Mandriva Linux Security Advisory : bugzilla (MDVSA-2015:030)
Medium Nessus Plugin ID 81196
SynopsisThe remote Mandriva Linux host is missing one or more security updates.
DescriptionUpdated bugzilla packages fix security vulnerability :
Some code in Bugzilla does not properly utilize 3 arguments form for open() and it is possible for an account with editcomponents permissions to inject commands into product names and other attributes (CVE-2014-8630).
SolutionUpdate the affected bugzilla and / or bugzilla-contrib packages.