ich habe mich heute getraut unser OTRS 6.0.30 bis 6.3.4 upzudaten. Das hat ohne Probleme Funktioniert Leider gab es aber ein Problem von Version 6.3.4 auf 6.4 upzudaten. Das ausführen von scripts/MigrateToZnuny6_4.pl gibt Folgendes aus:
Code: Select all
scripts/MigrateToZnuny6_4.pl
Migration started ...
Checking requirements ...
Requirement check for: Check required Perl version ...
Requirement check for: Check required database version ...
Requirement check for: Check database charset ...
Requirement check for: Check required Perl modules ...
Requirement check for: Check if database has been backed up ...
Did you backup the database? [Y]es/[N]o: y
Requirement check for: Upgrade database structure ...
Executing tasks ...
Step 1 of 16: Check required Perl version ...
Step 2 of 16: Check required database version ...
Step 3 of 16: Check database charset ...
Step 4 of 16: Check required Perl modules ...
Step 5 of 16: Check installed CPAN modules for known vulnerabilities ...
Collecting all installed modules. This can take a while...
Archive-Tar (requires 1.92) has 1 advisories
* CPANSA-Archive-Tar-2018-01
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
Affected range: <2.28
CVEs: CVE-2018-12015
References:
https://security-tracker.debian.org/tracker/CVE-2018-12015
https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5
Archive-Zip (requires 1.30) has 1 advisories
* CPANSA-Archive-Zip-2018-01
perl-archive-zip is vulnerable to a directory traversal in Archive::Zip. It was found that the Archive::Zip module did not properly sanitize paths while extracting zip files. An attacker able to provide a specially crafted archive for processing could use this flaw to write or overwrite arbitrary files in the context of the perl interpreter.
Affected range: <1.61
CVEs: CVE-2018-10860
References:
https://security-tracker.debian.org/tracker/CVE-2018-10860
https://github.com/redhotpenguin/perl-Archive-Zip/pull/33
Compress-Raw-Zlib (requires 2.061) has 1 advisories
* CPANSA-Compress-Raw-Zlib-2017-01
Zlib vulnerabilities.
Affected range: <2.075
Fixed range: >=2.075
CVEs: CVE-2016-9843, CVE-2016-9841, CVE-2016-9840, CVE-2016-9842
References:
https://metacpan.org/changes/distribution/Compress-Raw-Zlib
DBD-mysql (requires 4.023) has 7 advisories
* CPANSA-DBD-mysql-2017-02
The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection to a MySQL server. The use-after-free defect was introduced by relying on incorrect Oracle mysql_stmt_close documentation and code examples.
Affected range: <4.044
Fixed range: >=4.044
CVEs: CVE-2017-10788
References:
https://github.com/perl5-dbi/DBD-mysql/issues/120
* CPANSA-DBD-mysql-2017-01
The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via a cleartext-downgrade attack, a related issue to CVE-2015-3152.
Affected range: <4.044
Fixed range: >=4.044
CVEs: CVE-2017-10789
References:
https://github.com/perl5-dbi/DBD-mysql/pull/114
* CPANSA-DBD-mysql-2016-03
Out-of-bounds read.
Affected range: >=2.9003, <4.039
Fixed range: <2.9003, >=4.039
CVEs: CVE-2016-1249
References:
https://github.com/perl5-dbi/DBD-mysql/commit/793b72b1a0baa5070adacaac0e12fd995a6fbabe
* CPANSA-DBD-mysql-2016-02
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
Affected range: <4.037
Fixed range: >=4.037
CVEs: CVE-2016-1246
References:
https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2
http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html
* CPANSA-DBD-mysql-2016-01
Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.
Affected range: <4.034
Fixed range: >=4.034
CVEs: CVE-2015-8949
References:
https://github.com/perl5-dbi/DBD-mysql/commit/cf0aa7751f6ef8445e9310a64b14dc81460ca156
* CPANSA-DBD-mysql-2015-01
There is a vulnerability of type use-after-free affecting DBD::mysql (aka DBD-mysql or the Database Interface (DBI) MySQL driver for Perl) 3.x and 4.x before 4.041 when used with mysql_server_prepare=1.
Affected range: <4.041
Fixed range: >=4.041
CVEs: CVE-2016-1251
References:
https://github.com/perl5-dbi/DBD-mysql/commit/3619c170461a3107a258d1fd2d00ed4832adb1b1
* CPANSA-DBD-mysql-2014-01
Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.
Affected range: <4.028
Fixed range: >=4.028
CVEs: CVE-2014-9906
References:
https://github.com/perl5-dbi/DBD-mysql/commit/a56ae87a4c1c1fead7d09c3653905841ccccf1cc
https://rt.cpan.org/Public/Bug/Display.html?id=97625
DBI (requires 1.627) has 1 advisories
* CPANSA-DBI-2014-01
DBD::File drivers open files from folders other than specifically passed using the f_dir attribute.
Affected range: <1.632
Fixed range: >=1.632
References:
https://metacpan.org/changes/distribution/DBI
https://rt.cpan.org/Public/Bug/Display.html?id=99508
Data-Dumper (requires 2.145) has 1 advisories
* CPANSA-Data-Dumper-2014-01
Infinite recursion.
Affected range: <2.154
Fixed range: >=2.154
CVEs: CVE-2014-4330
References:
https://metacpan.org/changes/distribution/Data-Dumper
Encode (requires 2.51) has 1 advisories
* CPANSA-Encode-2016-01
Loading optional modules from . (current directory).
