Gentoo Security Advisory GLSA 201006-19 (bugzilla) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 201006-19.

Solution

All Bugzilla users should upgrade to an unaffected version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/bugzilla-3.2.6' Bugzilla 2.x and 3.0 have reached their end of life. There will be no more security updates. All Bugzilla 2.x and 3.0 users should update to a supported Bugzilla 3.x version. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201006-19 http://bugs.gentoo.org/show_bug.cgi?id=239564 http://bugs.gentoo.org/show_bug.cgi?id=258592 http://bugs.gentoo.org/show_bug.cgi?id=264572 http://bugs.gentoo.org/show_bug.cgi?id=284824 http://bugs.gentoo.org/show_bug.cgi?id=303437 http://bugs.gentoo.org/show_bug.cgi?id=303725

Insight

Bugzilla is prone to multiple medium severity vulnerabilities.

Severity

Classification

CVE	CVE-2008-4437, CVE-2008-6098, CVE-2009-0481, CVE-2009-0482, CVE-2009-0483, CVE-2009-0484, CVE-2009-0485, CVE-2009-0486, CVE-2009-1213, CVE-2009-3125, CVE-2009-3165, CVE-2009-3166, CVE-2009-3387, CVE-2009-3989

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Take action and discover your vulnerabilities