Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in Mantis
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in Mantis
ID: 201211-01
Distribution: Gentoo
Plattformen: Keine Angabe
Datum: Fr, 9. November 2012, 07:07
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1119
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2692
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1122
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3578
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2691
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4349
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2938
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1118
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3763
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3755
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3358
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1123
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3357
Applikationen: Mantis Bug Tracker

Originalnachricht

 
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig00E7A54285470FF424EE00D3
Content-Type: text/plain; charset=UTF-
Content-Transfer-Encoding: quoted-printable

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory                           GLSA 201211-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
                                            http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 Severity: Normal
    Title: MantisBT: Multiple vulnerabilities
     Date: November 08, 2012
     Bugs: #348761, #381417, #386153, #407121, #420375
       ID: 201211-01

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Synopsis
========

Multiple vulnerabilities have been found in MantisBT, the worst of
which allowing for local file inclusion.

Background
==========

MantisBT is a PHP/MySQL/Web based bugtracking system.

Affected packages
=================

    -------------------------------------------------------------------
     Package              /     Vulnerable     /            Unaffected
    -------------------------------------------------------------------
  1  www-apps/mantisbt            < 1.2.11                  >= 1.2.11
Description
===========

Multiple vulnerabilities have been discovered in MantisBT. Please
review the CVE identifiers referenced below for details.

Impact
======

A remote attacker could exploit these vulnerabilities to conduct
directory traversal attacks, disclose the contents of local files,
inject arbitrary web scripts, obtain sensitive information, bypass
authentication and intended access restrictions, or manipulate bugs and
attachments.

Workaround
==========

There is no known workaround at this time.

Resolution
==========

All MantisBT users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.2.11"

References
==========

[  1 ] CVE-2010-3303
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3303
[  2 ] CVE-2010-3763
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3763
[  3 ] CVE-2010-4348
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4348
[  4 ] CVE-2010-4349
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4349
[  5 ] CVE-2010-4350
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4350
[  6 ] CVE-2011-2938
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2938
[  7 ] CVE-2011-3356
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3356
[  8 ] CVE-2011-3357
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3357
[  9 ] CVE-2011-3358
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3358
[ 10 ] CVE-2011-3578
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3578
[ 11 ] CVE-2011-3755
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3755
[ 12 ] CVE-2012-1118
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1118
[ 13 ] CVE-2012-1119
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1119
[ 14 ] CVE-2012-1120
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1120
[ 15 ] CVE-2012-1121
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1121
[ 16 ] CVE-2012-1122
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1122
[ 17 ] CVE-2012-1123
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1123
[ 18 ] CVE-2012-2691
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2691
[ 19 ] CVE-2012-2692
       http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2692

Availability
============

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

 http://security.gentoo.org/glsa/glsa-201211-01.xml

Concerns?
=========

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.

License
=======

Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5



--------------enig00E7A54285470FF424EE00D3
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBCAAGBQJQm4wcAAoJEByNLmvcM7Du2CIQAIHysQNuusaDf8aCqYba25lI
nLQs+TNPaHTmRwgJl7zh9it4XMVk0BiDIZ3Ig1P67scpoJt8QZab51ZkOl0zQ6lV
DvWMFlIVfWZc0D566dWZYIrGGdY/ZksseuJD2oHVmUW2oY63NCrfklca39vG9EPs
OyCW/vEs6ZrI3C2UmYJJdAbMfMju1MiizLALOuknBH0pbzbpJdWrYdXH/FjV/ybr
SmEL7rJAyuobD+i5Qz8EWirq5q7iNplvxYzQwLUDoV1pXYuy5AmssxpwmXI5fV+E
/tY7VSmhCWtUoDT7bb0KgEuPOEh2J35EumEaPlFvCq7NSSE3xrZgBMSUCRyPIEPK
kiIEcPGbXVVoHEPNevX889z+9hLiLaOmbdQED76UhI16x3SDe+xltBMqK9YSrYOD
aN52/1cvyIdjGTqcV3oIwPMcUe18o1ij3lNDOF4Ck6cz+FRBHlG7BIcSgiP/Ixi2
HIwdJtKfPziU1DF3fUDGf7ciFmY5g68CtV3qzh0PJoAJ8smcARMMCAy2pDecpMzA
hYXwnyGDPX7FIoA0Pi92spjStuBZwj9XS6YuzE5W0hTsZeHpRS7b9+QRlO2B7G5O
LMgCpVGWRL6v4LQ+FS0+EP9NuUqmQa6Tb74LhazBGWN9UD2o9EXUfO/1BaOCg3si
GxySkaeQsu6DQvelfLj4
=gQ7z
-----END PGP SIGNATURE-----

--------------enig00E7A54285470FF424EE00D3--
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung