Dear Community Members,
++++++++++ OTRS Security Advisory 2010-03 OTRS 2.4.9 ++++++++++
Release: OTRS 2.4.9
Status: stable
Code Name: Aitutaki Beach
SECURITY FIXES:
===============
---------------------------------------------------------------
OTRS Security Advisory 2010-03 <security@otrs.org>
---------------------------------------------------------------
ID: OSA-2010-03
Date: 2010-10-25
Title: AgentTicketZoom is vulnerable to XSS attacks from
HTML e-mails
Severity: Less critical
Product: OTRS 2.4.x
Fixed in: OTRS 2.4.9
URL: http://otrs.org/advisory/OSA-2010-03-en/
---------------------------------------------------------------
To read the entire Security Advisory please follow this link:
http://otrs.org/advisory/OSA-2010-03-en/
BUG FIXES:
==========
* Bug#6016 - AgentTicketZoom is vunerable to XSS attacks from HTML
e-mails.
[ http://bugs.otrs.org/show_bug.cgi?id=6016 ]
* Bug#5903 - E-mail notification links don't contain <a href…
tags.
[ http://bugs.otrs.org/show_bug.cgi?id=5903 ]
* Bug#6030 - Event notifications get's fired several times on
event "TicketFreeTextUpdate".
[ http://bugs.otrs.org/show_bug.cgi?id=6030 ]
* Bug#5941 - Error in Apache log occured when no tickets and/or
customers are in the dashboard.
[ http://bugs.otrs.org/show_bug.cgi?id=5941 ]
* Bug#5541 - Dashboard Chart generates error in webserver log.
[ http://bugs.otrs.org/show_bug.cgi?id=5541 ]
* Bug#5462 - Kernel::System::Ticket::TicketEscalationIndexBuild()
does not invalidate the cache.
[ http://bugs.otrs.org/show_bug.cgi?id=5462 ]
* Bug#5667 - Rich Text is not working in ipad. It's not possible
to add a note or close a ticket.
[ http://bugs.otrs.org/show_bug.cgi?id=5667 ]
* Bug#5266 - Ticket Zoom shows wrong html content if there is no
text but two html attachments in there.
[ http://bugs.otrs.org/show_bug.cgi?id=5266 ]
MD5 CHECKSUMS:
==============
2fcf15fe8a7e7413dd8aa69d0a7420e7
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
0d7d3197f0de75c36be59ddffc6cf7e7
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
a553feacc4f5a99fa6187d18a271d743
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
967b68a167f1024016a13ff09ef3ec6d
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
3a1056434ab487c29f0a4872fa9f2db9
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
9db398bb0edc46c19daad323ce103aa2
http://ftp.otrs.org/pub/otrs/RPMS/suse/ ... noarch.rpm
6ab8e0571538cd618e81ecc5d922adf3
http://ftp.otrs.org/pub/otrs/RPMS/fedor ... noarch.rpm
e1f74424f3004257a16b63346da26eb7
http://ftp.otrs.org/pub/otrs/RPMS/redha ... noarch.rpm
0cca890de367c4c3f7697442dfa2eb8a
http://ftp.otrs.org/pub/otrs/RPMS/redha ... noarch.rpm
0719e6e35d22f92d01de06df2c360361
http://ftp.otrs.org/pub/otrs/otrs-2.4.9.tar.gz
bf0aa646ae8670bc9f8bfa3a67e74f12
http://ftp.otrs.org/pub/otrs/otrs-2.4.9.tar.bz2
7459d171b9295bc3c81d86e454771290
http://ftp.otrs.org/pub/otrs/otrs-2.4.9.zip
c2f1bba1ba984da6d605b9900cb4db58
http://ftp.otrs.org/pub/otrs/otrs-2.4.9 ... -2.3.1.exe
SOFTWARE DOWNLOAD:
===================
Please note that we have relaunched our website http://www.otrs.com.
The software can now be downloaded exclusively
* http://otrs.org/download/
* http://otrs.org/download/#otrs3
* ftp://ftp.otrs.org/pub/otrs/ (Germany/Hamburg)
A complete list of all download mirrors (ftp/http/rsync) is
available at http://otrs.org/download/
YOUR CONTRIBUTION:
===================
* Please send information regarding vulnerabilities in OTRS to
security@otrs.org.
* We kindly ask for your assistance to update the translation
files! The current status can be found here:
http://users.otrs.com/~me/i18n/
FEEDBACK & BUG REPORTING:
=========================
Although OTRS 2.4.9 has been tested before, we appreciate
your contributions. As always, you’re encouraged to tell
us what you think, using this feedback e-Mail: [enjoy at otrs.com]
or by filing a bug in Bugzilla [http://bugs.otrs.org].
--
Hauke Jan Böttcher
Director Marketing
xxx
Norsk-Data-Straße 1
61352 Bad Homburg
Germany
T: +49 (0) 6172 681988 0
F: +49 (0) 9421 56818 18
I: http://www.otrs.com/
Business Location: Bad Homburg
Country Court: Bad Homburg, HRB 10751
VAT ID: DE256610065
Chairman: Burchard Steinbild
Managing Board: André Mindermann (CEO)
OTRS Security Advisory 2010-03: OTRS 2.4.9 released
Forum rules
Dont create your support topics here!
Dont create your support topics here!
-
- Znuny guru
- Posts: 2189
- Joined: 08 Dec 2005, 17:01
- Znuny Version: 5.0.x
- Real Name: André Bauer
- Company: Magix Software GmbH
- Location: Dresden
- Contact:
OTRS Security Advisory 2010-03: OTRS 2.4.9 released
Prod: Ubuntu Server 16.04 / Zammad 1.2
DO NOT PM ME WITH OTRS RELATED QUESTIONS! ASK IN THE FORUMS!
OtterHub.org
DO NOT PM ME WITH OTRS RELATED QUESTIONS! ASK IN THE FORUMS!
OtterHub.org