Name: CVE-2009-0486 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0486 Assigned: 20090209 Reference: CONFIRM: http://www.bugzilla.org/security/3.0.7/ Bugzilla 3.2.1, 3.0.7, and 3.3.2, when running under mod_perl, calls the srand function at startup time, which causes Apache children to have the same seed and produce insufficiently random numbers for random tokens, which allows remote attackers to bypass cross-site request forgery (CSRF) protection mechanisms and conduct unauthorized activities as other users.
bugzilla-3.2.2-2.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/bugzilla-3.2.2-2.fc9
bugzilla-3.2.2-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/bugzilla-3.2.2-2.fc10
Fixed via: https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2417 https://admin.fedoraproject.org/updates/F10/FEDORA-2009-2418
bugzilla-3.2.2-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
bugzilla-3.2.2-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.