• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Bugzilla Insecure Temporary File Handling Vulnerabilities

Solution:
Conectiva has released an advisory (CLA-2003:653) and fixes to address this issue. See attached advisory for details on obtaining and applying fixes.

The vendor has addressed this issue in Bugzilla 2.16.3 and 2.17.4. Patches may be obtained at the following location:

http://ftp.mozilla.org/pub/webtools/

Full release upgrades and CVS upgrade instructions will be made available here:

http://www.bugzilla.org/download.html


Mozilla Bugzilla 2.16.2

• Conectiva bugzilla-2.16.3-29154U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/bugzilla-2.16.3-29154U90_1c l.i386.rpm


• Conectiva bugzilla-2.16.3-29154U90_1cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/9/SRPMS/bugzilla-2.16.3-29154U90_1 cl.src.rpm


• Conectiva bugzilla-doc-2.16.3-29154U90_1cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/bugzilla-doc-2.16.3-29154U9 0_1cl.i386.rpm


• Conectiva perl-timedate-1.14-27918U90_3cl.i386.rpm
  ftp://atualizacoes.conectiva.com.br/9/RPMS/perl-timedate-1.14-27918U90 _3cl.i386.rpm


• Conectiva perl-timedate-1.14-27918U90_3cl.src.rpm
  ftp://atualizacoes.conectiva.com.br/9/SRPMS/perl-timedate-1.14-27918U9 0_3cl.src.rpm