Ausführen beliebiger Kommandos in Bugzilla
ID: | FEDORA-2015-1713 |
Distribution: | Fedora |
Plattformen: | Fedora 21 |
Datum: | So, 15. Februar 2015, 11:29 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8630 |
Applikationen: | Bugzilla |
Originalnachricht |
|
Name : bugzilla Product : Fedora 21 Version : 4.4.8 Release : 1.fc21.1 URL : http://www.bugzilla.org/ Summary : Bug tracking system Description : Bugzilla is a popular bug tracking system used by multiple open source projects It requires a database engine installed - either MySQL, PostgreSQL or Oracle. Without one of these database engines (local or remote), Bugzilla will not work - see the Release Notes for details. -------------------------------------------------------------------------------- Update Information: This is a security update for Bugzilla which fixes two issues: * A user with editcomponents permissions could possibly inject system commands in product names and possibly other attributes. * Methods from imported modules could possibly be executed using the WebService API. The first issue is tracked as CVE-2014-8630. See https://www.bugzilla.org/security/4.0.15/ for all the details. -------------------------------------------------------------------------------- ChangeLog: * Sat Jan 31 2015 Emmanuel Seyman |