1 is vulnerable to unauthorized account creation. . Arch Linux Security Advisory ASA-201510-4 ======================================== Severity: High Date : 2015-10-08 CVE-ID : CVE-2015-4499 Package : bugzilla Type : unauthorized account creation Remote : Yes Link : https://wiki.archlinux.org/title/CVE Summary ====== The package bugzilla before version 5.0.1-1 is vulnerable to unauthorized account creation. Resolution ========= Upgrade to 5.0.1-1. # pacman -Syu "bugzilla> =5.0.1-1" The problem has been fixed upstream in version 5.0.1. Workaround ========= None. Description ========== Login names (usually an email address) longer than 127 characters are silently truncated in MySQL which could cause the domain name of the email address to be corrupted. An attacker could use this vulnerability to create an account with an email address different from the one originally requested. The login name could then be automatically added to groups based on the group's regular expression setting. This vulnerability has been demonstrated by truncation of an @mozilla.com. address to an @mozilla.com address that resulted in an unauthorized account creation with the default privileges of the mozilla group. Impact ===== A remote attacker is able to obtain default privileges for an arbitrary domain name by placing that name in a substring of an address resulting in unauthorized account creation. References ========= https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4499 https://www.bugzilla.org/security/4.2.14/ https://bugzilla.mozilla.org/show_bug.cgi?id=1202447 https://bugs.archlinux.org/task/46573 . Debian Security Notice DSN-202310-1 addresses a vulnerability in Joomla, allowing for unapproved admin access. Immediate response required.. Arch Linux Security Advisory,Bugzilla Security,Unauthorized Access Bug. . LinuxSecurity.com Team
Oct 08, 2015
ArchLinux
91
security advisorygentooprivilege escalationGentoo: GLSA-202110-05 Important: Bugzilla Privilege Escalation
Multiple vulnerabilities were found in Bugzilla, the worst of which leading to privilege escalation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 21f5d5f72 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Bugzilla: Multiple vulnerabilities Date: October 09, 2011 Bugs: #352781, #380255, #386203 ID: 21f5d5f72 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities were found in Bugzilla, the worst of which leading to privilege escalation. Background ========= Bugzilla is the bug-tracking system from the Mozilla project. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/bugzilla < 3.6.6 > = 3.6.6 Description ========== Multiple vulnerabilities have been discovered in Bugzilla. Please review the CVE identifiers referenced below for details. Impact ===== A remote attacker could conduct cross-site scripting attacks, conduct script insertion and spoofing attacks, hijack the authentication of arbitrary users, inject arbitrary HTTP headers, obtain access to arbitrary accounts, disclose the existence of confidential groups and its names, or inject arbitrary e-mail headers. A local attacker could disclose the contents of temporarfy files for uploaded attachments. Workaround ========= There is no known workaround at this time. Resolution ========= All Bugzilla users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =www-apps/bugzilla-3.6.6" NOTE: This is a legacy GLSA.Updates for all affected architectures are available since August 27, 2011. It is likely that your system is already no longer affected by this issue. References ========= [ 1 ] CVE-2010-2761 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2761 [ 2 ] CVE-2010-3172 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3172 [ 3 ] CVE-2010-3764 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3764 [ 4 ] CVE-2010-4411 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4411 [ 5 ] CVE-2010-4567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4567 [ 6 ] CVE-2010-4568 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4568 [ 7 ] CVE-2010-4569 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4569 [ 8 ] CVE-2010-4570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4570 [ 9 ] CVE-2010-4572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4572 [ 10 ] CVE-2011-0046 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0046 [ 11 ] CVE-2011-0048 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0048 [ 12 ] CVE-2011-2379 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2379 [ 13 ] CVE-2011-2380 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2380 [ 14 ] CVE-2011-2381 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2381 [ 15 ] CVE-2011-2976 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2976 [ 16 ] CVE-2011-2977 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2977 [ 17 ] CVE-2011-2978 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2978 [ 18 ] CVE-2011-2979 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2979 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Oct 10, 2011
•Important
Gentoo
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!