OTRS Security Advisory 2012-03 OTRS 3.1.11

English news about the ticket system and this board
Dont create your support topics here!
Forum rules
Dont create your support topics here!
Locked
jojo
Znuny guru
Posts: 15019
Joined: 26 Jan 2007, 14:50
Znuny Version: Git Master
Contact:

OTRS Security Advisory 2012-03 OTRS 3.1.11

Post by jojo »

+++++++++++++++++++++++++ OTRS Security Advisory 2012-03 OTRS 3.1.11 +++++++++++++++++++++++

Release: OTRS Help Desk 3.1.11
Release date: 16-October-2012
Status: Patch Level Release


SECURITY FIXES:
==============

------------------------------------------------------------------
OTRS Security Advisory 2012-03 <security at otrs.org>
------------------------------------------------------------------
ID: OSA-2012-03
Date: 2012-10-16
Title: XSS vulnerability
Severity: Low (Overall CVSS Score: 3.9)
Affected: OTRS Help Desk 2.4.x, OTRS Help Desk 3.0.x, OTRS Help Desk 3.1.x
Fixed in: OTRS 2.4.15, 3.0.17, 3.1.11
URL: http://www.otrs.com/en/open-source/comm ... y-2012-03/
FULL CVSS v2 VECTOR: AV:N/AC:L/AU:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND
References: CVE-2012-4751, VU#603276

To read the entire Security Advisory please follow this link.

http://www.otrs.com/en/open-source/comm ... y-2012-03/

There will also be Release Notes for the newest versions of OTRS Help Desk, where this vulnerability is fixed and we recommend an update to one of these new versions.
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
al1ta
Znuny newbie
Posts: 1
Joined: 18 Oct 2012, 17:01
Znuny Version: 3.1.11

Re: OTRS Security Advisory 2012-03 OTRS 3.1.11

Post by al1ta »

after upgrading from 3.1.10 and ran otrs.RebuildConfig.pl

otrs ask me to reinstall the following itsm modules

ITSMCore
ITSMIncidentProblemManagement
ITSMConfigurationManagement

after reinstall everything seems works right but this wasn't said on upgrade instructions

hoping that everything is running fine now :lol:
jojo
Znuny guru
Posts: 15019
Joined: 26 Jan 2007, 14:50
Znuny Version: Git Master
Contact:

Re: OTRS Security Advisory 2012-03 OTRS 3.1.11

Post by jojo »

you should alwys check modules after updates
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Migento
Znuny newbie
Posts: 1
Joined: 17 Dec 2012, 17:56
Znuny Version: 20000

Re: OTRS Security Advisory 2012-03 OTRS 3.1.11

Post by Migento »

jojo wrote:+++++++++++++++++++++++++ OTRS Security Advisory 2012-03 OTRS 3.1.11 +++++++++++++++++++++++

Release: OTRS Help Desk 3.1.11
Release date: 16-October-2012
Status: Patch Level Release


SECURITY FIXES:
==============

------------------------------------------------------------------
OTRS Security Advisory 2012-03 <security at otrs.org>
------------------------------------------------------------------
ID: OSA-2012-03
Date: 2012-10-16
Title: XSS vulnerability
Severity: Low (Overall CVSS Score: 3.9)
Affected: OTRS Help Desk 2.4.x, OTRS Help Desk 3.0.x, OTRS Help Desk 3.1.x
Fixed in: OTRS 2.4.15, 3.0.17, 3.1.11
URL: http://www.otrs.com/en/open-source/comm ... y-2012-03/
FULL CVSS v2 VECTOR: AV:N/AC:L/AU:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND
References: CVE-2012-4751, VU#603276

To read the entire Security Advisory please follow this link.

http://www.otrs.com/en/open-source/comm ... y-2012-03/

There will also be Release Notes for the newest versions of OTRS Help Desk, where this vulnerability is fixed and we recommend an update to one of these new versions.
It would be fine to mention that modules have to be checked. It is a little confusing to "solve" issues like this on your own because of the reason you dont know if it is the right solution ^^ But thanks! :) You did a great job!
jojo
Znuny guru
Posts: 15019
Joined: 26 Jan 2007, 14:50
Znuny Version: Git Master
Contact:

Re: OTRS Security Advisory 2012-03 OTRS 3.1.11

Post by jojo »

this is standard work on all OTRS Updates. So why it should be extra mentioned
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Locked