OTRS Security Advisory 2012-03 OTRS 3.1.11

English news about OTRS and this board
Dont create your support topics here!
Forum rules
Dont create your support topics here!
jojo
Moderator
Posts: 13901
Joined: 26 Jan 2007, 14:50
OTRS Version?: Git Master
Contact:

OTRS Security Advisory 2012-03 OTRS 3.1.11

Postby jojo » 16 Oct 2012, 10:32

+++++++++++++++++++++++++ OTRS Security Advisory 2012-03 OTRS 3.1.11 +++++++++++++++++++++++

Release: OTRS Help Desk 3.1.11
Release date: 16-October-2012
Status: Patch Level Release


SECURITY FIXES:
==============

------------------------------------------------------------------
OTRS Security Advisory 2012-03 <security at otrs.org>
------------------------------------------------------------------
ID: OSA-2012-03
Date: 2012-10-16
Title: XSS vulnerability
Severity: Low (Overall CVSS Score: 3.9)
Affected: OTRS Help Desk 2.4.x, OTRS Help Desk 3.0.x, OTRS Help Desk 3.1.x
Fixed in: OTRS 2.4.15, 3.0.17, 3.1.11
URL: http://www.otrs.com/en/open-source/comm ... y-2012-03/
FULL CVSS v2 VECTOR: AV:N/AC:L/AU:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND
References: CVE-2012-4751, VU#603276

To read the entire Security Advisory please follow this link.

http://www.otrs.com/en/open-source/comm ... y-2012-03/

There will also be Release Notes for the newest versions of OTRS Help Desk, where this vulnerability is fixed and we recommend an update to one of these new versions.
"Production": OTRS5, OTRS::ITSM5, SIRIOS 2.3
"Testing": OTRS git Master
OS: Ubuntu / Apache2/MySQL 5+

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com

al1ta
OTRS newbie
Posts: 1
Joined: 18 Oct 2012, 17:01
OTRS Version?: 3.1.11

Re: OTRS Security Advisory 2012-03 OTRS 3.1.11

Postby al1ta » 18 Oct 2012, 18:36

after upgrading from 3.1.10 and ran otrs.RebuildConfig.pl

otrs ask me to reinstall the following itsm modules

ITSMCore
ITSMIncidentProblemManagement
ITSMConfigurationManagement

after reinstall everything seems works right but this wasn't said on upgrade instructions

hoping that everything is running fine now :lol:

jojo
Moderator
Posts: 13901
Joined: 26 Jan 2007, 14:50
OTRS Version?: Git Master
Contact:

Re: OTRS Security Advisory 2012-03 OTRS 3.1.11

Postby jojo » 18 Oct 2012, 22:41

you should alwys check modules after updates
"Production": OTRS5, OTRS::ITSM5, SIRIOS 2.3
"Testing": OTRS git Master
OS: Ubuntu / Apache2/MySQL 5+

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com

Migento
OTRS newbie
Posts: 1
Joined: 17 Dec 2012, 17:56
OTRS Version?: 20000

Re: OTRS Security Advisory 2012-03 OTRS 3.1.11

Postby Migento » 17 Dec 2012, 17:59

jojo wrote:+++++++++++++++++++++++++ OTRS Security Advisory 2012-03 OTRS 3.1.11 +++++++++++++++++++++++

Release: OTRS Help Desk 3.1.11
Release date: 16-October-2012
Status: Patch Level Release


SECURITY FIXES:
==============

------------------------------------------------------------------
OTRS Security Advisory 2012-03 <security at otrs.org>
------------------------------------------------------------------
ID: OSA-2012-03
Date: 2012-10-16
Title: XSS vulnerability
Severity: Low (Overall CVSS Score: 3.9)
Affected: OTRS Help Desk 2.4.x, OTRS Help Desk 3.0.x, OTRS Help Desk 3.1.x
Fixed in: OTRS 2.4.15, 3.0.17, 3.1.11
URL: http://www.otrs.com/en/open-source/comm ... y-2012-03/
FULL CVSS v2 VECTOR: AV:N/AC:L/AU:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND
References: CVE-2012-4751, VU#603276

To read the entire Security Advisory please follow this link.

http://www.otrs.com/en/open-source/comm ... y-2012-03/

There will also be Release Notes for the newest versions of OTRS Help Desk, where this vulnerability is fixed and we recommend an update to one of these new versions.


It would be fine to mention that modules have to be checked. It is a little confusing to "solve" issues like this on your own because of the reason you dont know if it is the right solution ^^ But thanks! :) You did a great job!

jojo
Moderator
Posts: 13901
Joined: 26 Jan 2007, 14:50
OTRS Version?: Git Master
Contact:

Re: OTRS Security Advisory 2012-03 OTRS 3.1.11

Postby jojo » 17 Dec 2012, 18:01

this is standard work on all OTRS Updates. So why it should be extra mentioned
"Production": OTRS5, OTRS::ITSM5, SIRIOS 2.3
"Testing": OTRS git Master
OS: Ubuntu / Apache2/MySQL 5+

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com


Return to “OTRS & Forum News”

Who is online

Users browsing this forum: No registered users and 1 guest