Gentoo: GLSA-201211-01: MantisBT: Multiple vulnerabilities
Summary
Multiple vulnerabilities have been discovered in MantisBT. Please review the CVE identifiers referenced below for details.
Resolution
All MantisBT users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.2.11"
References
[ 1 ] CVE-2010-3303 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3303 [ 2 ] CVE-2010-3763 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3763 [ 3 ] CVE-2010-4348 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4348 [ 4 ] CVE-2010-4349 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4349 [ 5 ] CVE-2010-4350 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4350 [ 6 ] CVE-2011-2938 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2938 [ 7 ] CVE-2011-3356 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3356 [ 8 ] CVE-2011-3357 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3357 [ 9 ] CVE-2011-3358 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3358 [ 10 ] CVE-2011-3578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3578 [ 11 ] CVE-2011-3755 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3755 [ 12 ] CVE-2012-1118 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1118 [ 13 ] CVE-2012-1119 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1119 [ 14 ] CVE-2012-1120 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1120 [ 15 ] CVE-2012-1121 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1121 [ 16 ] CVE-2012-1122 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1122 [ 17 ] CVE-2012-1123 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1123 [ 18 ] CVE-2012-2691 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2691 [ 19 ] CVE-2012-2692 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2692
Availability
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/201211-01
Concerns
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
![Dist Gentoo](/images/distros/dist-gentoo.png)
Synopsis
Multiple vulnerabilities have been found in MantisBT, the worst of which allowing for local file inclusion.
Background
MantisBT is a PHP/MySQL/Web based bugtracking system.
Affected Packages
------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/mantisbt < 1.2.11 >= 1.2.11
Impact
===== A remote attacker could exploit these vulnerabilities to conduct directory traversal attacks, disclose the contents of local files, inject arbitrary web scripts, obtain sensitive information, bypass authentication and intended access restrictions, or manipulate bugs and attachments.
Workaround
There is no known workaround at this time.