OTRS Security Advisory 2010-02: OTRS 2.4.8 (Aitutaki Beach)

English news about the ticket system and this board
Dont create your support topics here!
Forum rules
Dont create your support topics here!
Locked
Andre Bauer
Znuny guru
Posts: 2189
Joined: 08 Dec 2005, 17:01
Znuny Version: 5.0.x
Real Name: André Bauer
Company: Magix Software GmbH
Location: Dresden
Contact:
Contact Andre Bauer

OTRS Security Advisory 2010-02: OTRS 2.4.8 (Aitutaki Beach)

Post by Andre Bauer »

Dear Community Members,

++++++++++ OTRS Security Advisory 2010-01 OTRS 2.4.8 ++++++++++


Release: OTRS 2.4.8
Status: stable
Code Name: Aitutaki Beach


SECURITY FIXES:
===============

---------------------------------------------------------------
OTRS Security Advisory 2010-02 <security@otrs.org>
---------------------------------------------------------------
ID: OSA-2010-02
Date: 2010-09-15
Title: Multiple XSS and denial of service vulnerabilities
Severity: Less critical
Product: OTRS 2.4.x, OTRS 2.3.x
Fixed in: OTRS 2.4.8, OTRS 2.3.6
URL: http://otrs.org/advisory/OSA-2010-02-en/
CVE: CVE-2010-2080
---------------------------------------------------------------

To read the entire Security Advisory please follow this link:

ENGLISH VERSION:

http://otrs.org/advisory/OSA-2010-02-en/

GERMAN VERSION:

http://otrs.org/advisory/OSA-2010-02-de/


ENHANCEMENTS:
============

* Updated Czech translation, thanks to O2BS.com, s r.o.
Jakub Hanus!
* Updated Portuguese Brazilian translation file, thanks to
Fabricio Luiz Machado!
* Updated Ukrainian language translation, thanks to
Belskii Artem!
* Updated Danish translation, thanks to Jesper Rønnov,
Faaborg-Midtfyn Kommune!


BUG FIXES:
==========


* Bug# 4658 - Can't delete attachment from AdminAttachment
interface.
[ http://bugs.otrs.org/show_bug.cgi?id=4658 ]

* Bug# 4889 - Inline images from Lotus Notes were not displayed
in the ticket zoom.
[ http://bugs.otrs.org/show_bug.cgi?id=4889 ]

* Bug# 4977 - mod_perl was not used on Fedora when using RPM.
[ http://bugs.otrs.org/show_bug.cgi?id=4977 ]

* Bug# 4967 - Object method "new" could not be located by package
error when using Perl 5.10.1.
[ http://bugs.otrs.org/show_bug.cgi?id=4967 ]

* Bug# 5094 - Bulk pending date/time was not applied to tickets.
[ http://bugs.otrs.org/show_bug.cgi?id=5094 ]

* Bug# 5164 - Pending time was not working if agent was located
in a different timezone.
[ http://bugs.otrs.org/show_bug.cgi?id=5164 ]

* Bug# 4786 - AgentTicketCompose ONLY: when assigning a next
state and adding an attachment, the next state was
reseted until the next screen refresh.
[ http://bugs.otrs.org/show_bug.cgi?id=4786 ]

* Bug# 4999 - Cache for customer user was not refreshed when a
preference was updated.
[ http://bugs.otrs.org/show_bug.cgi?id=4999 ]

* Bug# 5242 - New lines were not displayed in HTML notification
mails on Lotus Notes.
[ http://bugs.otrs.org/show_bug.cgi?id=5242 ]

* Bug# 5210 - LinkQuote generated high CPU load when processing
a large volume of data.
[ http://bugs.otrs.org/show_bug.cgi?id=5210 ]

* Bug# 5742 - Outgoing email link detection was not working
properly.
[ http://bugs.otrs.org/show_bug.cgi?id=5742 ]

* Bug# 5132 - New owner validation always asked to set an owner.
[ http://bugs.otrs.org/show_bug.cgi?id=5132 ]

MD5 CHECKSUMS:
==============

70baf24a67c5f248080ad50f0c19d77f
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
9b1f7f877c0d74d9fe70ea2f47c941a6
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
f1202fb4b7f1ed9a368bd16502ceb905
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
629affdf142889f9055d21bbd72016a8
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
6691148e8d0a165b34f2a78688aa4069
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
cbc48ae51c9f5942e076f600b6358898
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
86e6e4016dffc6110e7d2f179fdfb0ec
http://ftp.otrs.org/pub/otrs/RPMS/fedor ... noarch.rpm
c68005e52d4cd0321eb3078b370c58a0
http://ftp.otrs.org/pub/otrs/RPMS/redha ... noarch.rpm
37e88ff3588f9205a40b62c279c6f737
http://ftp.otrs.org/pub/otrs/RPMS/redha ... noarch.rpm
fddab03c46c3705c89b4355f12abb0ac
http://ftp.otrs.org/pub/otrs/otrs-2.4.8.tar.gz
83ce39fbc681f65e1704d464c0423e02
http://ftp.otrs.org/pub/otrs/otrs-2.4.8.tar.bz2
d3ae78a94659431a17c26ef8de55ec19
http://ftp.otrs.org/pub/otrs/otrs-2.4.8.zip
a0272ac3b3602d1af4f78b259968c87e
http://ftp.otrs.org/pub/otrs/otrs-2.4.8 ... -2.3.1.exe

SOFTWARE DOWNLOAD:
===================

Please note that we have relaunched our website http://www.otrs.com.
The software can now be downloaded exclusively

* http://otrs.org/download/
* http://otrs.org/download/#otrs3
* ftp://ftp.otrs.org/pub/otrs/ (Germany/Hamburg)

A complete list of all download mirrors (ftp/http/rsync) is
available at http://otrs.org/download/

YOUR CONTRIBUTION:
===================

* Please send information regarding vulnerabilities in OTRS to
security@otrs.org.

* We kindly ask for your assistance to update the translation
files! The current status can be found here:
http://users.otrs.com/~me/i18n/


FEEDBACK & BUG REPORTING:
=========================
Although OTRS 2.4.8 has been tested before, we appreciate
your contributions. As always, you’re encouraged to tell
us what you think, using this feedback e-Mail: [enjoy at otrs.com]
or by filing a bug in Bugzilla [http://bugs.otrs.org].

--


Hauke Jan Böttcher
Director Marketing

xxx
Norsk-Data-Straße 1
61352 Bad Homburg
Germany

T: +49 (0) 6172 681988 0
F: +49 (0) 9421 56818 18
I: http://www.otrs.com/

Business Location: Bad Homburg
Country Court: Bad Homburg, HRB 10751
VAT ID: DE256610065
Chairman: Burchard Steinbild
Managing Board: André Mindermann (CEO)
---------------------------------------------------------------------
OTRS mailing list: announce - Webpage: http://otrs.org/
Archive: http://lists.otrs.org/pipermail/announce
To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/announce
Prod: Ubuntu Server 16.04 / Zammad 1.2

DO NOT PM ME WITH OTRS RELATED QUESTIONS! ASK IN THE FORUMS!

OtterHub.org
Top
Locked

Return to “News”