Affected range: <2.85
Fixed range: >=2.85
CVEs: CVE-2016-1238
References:
https://metacpan.org/changes/distribution/Encode
https://github.com/dankogai/p5-encode/pull/58/commits/12be15d64ce089154c4367dc1842cd0dc0993ec6
File-Path (requires 2.09) has 1 advisories
* CPANSA-File-Path-2017-01
Race condition in the rmtree and remove_tree functions allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic.
Affected range: <2.13
Fixed range: >=2.13
CVEs: CVE-2017-6512
References:
https://metacpan.org/changes/distribution/File-Path
https://github.com/jkeenan/File-Path/commit/e5ef95276ee8ad471c66ee574a5d42552b3a6af2
HTTP-Tiny (requires 0.033) has 1 advisories
* CPANSA-HTTP-Tiny-2016-01
Loading modules from . (current directory).
Affected range: <0.059
Fixed range: >=0.059
CVEs: CVE-2016-1238
References:
https://metacpan.org/changes/distribution/HTTP-Tiny
https://github.com/chansen/p5-http-tiny/commit/b239c95ea7a256cfee9b8848f1bd4d1df6e66444
PathTools (requires 3.40) has 2 advisories
* CPANSA-PathTools-2016-02
Does not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.
Affected range: <3.65
Fixed range: >=3.65
CVEs: CVE-2016-1238
References:
https://metacpan.org/changes/distribution/PathTools
* CPANSA-PathTools-2016-01
Does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Affected range: <3.62
Fixed range: >=3.62
CVEs: CVE-2015-8607
References:
https://metacpan.org/changes/distribution/PathTools
Storable (requires 2.45) has 1 advisories
* CPANSA-Storable-2017-01
Malcrafted storable files or buffers.
Affected range: <3.05
Fixed range: >=3.05
References:
https://metacpan.org/changes/distribution/Storable
https://cxsecurity.com/issue/WLB-2007120031
XML-LibXML (requires 2.0018) has 1 advisories
* CPANSA-XML-LibXML-2015-01
The _clone function does not properly set the expand_entities option, which allows remote attackers to conduct XML external entity (XXE) attacks via crafted XML data to the (1) new or (2) load_xml function.
Affected range: <2.0120
Fixed range: >=2.0120
CVEs: CVE-2015-3451
References:
https://metacpan.org/changes/distribution/XML-LibXML
Total advisories found: 19
WARNING: CPAN::Audit reported that one or more installed CPAN modules have known vulnerabilities (see above). Please note that there might be false positives for distributions patching Perl modules without changing their version number.
Step 6 of 16: Check if database has been backed up ...
Step 7 of 16: Upgrade database structure ...
[Tue Aug 16 22:25:21 2022] MigrateToZnuny6_4.pl: DBD::mysql::db do failed: Cannot add or update a child row: a foreign key constraint fails (`otrs`.`#sql-7bf_6b`, CONSTRAINT `FK_article_flag_article_id_id` FOREIGN KEY (`article_id`) REFERENCES `article` (`id`)) at /opt/otrs/Kernel/System/DB.pm line 471.
ERROR: OTRS-otrs.Console.pl-Dev::Code::CPANAudit-72 Perl: 5.16.3 OS: linux Time: Tue Aug 16 22:25:21 2022
Message: Cannot add or update a child row: a foreign key constraint fails (`otrs`.`#sql-7bf_6b`, CONSTRAINT `FK_article_flag_article_id_id` FOREIGN KEY (`article_id`) REFERENCES `article` (`id`)), SQL: 'EXECUTE FKStatement'
Traceback (9987):
Module: scripts::Migration::Base::ExecuteXMLDBString Line: 394
Module: scripts::Migration::Base::ExecuteXMLDBArray Line: 342
Module: scripts::Migration::Znuny::UpgradeDatabaseStructure::RecreateForeignKeysToArticleTable::_RecreateForeignKeysPointingToArticleTable Line: 69
Module: scripts::Migration::Znuny::UpgradeDatabaseStructure::RecreateForeignKeysToArticleTable::Run Line: 31
Module: scripts::Migration::Znuny::UpgradeDatabaseStructure::Run Line: 81
Module: scripts::Migration::_ExecuteComponent Line: 155
Module: scripts::Migration::Run Line: 67
Module: scripts/MigrateToZnuny6_4.pl Line: 82
ERROR: OTRS-otrs.Console.pl-Dev::Code::CPANAudit-72 Perl: 5.16.3 OS: linux Time: Tue Aug 16 22:25:21 2022
Message: Error during execution of 'EXECUTE FKStatement'!
Traceback (9987):
Module: scripts::Migration::Base::ExecuteXMLDBString Line: 397
Module: scripts::Migration::Base::ExecuteXMLDBArray Line: 342
Module: scripts::Migration::Znuny::UpgradeDatabaseStructure::RecreateForeignKeysToArticleTable::_RecreateForeignKeysPointingToArticleTable Line: 69
Module: scripts::Migration::Znuny::UpgradeDatabaseStructure::RecreateForeignKeysToArticleTable::Run Line: 31
Module: scripts::Migration::Znuny::UpgradeDatabaseStructure::Run Line: 81
Module: scripts::Migration::_ExecuteComponent Line: 155
Module: scripts::Migration::Run Line: 67
Module: scripts/MigrateToZnuny6_4.pl Line: 82
Not possible to complete migration. Check previous messages for more information.
Vielen Dank schon mal!