Advisories » MGASA-2018-0173

Updated bugzilla packages fix security vulnerability

Publication date: 19 Mar 2018
Modification date: 19 Mar 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-5123

Description

A CSRF vulnerability in Bugzilla's report.cgi would allow a third-party
site to extract confidential information from a bug the victim had
access to (CVE-2018-5123).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22735
• https://www.bugzilla.org/security/4.4.12/
• https://www.bugzilla.org/releases/5.0.4/
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/P5C2KWZ264F2MRWTJ2AJWMBZX7MOKV4W/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5123

SRPMS

6/core

• bugzilla-5.0.4-1.mga6