Gentoo Security Advisory GLSA 201110-03 (bugzilla) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 201110-03.

Solution

All Bugzilla users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/bugzilla-3.6.6' NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 27, 2011. It is likely that your system is already no longer affected by this issue. http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201110-03 http://bugs.gentoo.org/show_bug.cgi?id=352781 http://bugs.gentoo.org/show_bug.cgi?id=380255 http://bugs.gentoo.org/show_bug.cgi?id=386203

Insight

Multiple vulnerabilities were found in Bugzilla, the worst of which leading to privilege escalation.

Severity

Classification

Related Vulnerabilities

Gentoo Security Advisory GLSA 200402-06 (Kernel)
Gentoo Security Advisory GLSA 200404-11 (dev-libs/pwlib)
Gentoo Security Advisory GLSA 200404-08 (automake)
Gentoo Security Advisory GLSA 200408-08 (Cfengine)
Gentoo Security Advisory GLSA 200404-12 (scorched3d)

Take action and discover your vulnerabilities