[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200709-18.xml - gentoo-commits

From:	"Raphael Marichez (falco)" <falco@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200709-18.xml
Date:	Sun, 30 Sep 2007 20:31:58
Message-Id:	`E1Ic5Jf-0005aj-FD@stork.gentoo.org`

1

falco       07/09/30 20:23:03

2

3

  Added:                glsa-200709-18.xml

4

  Log:

5

  GLSA 200709-18

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-200709-18.xml

9

10

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200709-18.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200709-18.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-200709-18.xml

14

===================================================================

15

<?xml version="1.0" encoding="utf-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

20

<glsa id="200709-18">

21

  <title>Bugzilla: Multiple vulnerabilities</title>

22

  <synopsis>

23

    Bugzilla contains several vulnerabilities, some of them possibly leading to

24

    the remote execution of arbitrary code.

25

  </synopsis>

26

  <product type="ebuild">bugzilla</product>

27

  <announced>September 30, 2007</announced>

28

  <revised>September 30, 2007: 01</revised>

29

  <bug>190112</bug>

30

  <access>remote</access>

31

  <affected>

32

    <package name="www-apps/bugzilla" auto="yes" arch="*">

33

      <unaffected range="rge">2.20.5</unaffected>

34

      <unaffected range="rge">2.22.3</unaffected>

35

      <unaffected range="ge">3.0.1</unaffected>

36

      <vulnerable range="lt">3.0.1</vulnerable>

37

    </package>

38

  </affected>

39

  <background>

40

<p>

41

    Bugzilla is a web application designed to help with managing software

42

    development.

43

    </p>

44

  </background>

45

  <description>

46

<p>

47

    Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not

48

    properly sanitize the content of the "buildid" parameter when filing

49

    bugs (CVE-2007-4543). The next two vulnerabilities only affect Bugzilla

50

    2.23.3 or later, hence the stable Gentoo Portage tree does not contain

51

    these two vulnerabilities: Loic Minier reported that the

52

    "Email::Send::Sendmail()" function does not properly sanitise "from"

53

    email information before sending it to the "-f" parameter of

54

    /usr/sbin/sendmail (CVE-2007-4538), and Frédéric Buclin discovered

55

    that the XML-RPC interface does not correctly check permissions in the

56

    time-tracking fields (CVE-2007-4539).

57

    </p>

58

  </description>

59

  <impact type="high">

60

<p>

61

    A remote attacker could trigger the "buildid" vulnerability by sending

62

    a specially crafted form to Bugzilla, leading to a persistent XSS, thus

63

    allowing for theft of credentials. With Bugzilla 2.23.3 or later, an

64

    attacker could also execute arbitrary code with the permissions of the

65

    web server by injecting a specially crafted "from" email address and

66

    gain access to normally restricted time-tracking information through

67

    the XML-RPC service.

68

    </p>

69

  </impact>

70

  <workaround>

71

<p>

72

    There is no known workaround at this time.

73

    </p>

74

  </workaround>

75

  <resolution>

76

<p>

77

    All Bugzilla users should upgrade to the latest version:

78

    </p>

79

    <code>

80

    # emerge --sync

81

    # emerge --ask --oneshot --verbose www-apps/bugzilla</code>

82

  </resolution>

83

  <references>

84

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4538">CVE-2007-4538</uri>

85

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4539">CVE-2007-4539</uri>

86

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4543">CVE-2007-4543</uri>

87

  </references>

88

  <metadata tag="requester" timestamp="Wed, 12 Sep 2007 09:19:32 +0000">

89

p-y

90

  </metadata>

91

  <metadata tag="submitter" timestamp="Thu, 13 Sep 2007 16:25:04 +0000">

92

    falco

93

  </metadata>

94

  <metadata tag="bugReady" timestamp="Fri, 14 Sep 2007 08:36:10 +0000">

95

    falco

96

  </metadata>

97

</glsa>

--

102

gentoo-commits@g.o mailing list

1	falco 07/09/30 20:23:03
2
3	Added: glsa-200709-18.xml
4	Log:
5	GLSA 200709-18
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-200709-18.xml
9
10	file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200709-18.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200709-18.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-200709-18.xml
14	===================================================================
15	<?xml version="1.0" encoding="utf-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20	<glsa id="200709-18">
21	<title>Bugzilla: Multiple vulnerabilities</title>
22	<synopsis>
23	Bugzilla contains several vulnerabilities, some of them possibly leading to
24	the remote execution of arbitrary code.
25	</synopsis>
26	<product type="ebuild">bugzilla</product>
27	<announced>September 30, 2007</announced>
28	<revised>September 30, 2007: 01</revised>
29	<bug>190112</bug>
30	<access>remote</access>
31	<affected>
32	<package name="www-apps/bugzilla" auto="yes" arch="*">
33	<unaffected range="rge">2.20.5</unaffected>
34	<unaffected range="rge">2.22.3</unaffected>
35	<unaffected range="ge">3.0.1</unaffected>
36	<vulnerable range="lt">3.0.1</vulnerable>
37	</package>
38	</affected>
39	<background>
40	<p>
41	Bugzilla is a web application designed to help with managing software
42	development.
43	</p>
44	</background>
45	<description>
46	<p>
47	Masahiro Yamada found that from the 2.17.1 version, Bugzilla does not
48	properly sanitize the content of the "buildid" parameter when filing
49	bugs (CVE-2007-4543). The next two vulnerabilities only affect Bugzilla
50	2.23.3 or later, hence the stable Gentoo Portage tree does not contain
51	these two vulnerabilities: Loic Minier reported that the
52	"Email::Send::Sendmail()" function does not properly sanitise "from"
53	email information before sending it to the "-f" parameter of
54	/usr/sbin/sendmail (CVE-2007-4538), and Frédéric Buclin discovered
55	that the XML-RPC interface does not correctly check permissions in the
56	time-tracking fields (CVE-2007-4539).
57	</p>
58	</description>
59	<impact type="high">
60	<p>
61	A remote attacker could trigger the "buildid" vulnerability by sending
62	a specially crafted form to Bugzilla, leading to a persistent XSS, thus
63	allowing for theft of credentials. With Bugzilla 2.23.3 or later, an
64	attacker could also execute arbitrary code with the permissions of the
65	web server by injecting a specially crafted "from" email address and
66	gain access to normally restricted time-tracking information through
67	the XML-RPC service.
68	</p>
69	</impact>
70	<workaround>
71	<p>
72	There is no known workaround at this time.
73	</p>
74	</workaround>
75	<resolution>
76	<p>
77	All Bugzilla users should upgrade to the latest version:
78	</p>
79	<code>
80	# emerge --sync
81	# emerge --ask --oneshot --verbose www-apps/bugzilla</code>
82	</resolution>
83	<references>
84	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4538">CVE-2007-4538</uri>
85	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4539">CVE-2007-4539</uri>
86	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4543">CVE-2007-4543</uri>
87	</references>
88	<metadata tag="requester" timestamp="Wed, 12 Sep 2007 09:19:32 +0000">
89	p-y
90	</metadata>
91	<metadata tag="submitter" timestamp="Thu, 13 Sep 2007 16:25:04 +0000">
92	falco
93	</metadata>
94	<metadata tag="bugReady" timestamp="Fri, 14 Sep 2007 08:36:10 +0000">
95	falco
96	</metadata>
97	</glsa>
98
99
100
101	--
102	gentoo-commits@g.o mailing list

Gentoo Archives: gentoo-commits