Security Holes: Bugzilla Recommends Update

Aug 27, 2007

The developers of the free bug tracking system, Bugzilla, advise users of older versions to update for security reasons.

Various branches of the Web-based system maintained by the project are affected: one vulnerability allows attackers exploit the "buildid" entry of a form for bug reporting to launch a cross-site scripting attack. Additionally, a call to "Email::Send::Sendmail()" can be exploited to inject malicious code.
Finally, a bug in the Web service interface (XML-RPC) gives a user access the time tracking entries for all reported bugs, even if the user does not have appropriate privileges.

The developers advise users with version 2.20.x or 2.22.x to update to version 2.20.5 or 2.22.3 respectively. Users with version 3.0 or 2.18.x should move to version 3.0.1. More recent versions are not affected by the bugs. Bugzilla offers a download here.

Related content

comments powered by Disqus

Issue 19: Linux Shell Handbook 5th Ed./Special Editions

Buy this issue as a PDF

Digital Issue: Price $15.99
(incl. VAT)

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia