7 May 2008, 10:46

Vulnerabilities in bug tracking system Bugzilla fixed

The latest update to the widely distributed Bugzilla open source bug tracking system fixes multiple vulnerabilities. In a security advisory the development team report three security holes that could be exploited by attackers to carry out cross-site scripting attacks. These would allow the status of a bug to be changed without the required privileges or the reporter of a bug to be faked.

The bugs affect Bugzilla prior to versions 2.20.6, 2.22.4, 3.0.4 and 3.1.4. Source code packages and patches for specific version branches can be downloaded from the project website. Linux distributors should also be distributing updated packages shortly, which Bugzilla administrators should install as soon as possible.

Also on The H:

Share this article

Vulnerabilities in bug tracking system Bugzilla fixed

Also on The H:

Booting up: Tools and tips for systemd

Kernel Log: Coming in 3.4 (Part 3) - Graphics drivers

Control Centre: The systemd Linux init system

Kernel Log: Coming in 3.4 (Part 2) - Filesystems, storage and drivers

Kernel Log: Coming in 3.4 (Part 1) - Infrastructure

Monopoly madness

What's new in Linux 3.4

A Practical Internet of Things

Microsoft's struggle against bugs

CSI:Internet - Open heart surgery

CSI:Internet - A trip into RAM

The H Update Check

What's new in Linux 3.3

Building a GSM network with open source

CSI:Internet - Controlled from the beyond

Price Insight Top 10 powered by Skinflint

The H

The H open source

The H Security

The H Internet Toolkit