Mandriva Linux Security Advisory : bugzilla (MDVSA-2014:169)
Medium Nessus Plugin ID 77648
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated bugzilla packages fix security vulnerabilities :
Adobe does not properly restrict the SWF file format, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks against Bugzilla's JSONP endpoint, possibly obtaining sensitive bug information, via a crafted OBJECT element with SWF content satisfying the character-set requirements of a callback API (CVE-2014-1546).
SolutionUpdate the affected bugzilla and / or bugzilla-contrib packages.