Dear Community Members,
++++++++++ OTRS Security Advisory 2010-01 OTRS 2.4.8 ++++++++++
Release: OTRS 2.4.8
Status: stable
Code Name: Aitutaki Beach
SECURITY FIXES:
===============
---------------------------------------------------------------
OTRS Security Advisory 2010-02 <security@otrs.org>
---------------------------------------------------------------
ID: OSA-2010-02
Date: 2010-09-15
Title: Multiple XSS and denial of service vulnerabilities
Severity: Less critical
Product: OTRS 2.4.x, OTRS 2.3.x
Fixed in: OTRS 2.4.8, OTRS 2.3.6
URL: http://otrs.org/advisory/OSA-2010-02-en/
CVE: CVE-2010-2080
---------------------------------------------------------------
To read the entire Security Advisory please follow this link:
ENGLISH VERSION:
http://otrs.org/advisory/OSA-2010-02-en/
GERMAN VERSION:
http://otrs.org/advisory/OSA-2010-02-de/
ENHANCEMENTS:
============
* Updated Czech translation, thanks to O2BS.com, s r.o.
Jakub Hanus!
* Updated Portuguese Brazilian translation file, thanks to
Fabricio Luiz Machado!
* Updated Ukrainian language translation, thanks to
Belskii Artem!
* Updated Danish translation, thanks to Jesper Rønnov,
Faaborg-Midtfyn Kommune!
BUG FIXES:
==========
* Bug# 4658 - Can't delete attachment from AdminAttachment
interface.
[ http://bugs.otrs.org/show_bug.cgi?id=4658 ]
* Bug# 4889 - Inline images from Lotus Notes were not displayed
in the ticket zoom.
[ http://bugs.otrs.org/show_bug.cgi?id=4889 ]
* Bug# 4977 - mod_perl was not used on Fedora when using RPM.
[ http://bugs.otrs.org/show_bug.cgi?id=4977 ]
* Bug# 4967 - Object method "new" could not be located by package
error when using Perl 5.10.1.
[ http://bugs.otrs.org/show_bug.cgi?id=4967 ]
* Bug# 5094 - Bulk pending date/time was not applied to tickets.
[ http://bugs.otrs.org/show_bug.cgi?id=5094 ]
* Bug# 5164 - Pending time was not working if agent was located
in a different timezone.
[ http://bugs.otrs.org/show_bug.cgi?id=5164 ]
* Bug# 4786 - AgentTicketCompose ONLY: when assigning a next
state and adding an attachment, the next state was
reseted until the next screen refresh.
[ http://bugs.otrs.org/show_bug.cgi?id=4786 ]
* Bug# 4999 - Cache for customer user was not refreshed when a
preference was updated.
[ http://bugs.otrs.org/show_bug.cgi?id=4999 ]
* Bug# 5242 - New lines were not displayed in HTML notification
mails on Lotus Notes.
[ http://bugs.otrs.org/show_bug.cgi?id=5242 ]
* Bug# 5210 - LinkQuote generated high CPU load when processing
a large volume of data.
[ http://bugs.otrs.org/show_bug.cgi?id=5210 ]
* Bug# 5742 - Outgoing email link detection was not working
properly.
[ http://bugs.otrs.org/show_bug.cgi?id=5742 ]
* Bug# 5132 - New owner validation always asked to set an owner.
[ http://bugs.otrs.org/show_bug.cgi?id=5132 ]
MD5 CHECKSUMS:
==============
70baf24a67c5f248080ad50f0c19d77f
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
9b1f7f877c0d74d9fe70ea2f47c941a6
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
f1202fb4b7f1ed9a368bd16502ceb905
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
629affdf142889f9055d21bbd72016a8
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
6691148e8d0a165b34f2a78688aa4069
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
cbc48ae51c9f5942e076f600b6358898
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
86e6e4016dffc6110e7d2f179fdfb0ec
http://ftp.otrs.org/pub/otrs/RPMS/fedor ... noarch.rpm
c68005e52d4cd0321eb3078b370c58a0
http://ftp.otrs.org/pub/otrs/RPMS/redha ... noarch.rpm
37e88ff3588f9205a40b62c279c6f737
http://ftp.otrs.org/pub/otrs/RPMS/redha ... noarch.rpm
fddab03c46c3705c89b4355f12abb0ac
http://ftp.otrs.org/pub/otrs/otrs-2.4.8.tar.gz
83ce39fbc681f65e1704d464c0423e02
http://ftp.otrs.org/pub/otrs/otrs-2.4.8.tar.bz2
d3ae78a94659431a17c26ef8de55ec19
http://ftp.otrs.org/pub/otrs/otrs-2.4.8.zip
a0272ac3b3602d1af4f78b259968c87e
http://ftp.otrs.org/pub/otrs/otrs-2.4.8 ... -2.3.1.exe
SOFTWARE DOWNLOAD:
===================
Please note that we have relaunched our website http://www.otrs.com.
The software can now be downloaded exclusively
* http://otrs.org/download/
* http://otrs.org/download/#otrs3
* ftp://ftp.otrs.org/pub/otrs/ (Germany/Hamburg)
A complete list of all download mirrors (ftp/http/rsync) is
available at http://otrs.org/download/
YOUR CONTRIBUTION:
===================
* Please send information regarding vulnerabilities in OTRS to
security@otrs.org.
* We kindly ask for your assistance to update the translation
files! The current status can be found here:
http://users.otrs.com/~me/i18n/
FEEDBACK & BUG REPORTING:
=========================
Although OTRS 2.4.8 has been tested before, we appreciate
your contributions. As always, you’re encouraged to tell
us what you think, using this feedback e-Mail: [enjoy at otrs.com]
or by filing a bug in Bugzilla [http://bugs.otrs.org].
--
Hauke Jan Böttcher
Director Marketing
xxx
Norsk-Data-Straße 1
61352 Bad Homburg
Germany
T: +49 (0) 6172 681988 0
F: +49 (0) 9421 56818 18
I: http://www.otrs.com/
Business Location: Bad Homburg
Country Court: Bad Homburg, HRB 10751
VAT ID: DE256610065
Chairman: Burchard Steinbild
Managing Board: André Mindermann (CEO)
---------------------------------------------------------------------
OTRS mailing list: announce - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/announce
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/announce
OTRS Security Advisory 2010-02: OTRS 2.4.8 (Aitutaki Beach)
Forum rules
Dont create your support topics here!
Dont create your support topics here!
-
- Znuny guru
- Posts: 2189
- Joined: 08 Dec 2005, 17:01
- Znuny Version: 5.0.x
- Real Name: André Bauer
- Company: Magix Software GmbH
- Location: Dresden
- Contact:
OTRS Security Advisory 2010-02: OTRS 2.4.8 (Aitutaki Beach)
Prod: Ubuntu Server 16.04 / Zammad 1.2
DO NOT PM ME WITH OTRS RELATED QUESTIONS! ASK IN THE FORUMS!
OtterHub.org
DO NOT PM ME WITH OTRS RELATED QUESTIONS! ASK IN THE FORUMS!
OtterHub.org