Gentoo Security Advisory GLSA 201211-01 (MantisBT) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 201211-01.

Solution

All MantisBT users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/mantisbt-1.2.11' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201211-01 http://bugs.gentoo.org/show_bug.cgi?id=348761 http://bugs.gentoo.org/show_bug.cgi?id=381417 http://bugs.gentoo.org/show_bug.cgi?id=386153 http://bugs.gentoo.org/show_bug.cgi?id=407121 http://bugs.gentoo.org/show_bug.cgi?id=420375

Insight

Multiple vulnerabilities have been found in MantisBT, the worst of which allowing for local file inclusion.

Severity

Classification

Related Vulnerabilities

Gentoo Security Advisory GLSA 200402-02 (200402-02)
Gentoo Security Advisory GLSA 200404-03 (tcpdump)
Gentoo Security Advisory GLSA 200409-13 (lha)
Gentoo Security Advisory GLSA 200408-21 (cacti)
Gentoo Security Advisory GLSA 200409-15 (Usermin)

Take action and discover your vulnerabilities