|
|
|
| Digg |
|
|
|
The developers of the free bug tracking system, Bugzilla, advise users of older versions to update for security reasons.
Various branches of the Web-based system maintained by the project are affected: one vulnerability allows attackers exploit the "buildid" entry of a form for bug reporting to launch a cross-site scripting attack. Additionally, a call to "Email::Send::Sendmail()" can be exploited to inject malicious code.
Finally, a bug in the Web service interface (XML-RPC) gives a user access the time tracking entries for all reported bugs, even if the user does not have appropriate privileges.
The developers advise users with version 2.20.x or 2.22.x to update to version 2.20.5 or 2.22.3 respectively. Users with version 3.0 or 2.18.x should move to version 3.0.1. More recent versions are not affected by the bugs. Bugzilla offers a download here.
|
|
|
| Special Linux Magazine 3 for 1 Offer |
|---|
|
Get 3 Issues + 3 DVDs for the price of a single issue! Let Linux Magazine's hands-on, technical articles guide you in your daily Linux use. Check out bonus DVDs like Ubuntu, SUSE, or Fedora and save the download. Only available for a limited time. Don't miss out! |
Comments