[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200812-07.xml - gentoo-commits

From:	"Robert Buchholz (rbu)" <rbu@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200812-07.xml
Date:	Tue, 02 Dec 2008 17:54:18
Message-Id:	`E1L7ZRv-0005lr-SH@stork.gentoo.org`

1

rbu         08/12/02 17:54:15

2

3

  Added:                glsa-200812-07.xml

4

  Log:

5

  GLSA 200812-07

6

7

Revision  Changes    Path

8

1.1                  xml/htdocs/security/en/glsa/glsa-200812-07.xml

9

10

file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200812-07.xml?rev=1.1&view=markup

11

plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200812-07.xml?rev=1.1&content-type=text/plain

12

13

Index: glsa-200812-07.xml

14

===================================================================

15

<?xml version="1.0" encoding="utf-8"?>

16

<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>

17

<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

18

<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">

19

20

<glsa id="200812-07">

21

  <title>Mantis: Multiple vulnerabilities</title>

22

  <synopsis>

23

    Multiple vulnerabilities have been discovered in Mantis, the most severe of

24

    which leading to the remote execution of arbitrary code.

25

  </synopsis>

26

  <product type="ebuild">mantisbt</product>

27

  <announced>December 02, 2008</announced>

28

  <revised>December 02, 2008: 01</revised>

29

  <bug>238570</bug>

30

  <bug>241940</bug>

31

  <bug>242722</bug>

32

  <access>remote</access>

33

  <affected>

34

    <package name="www-apps/mantisbt" auto="yes" arch="*">

35

      <unaffected range="ge">1.1.4-r1</unaffected>

36

      <vulnerable range="lt">1.1.4-r1</vulnerable>

37

    </package>

38

  </affected>

39

  <background>

40

<p>

41

    Mantis is a PHP/MySQL/Web based bugtracking system.

42

    </p>

43

  </background>

44

  <description>

45

<p>

46

    Multiple issues have been reported in Mantis:

47

    </p>

48

    <ul>

49

    <li>

50

    EgiX reported that manage_proj_page.php does not correctly sanitize the

51

    sort parameter before passing it to create_function() in

52

    core/utility_api.php (CVE-2008-4687).

53

    </li>

54

    <li>

55

    Privileges of viewers are not sufficiently checked before composing a

56

    link with issue data in the source anchor (CVE-2008-4688).

57

    </li>

58

    <li>

59

    Mantis does not unset the session cookie during logout (CVE-2008-4689).

60

    </li>

61

    <li>

62

    Mantis does not set the secure flag for the session cookie in an HTTPS

63

    session (CVE-2008-3102).

64

    </li>

65

    </ul>

66

  </description>

67

  <impact type="high">

68

<p>

69

    Remote unauthenticated attackers could exploit these vulnerabilities to

70

    execute arbitrary PHP commands, disclose sensitive issue data, or

71

    hijack a user's sessions.

72

    </p>

73

  </impact>

74

  <workaround>

75

<p>

76

    There is no known workaround at this time.

77

    </p>

78

  </workaround>

79

  <resolution>

80

<p>

81

    All Mantis users should upgrade to the latest version:

82

    </p>

83

    <code>

84

    # emerge --sync

85

    # emerge --ask --oneshot --verbose &quot;&gt;=www-apps/mantisbt-1.1.4-r1&quot;</code>

86

  </resolution>

87

  <references>

88

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3102">CVE-2008-3102</uri>

89

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4687">CVE-2008-4687</uri>

90

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4688">CVE-2008-4688</uri>

91

    <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4689">CVE-2008-4689</uri>

92

  </references>

93

  <metadata tag="requester" timestamp="Fri, 31 Oct 2008 21:35:00 +0000">

94

    keytoaster

95

  </metadata>

96

  <metadata tag="submitter" timestamp="Wed, 26 Nov 2008 19:39:16 +0000">

97

rbu

98

  </metadata>

99

  <metadata tag="bugReady" timestamp="Wed, 26 Nov 2008 19:39:31 +0000">

100

rbu

101

  </metadata>

102

</glsa>

1	rbu 08/12/02 17:54:15
2
3	Added: glsa-200812-07.xml
4	Log:
5	GLSA 200812-07
6
7	Revision Changes Path
8	1.1 xml/htdocs/security/en/glsa/glsa-200812-07.xml
9
10	file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200812-07.xml?rev=1.1&view=markup
11	plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200812-07.xml?rev=1.1&content-type=text/plain
12
13	Index: glsa-200812-07.xml
14	===================================================================
15	<?xml version="1.0" encoding="utf-8"?>
16	<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17	<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18	<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20	<glsa id="200812-07">
21	<title>Mantis: Multiple vulnerabilities</title>
22	<synopsis>
23	Multiple vulnerabilities have been discovered in Mantis, the most severe of
24	which leading to the remote execution of arbitrary code.
25	</synopsis>
26	<product type="ebuild">mantisbt</product>
27	<announced>December 02, 2008</announced>
28	<revised>December 02, 2008: 01</revised>
29	<bug>238570</bug>
30	<bug>241940</bug>
31	<bug>242722</bug>
32	<access>remote</access>
33	<affected>
34	<package name="www-apps/mantisbt" auto="yes" arch="*">
35	<unaffected range="ge">1.1.4-r1</unaffected>
36	<vulnerable range="lt">1.1.4-r1</vulnerable>
37	</package>
38	</affected>
39	<background>
40	<p>
41	Mantis is a PHP/MySQL/Web based bugtracking system.
42	</p>
43	</background>
44	<description>
45	<p>
46	Multiple issues have been reported in Mantis:
47	</p>
48	<ul>
49	<li>
50	EgiX reported that manage_proj_page.php does not correctly sanitize the
51	sort parameter before passing it to create_function() in
52	core/utility_api.php (CVE-2008-4687).
53	</li>
54	<li>
55	Privileges of viewers are not sufficiently checked before composing a
56	link with issue data in the source anchor (CVE-2008-4688).
57	</li>
58	<li>
59	Mantis does not unset the session cookie during logout (CVE-2008-4689).
60	</li>
61	<li>
62	Mantis does not set the secure flag for the session cookie in an HTTPS
63	session (CVE-2008-3102).
64	</li>
65	</ul>
66	</description>
67	<impact type="high">
68	<p>
69	Remote unauthenticated attackers could exploit these vulnerabilities to
70	execute arbitrary PHP commands, disclose sensitive issue data, or
71	hijack a user's sessions.
72	</p>
73	</impact>
74	<workaround>
75	<p>
76	There is no known workaround at this time.
77	</p>
78	</workaround>
79	<resolution>
80	<p>
81	All Mantis users should upgrade to the latest version:
82	</p>
83	<code>
84	# emerge --sync
85	# emerge --ask --oneshot --verbose ">=www-apps/mantisbt-1.1.4-r1"</code>
86	</resolution>
87	<references>
88	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3102">CVE-2008-3102</uri>
89	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4687">CVE-2008-4687</uri>
90	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4688">CVE-2008-4688</uri>
91	<uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4689">CVE-2008-4689</uri>
92	</references>
93	<metadata tag="requester" timestamp="Fri, 31 Oct 2008 21:35:00 +0000">
94	keytoaster
95	</metadata>
96	<metadata tag="submitter" timestamp="Wed, 26 Nov 2008 19:39:16 +0000">
97	rbu
98	</metadata>
99	<metadata tag="bugReady" timestamp="Wed, 26 Nov 2008 19:39:31 +0000">
100	rbu
101	</metadata>
102	</glsa>

Gentoo Archives: gentoo-commits