Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31357
HistoryNov 03, 2014 - 12:00 a.m.

[ MDVSA-2014:200 ] bugzilla

2014-11-0300:00:00
vulners.com
33
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2014:200
http://www.mandriva.com/en/support/security/

Package : bugzilla
Date : October 21, 2014
Affected: Business Server 1.0

Problem Description:

Updated bugzilla packages fix security vulnerabilities:

If a new comment was marked private to the insider group, and a flag
was set in the same transaction, the comment would be visible to flag
recipients even if they were not in the insider group (CVE-2014-1571).

An attacker creating a new Bugzilla account can override certain
parameters when finalizing the account creation that can lead to the
user being created with a different email address than originally
requested. The overridden login name could be automatically added to
groups based on the group's regular expression setting (CVE-2014-1572).

During an audit of the Bugzilla code base, several places were found
where cross-site scripting exploits could occur which could allow an
attacker to access sensitive information (CVE-2014-1573).

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1571
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1572
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1573
http://advisories.mageia.org/MGASA-2014-0412.html

Updated Packages:

Mandriva Business Server 1/X86_64:
82519cd1ae8e30bd8666177ef6d3ca7a mbs1/x86_64/bugzilla-4.2.11-1.mbs1.noarch.rpm
1125bb52dca150266d3158885046b779 mbs1/x86_64/bugzilla-contrib-4.2.11-1.mbs1.noarch.rpm
599d60fb857f0f7fab476c5601cea828 mbs1/SRPMS/bugzilla-4.2.11-1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFURg3jmqjQ0CJFipgRAopCAJ0a4tEDNGcSpqvuvXXzLSCKMIJxsgCfbE2J
69zUcm+AVnN8HSOcexqodeQ=
=HGiL
-----END PGP SIGNATURE-----

Related

nessus 9
fedora 5
securityvulns 2
openvas 6
freebsd 2
mageia 1
gentoo 1
thn 1
ubuntucve 4
prion 4
checkpoint_advisories 1
cve 4
debiancve 1
nessus
nessus
Bugzilla < 4.0.15 / 4.2.11 / 4.4.6 / 4.5.6 Multiple Vulnerabilities
2014-10-06 00:00:00
FreeBSD : Bugzilla multiple security issues (b6587341-4d88-11e4-aef9-20cf30e32f6d)
2014-10-07 00:00:00
Bugzilla < 4.0.15 / 4.2.11 / 4.4.6 / 4.5.6 Multiple Vulnerabilities
2015-02-09 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: bugzilla-4.4.6-1.fc21
2014-11-01 17:10:00
[SECURITY] Fedora 20 Update: bugzilla-4.2.11-1.fc20
2014-10-22 08:51:49
[SECURITY] Fedora 19 Update: bugzilla-4.2.11-1.fc19
2014-10-22 08:50:36
securityvulns
securityvulns
Security advisory for Bugzilla 4.5.6, 4.4.6, 4.2.11, and 4.0.15
2014-10-14 00:00:00
Web applications security vulnerabilities summary &#40;PHP, ASP, JSP, CGI, Perl&#41;
2014-11-03 00:00:00
openvas
openvas
Fedora Update for bugzilla FEDORA-2014-12530
2014-10-23 00:00:00
Mageia: Security Advisory (MGASA-2014-0412)
2022-01-28 00:00:00
Fedora Update for bugzilla FEDORA-2014-12584
2014-10-23 00:00:00
freebsd
freebsd
Bugzilla multiple security issues
2014-10-06 00:00:00
ikiwiki -- multiple vulnerabilities
2016-12-19 00:00:00
mageia
mageia
Updated bugzilla packages fix security vulnerabilities
2014-10-09 18:39:32
gentoo
gentoo
Bugzilla: Multiple vulnerabilities
2016-07-20 00:00:00
thn
thn
Zero-Day in Bugzilla Exposes Zero-Day Vulnerabilities to Hackers
2014-10-06 22:37:00
ubuntucve
ubuntucve
CVE-2014-1572
2014-10-13 00:00:00
CVE-2014-1573
2014-10-13 00:00:00
CVE-2014-1571
2014-10-13 00:00:00
prion
prion
Cross site scripting
2014-10-13 01:55:00
Design/Logic Flaw
2014-10-13 01:55:00
Design/Logic Flaw
2014-10-13 01:55:00
checkpoint_advisories
checkpoint_advisories
Bugzilla Privilege Escalation - Email Validation Bypass (CVE-2014-1572)
2014-10-02 00:00:00
cve
cve
CVE-2014-1572
2014-10-13 01:55:00
CVE-2014-1573
2014-10-13 01:55:00
CVE-2014-1571
2014-10-13 01:55:00
debiancve
debiancve
CVE-2016-9646
2018-04-13 15:29:00
JSON
Related for SECURITYVULNS:DOC:31357
nessus9fedora5securityvulns2openvas6freebsd2mageia1gentoo1thn1ubuntucve4prion4checkpoint_advisories1cve4debiancve1