07 May 2008, 09:46

Vulnerabilities in bug tracking system Bugzilla fixed

The latest update to the widely distributed Bugzilla open source bug tracking system fixes multiple vulnerabilities. In a security advisory the development team report three security holes that could be exploited by attackers to carry out cross-site scripting attacks. These would allow the status of a bug to be changed without the required privileges or the reporter of a bug to be faked.

The bugs affect Bugzilla prior to versions 2.20.6, 2.22.4, 3.0.4 and 3.1.4. Source code packages and patches for specific version branches can be downloaded from the project website. Linux distributors should also be distributing updated packages shortly, which Bugzilla administrators should install as soon as possible.

Channels

Services

Vulnerabilities in bug tracking system Bugzilla fixed

Also on The H:

Kernel Log: Coming in 3.10 (Part 4) - Drivers

The trouble with "Business Source"

Kernel Log: Coming in 3.10 (Part 3) - Infrastructure

Whatever happened to Google?

What's new in SUSE Linux Enterprise 11 SP3

What's new in Fedora 19

What's new in Linux 3.10

Free Software post-PRISM

Content Security Policy halts XSS in its tracks

Skype's ominous link checking: Facts and speculation

Password protection for everyone

Two clicks for more privacy

Java EE 7 at a glance

Continuous database migration with Liquibase and Flyway

Unit testing with Node.js

Ruby 2.0 - the 20th birthday present

Linux Mint 15: A better Ubuntu for the desktop

What's new in Linux 3.9

Replacing Google Reader

Attacking TrueCrypt

The H

The H Open

The H Security

The H Developer

The H Internet Toolkit