Bug 1150091 (CVE-2014-1571, CVE-2014-1572, CVE-2014-1573) - CVE-2014-1571 CVE-2014-1572 CVE-2014-1573 bugzilla: security fixes release
Summary: CVE-2014-1571 CVE-2014-1572 CVE-2014-1573 bugzilla: security fixes release
Status: CLOSED UPSTREAM
Alias: CVE-2014-1571, CVE-2014-1572, CVE-2014-1573
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard: impact=moderate,public=20141006,repor...
Keywords: Security
Depends On: 1150092 1150096
Blocks:
TreeView+ depends on / blocked
 
Reported: 2014-10-07 12:19 UTC by Vasyl Kaigorodov
Modified: 2019-06-08 20:12 UTC (History)
3 users (show)

(edit)
Clone Of:
(edit)
Last Closed: 2019-06-08 02:35:10 UTC


Attachments (Terms of Use)

Description Vasyl Kaigorodov 2014-10-07 12:19:05 UTC
Upstream has issued an advisory today (October 6):
http://www.bugzilla.org/security/4.0.14/

Class:       Unauthorized Account Creation
Versions:    2.23.3 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In:    4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: An attacker creating a new Bugzilla account can override certain
             parameters when finalizing the account creation that can lead to the
             user being created with a different email address than originally
             requested. The overridden login name could be automatically added
             to groups based on the group's regular expression setting.
References:  https://bugzilla.mozilla.org/show_bug.cgi?id=1074812
CVE Number:  CVE-2014-1572

Class:       Cross-Site Scripting
Versions:    2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In:    4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: During an audit of the Bugzilla code base, several places
             were found where cross-site scripting exploits could occur which
             could allow an attacker to access sensitive information.
References:  https://bugzilla.mozilla.org/show_bug.cgi?id=1075578
CVE Number:  CVE-2014-1573

Class:       Information Leak
Versions:    2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In:    4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: If a new comment was marked private to the insider group, and a flag
             was set in the same transaction, the comment would be visible to
             flag recipients even if they were not in the insider group.
References:  https://bugzilla.mozilla.org/show_bug.cgi?id=1064140
CVE Number:  CVE-2014-1571

Class:       Social Engineering
Versions:    2.17.1 to 4.0.14, 4.1.1 to 4.2.10, 4.3.1 to 4.4.5, 4.5.1 to 4.5.5
Fixed In:    4.0.15, 4.2.11, 4.4.6, 4.5.6
Description: Search results can be exported as a CSV file which can then be
             imported into external spreadsheet programs. Specially formatted
             field values can be interpreted as formulas which can be executed
             and used to attack a user's computer.
References:  https://bugzilla.mozilla.org/show_bug.cgi?id=1054702

Comment 1 Vasyl Kaigorodov 2014-10-07 12:19:21 UTC
Created bugzilla tracking bugs for this issue:

Affects: fedora-all [bug 1150092]

Comment 2 Vasyl Kaigorodov 2014-10-07 12:28:44 UTC
Created bugzilla tracking bugs for this issue:

Affects: epel-all [bug 1150096]

Comment 3 Tomas Hoger 2014-10-07 12:46:49 UTC
Further details of the CVE-2014-1572 issue:

http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/

Comment 4 Fedora Update System 2014-10-22 08:50:42 UTC
bugzilla-4.2.11-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Fedora Update System 2014-10-22 08:51:54 UTC
bugzilla-4.2.11-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 6 Fedora Update System 2014-11-01 17:09:57 UTC
bugzilla-4.4.6-1.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 7 Product Security DevOps Team 2019-06-08 02:35:10 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.


Note You need to log in before you can comment on or make changes to this bug.