Bugzilla XSS Vulnerability (CVE-2014-1573)

Bugzilla XSS Vulnerability (CVE-2014-1573)

Release date: 2014-10-09
Updated on: 2014-10-09

Affected Systems:
Bugzilla 4.5.1-4.5.5
Bugzilla 4.3.1-4.4.5
Bugzilla 4.1.1-4.2.10
Bugzilla 2.17.1-4.0.14
Unaffected system:
Bugzilla 4.5.6
Bugzilla 4.4.6
Bugzilla 4.2.11
Bugzilla 4.0.15
Description:
CVE (CAN) ID: CVE-2014-1573

Bugzilla is an open-source defect tracking system that manages the entire lifecycle of defects in software development, such as submitting, repairing, and disabling defects. It is widely used in open-source projects, such as Apache Software Foundation, Linux kernel, LibreOffice, OpenOffice, OpenSSH, Eclipse, KDE, GNOME, and various Linux releases.

Bugzilla has a cross-site scripting vulnerability in the code library audit implementation, allowing attackers to obtain sensitive information.

<* Source: Check Point Software Technologies
Simon Green
Byron Jones
James Kettle
Netanel Rubin
Frederic Buclin
Matt Tyson
David Lawrence

Link: http://www.bugzilla.org/security/4.0.14/
*>

Suggestion:
Vendor patch:

Bugzilla
--------
For this reason, Bugzilla has released a Security Bulletin (4.0.14) and corresponding patches:
4.0.14: 4.0.14, 4.2.10, 4.4.5, and 4.5.5 Security Advisory
Link: http://www.bugzilla.org/security/4.0.14/

Patch download: http://www.bugzilla.org/download/

Reference: https://bugzilla.mozilla.org/show_bug.cgi? Id = 1075578

Release of all Bugzilla updates to fix important vulnerabilities

Install Bugzilla 4.2 On Fedora 16

Bugzilla Installation Process

Configure Bugzilla in Debian7 & Ubuntu 13.10

For details about Bugzilla, click here
For Bugzilla: click here

This article permanently updates the link address: