| Summary: | <www-apps/bugzilla-{4.2.9,4.4.4}: Comments Control Characters Spoofing Vulnerability (CVE-2014-1517) | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> | ||||
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | minor | CC: | andrew, creffett, proxy-maint, web-apps | ||||
| Priority: | Normal | ||||||
| Version: | unspecified | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| URL: | https://secunia.com/advisories/58059/ | ||||||
| Whiteboard: | B3 [noglsa] | ||||||
| Package list: | Runtime testing required: | --- | |||||
| Attachments: |
|
||||||
I have tested revbumps for 4.2.9 and 4.4.4 and the appropriate ebuilds (4.2.7 and 4.4.1) work fine with a simple rename. For 4.0.13, there is a dependency change. I have attached an updated ebuild; alternatively, the change to be made is: - dev-perl/Math-Random-ISAAC + dev-perl/Math-Random-Secure creffett can you please commit the updated versions and then request stabilization for 4.2.9 and 4.4.4 (4.0.11 is not stabilized so 4.0.13 does not need to be stabilized). Created attachment 375518 [details]
bugzilla 4.0.13 ebuild
Arches, please test and stabilize: =www-apps/bugzilla-4.2.9 =www-apps/bugzilla-4.4.4 Target arches: amd64 x86. Thanks! amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. Cleanup done. GLSA vote: no. GLSA vote: no. Closing as [noglsa]. CVE-2014-1517 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-1517): The login form in Bugzilla 2.x, 3.x, 4.x before 4.4.3, and 4.5.x before 4.5.3 does not properly handle a correctly authenticated but unintended login attempt, which makes it easier for remote authenticated users to obtain sensitive information by arranging for a victim to login to the attacker's account and then submit a vulnerability report, related to a "login CSRF" issue. |
From ${URL} : Description A vulnerability has been reported in Bugzilla, which can be exploited by malicious users to conduct spoofing attacks. Certain input related to comments is not properly sanitised before being returned to the user. This can be exploited to insert certain control characters within comment text and subsequently e.g. execute arbitrary commands on the user's system by tricking the user into copying and pasting malicious data into a terminal window. The vulnerability is reported in versions prior to 4.0.12, prior to 4.2.8, prior to 4.4.3, and prior to 4.5.3. Solution: Update to version 4.0.12, 4.2.8, 4.4.3, or 4.5.3. Provided and/or discovered by: Manish Goregaokar within a Bugzilla entry. Original Advisory: Bugzilla: http://www.bugzilla.org/security/4.0.11/ Manish Goregaokar: https://bugzilla.mozilla.org/show_bug.cgi?id=968576 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.