Advisories » MGASA-2014-0200

Updated bugzilla package fixes CVE-2014-1517

Publication date: 02 May 2014
Modification date: 02 May 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-1517

Description

Updated bugzilla packages fix security vulnerability:

The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before
4.5.3 does not properly handle a correctly authenticated but unintended
login attempt, which makes it easier for remote authenticated users to
obtain sensitive information by arranging for a victim to login to the
attacker's account and then submit a vulnerability report, related to a
"login CSRF" issue (CVE-2014-1517).
                

References

• http://www.bugzilla.org/security/4.0.11/
• http://www.bugzilla.org/releases/4.4.4/release-notes.html
• https://lists.fedoraproject.org/pipermail/package-announce/2014-April/132309.html
• https://bugs.mageia.org/show_bug.cgi?id=10897
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1517

SRPMS

4/core

• bugzilla-4.4.4-1.1.mga4