drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in Mantis
Name: |
Mehrere Probleme in Mantis |
|
ID: |
201211-01 |
|
Distribution: |
Gentoo |
|
Plattformen: |
Keine Angabe |
|
Datum: |
Fr, 9. November 2012, 07:07 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4349
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3358
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3357 |
|
Applikationen: |
Mantis Bug Tracker |
|
Originalnachricht |
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig00E7A54285470FF424EE00D3 Content-Type: text/plain; charset=UTF- Content-Transfer-Encoding: quoted-printable
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201211-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: Normal Title: MantisBT: Multiple vulnerabilities Date: November 08, 2012 Bugs: #348761, #381417, #386153, #407121, #420375 ID: 201211-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis ========
Multiple vulnerabilities have been found in MantisBT, the worst of which allowing for local file inclusion.
Background ==========
MantisBT is a PHP/MySQL/Web based bugtracking system.
Affected packages =================
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/mantisbt < 1.2.11 >= 1.2.11 Description ===========
Multiple vulnerabilities have been discovered in MantisBT. Please review the CVE identifiers referenced below for details.
Impact ======
A remote attacker could exploit these vulnerabilities to conduct directory traversal attacks, disclose the contents of local files, inject arbitrary web scripts, obtain sensitive information, bypass authentication and intended access restrictions, or manipulate bugs and attachments.
Workaround ==========
There is no known workaround at this time.
Resolution ==========
All MantisBT users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.2.11"
References ==========
[ 1 ] CVE-2010-3303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3303 [ 2 ] CVE-2010-3763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3763 [ 3 ] CVE-2010-4348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4348 [ 4 ] CVE-2010-4349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4349 [ 5 ] CVE-2010-4350 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4350 [ 6 ] CVE-2011-2938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2938 [ 7 ] CVE-2011-3356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3356 [ 8 ] CVE-2011-3357 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3357 [ 9 ] CVE-2011-3358 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3358 [ 10 ] CVE-2011-3578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3578 [ 11 ] CVE-2011-3755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3755 [ 12 ] CVE-2012-1118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1118 [ 13 ] CVE-2012-1119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1119 [ 14 ] CVE-2012-1120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1120 [ 15 ] CVE-2012-1121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1121 [ 16 ] CVE-2012-1122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1122 [ 17 ] CVE-2012-1123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1123 [ 18 ] CVE-2012-2691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2691 [ 19 ] CVE-2012-2692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2692
Availability ============
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201211-01.xml
Concerns? =========
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License =======
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
--------------enig00E7A54285470FF424EE00D3 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iQIcBAEBCAAGBQJQm4wcAAoJEByNLmvcM7Du2CIQAIHysQNuusaDf8aCqYba25lI nLQs+TNPaHTmRwgJl7zh9it4XMVk0BiDIZ3Ig1P67scpoJt8QZab51ZkOl0zQ6lV DvWMFlIVfWZc0D566dWZYIrGGdY/ZksseuJD2oHVmUW2oY63NCrfklca39vG9EPs OyCW/vEs6ZrI3C2UmYJJdAbMfMju1MiizLALOuknBH0pbzbpJdWrYdXH/FjV/ybr SmEL7rJAyuobD+i5Qz8EWirq5q7iNplvxYzQwLUDoV1pXYuy5AmssxpwmXI5fV+E /tY7VSmhCWtUoDT7bb0KgEuPOEh2J35EumEaPlFvCq7NSSE3xrZgBMSUCRyPIEPK kiIEcPGbXVVoHEPNevX889z+9hLiLaOmbdQED76UhI16x3SDe+xltBMqK9YSrYOD aN52/1cvyIdjGTqcV3oIwPMcUe18o1ij3lNDOF4Ck6cz+FRBHlG7BIcSgiP/Ixi2 HIwdJtKfPziU1DF3fUDGf7ciFmY5g68CtV3qzh0PJoAJ8smcARMMCAy2pDecpMzA hYXwnyGDPX7FIoA0Pi92spjStuBZwj9XS6YuzE5W0hTsZeHpRS7b9+QRlO2B7G5O LMgCpVGWRL6v4LQ+FS0+EP9NuUqmQa6Tb74LhazBGWN9UD2o9EXUfO/1BaOCg3si GxySkaeQsu6DQvelfLj4 =gQ7z -----END PGP SIGNATURE-----
--------------enig00E7A54285470FF424EE00D3--
|
|
|
|