Red Hat Bugzilla – Bug 506885
rt3: privilege to edit 'RT at a Glance' unintentionally granted by "ShowConfigTab" right
Last modified: 2009-06-24 15:32:09 EDT
+++ This bug was initially created as a clone of Bug #506236 +++
New RT upstream versions 3.6.8 and 3.8.4 were released, mentioning following security fix:
The most important fix is that RT now requires the SuperUser
right to edit global RT at a Glance. In all previous 3.8
releases, the "ShowConfigTab" right unintentionally enabled this.
If you have not granted this right to any non-administrative user,
then this issue should not affect you.
Upstream announcements contain patches that can be used with older versions instead of moving to new upstream version.
As a "quick fix", I am going to apply the patch from
to the FC10 and FC11 packages (both currently at rt-3.8.2), because the side-effects of upgrading to rt-3.8.4 currently are not sufficently clear to me and appear as to seems too risky (at least for now).
rt3-3.8.2-8.fc11 has been submitted as an update for Fedora 11.
rt3-3.8.2-8.fc10 has been submitted as an update for Fedora 10.
rt3-3.8.2-8.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
rt3-3.8.2-8.fc11 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.