+++++++++++++++++++++++++ OTRS Security Advisory 2012-03 OTRS 3.1.11 +++++++++++++++++++++++
Release: OTRS Help Desk 3.1.11
Release date: 16-October-2012
Status: Patch Level Release
SECURITY FIXES:
==============
------------------------------------------------------------------
OTRS Security Advisory 2012-03 <security at otrs.org>
------------------------------------------------------------------
ID: OSA-2012-03
Date: 2012-10-16
Title: XSS vulnerability
Severity: Low (Overall CVSS Score: 3.9)
Affected: OTRS Help Desk 2.4.x, OTRS Help Desk 3.0.x, OTRS Help Desk 3.1.x
Fixed in: OTRS 2.4.15, 3.0.17, 3.1.11
URL: http://www.otrs.com/en/open-source/comm ... y-2012-03/
FULL CVSS v2 VECTOR: AV:N/AC:L/AU:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND
References: CVE-2012-4751, VU#603276
To read the entire Security Advisory please follow this link.
http://www.otrs.com/en/open-source/comm ... y-2012-03/
There will also be Release Notes for the newest versions of OTRS Help Desk, where this vulnerability is fixed and we recommend an update to one of these new versions.
OTRS Security Advisory 2012-03 OTRS 3.1.11
Forum rules
Dont create your support topics here!
Dont create your support topics here!
OTRS Security Advisory 2012-03 OTRS 3.1.11
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Re: OTRS Security Advisory 2012-03 OTRS 3.1.11
after upgrading from 3.1.10 and ran otrs.RebuildConfig.pl
otrs ask me to reinstall the following itsm modules
ITSMCore
ITSMIncidentProblemManagement
ITSMConfigurationManagement
after reinstall everything seems works right but this wasn't said on upgrade instructions
hoping that everything is running fine now
otrs ask me to reinstall the following itsm modules
ITSMCore
ITSMIncidentProblemManagement
ITSMConfigurationManagement
after reinstall everything seems works right but this wasn't said on upgrade instructions
hoping that everything is running fine now
Re: OTRS Security Advisory 2012-03 OTRS 3.1.11
you should alwys check modules after updates
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
Re: OTRS Security Advisory 2012-03 OTRS 3.1.11
It would be fine to mention that modules have to be checked. It is a little confusing to "solve" issues like this on your own because of the reason you dont know if it is the right solution ^^ But thanks! You did a great job!jojo wrote:+++++++++++++++++++++++++ OTRS Security Advisory 2012-03 OTRS 3.1.11 +++++++++++++++++++++++
Release: OTRS Help Desk 3.1.11
Release date: 16-October-2012
Status: Patch Level Release
SECURITY FIXES:
==============
------------------------------------------------------------------
OTRS Security Advisory 2012-03 <security at otrs.org>
------------------------------------------------------------------
ID: OSA-2012-03
Date: 2012-10-16
Title: XSS vulnerability
Severity: Low (Overall CVSS Score: 3.9)
Affected: OTRS Help Desk 2.4.x, OTRS Help Desk 3.0.x, OTRS Help Desk 3.1.x
Fixed in: OTRS 2.4.15, 3.0.17, 3.1.11
URL: http://www.otrs.com/en/open-source/comm ... y-2012-03/
FULL CVSS v2 VECTOR: AV:N/AC:L/AU:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND
References: CVE-2012-4751, VU#603276
To read the entire Security Advisory please follow this link.
http://www.otrs.com/en/open-source/comm ... y-2012-03/
There will also be Release Notes for the newest versions of OTRS Help Desk, where this vulnerability is fixed and we recommend an update to one of these new versions.
Re: OTRS Security Advisory 2012-03 OTRS 3.1.11
this is standard work on all OTRS Updates. So why it should be extra mentioned
"Production": OTRS™ 8, OTRS™ 7, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com
"Testing": ((OTRS Community Edition)) and git Master
Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com