OTRS Security Advisory 2012-03 OTRS 3.1.11

English news about OTRS and this board
Dont create your support topics here!
Forum rules
Dont create your support topics here!
Post Reply
jojo
Moderator
Posts: 14387
Joined: 26 Jan 2007, 14:50
OTRS Version?: Git Master
Contact:

OTRS Security Advisory 2012-03 OTRS 3.1.11

Post by jojo » 16 Oct 2012, 10:32

+++++++++++++++++++++++++ OTRS Security Advisory 2012-03 OTRS 3.1.11 +++++++++++++++++++++++

Release: OTRS Help Desk 3.1.11
Release date: 16-October-2012
Status: Patch Level Release


SECURITY FIXES:
==============

------------------------------------------------------------------
OTRS Security Advisory 2012-03 <security at otrs.org>
------------------------------------------------------------------
ID: OSA-2012-03
Date: 2012-10-16
Title: XSS vulnerability
Severity: Low (Overall CVSS Score: 3.9)
Affected: OTRS Help Desk 2.4.x, OTRS Help Desk 3.0.x, OTRS Help Desk 3.1.x
Fixed in: OTRS 2.4.15, 3.0.17, 3.1.11
URL: http://www.otrs.com/en/open-source/comm ... y-2012-03/
FULL CVSS v2 VECTOR: AV:N/AC:L/AU:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND
References: CVE-2012-4751, VU#603276

To read the entire Security Advisory please follow this link.

http://www.otrs.com/en/open-source/comm ... y-2012-03/

There will also be Release Notes for the newest versions of OTRS Help Desk, where this vulnerability is fixed and we recommend an update to one of these new versions.
"Production": OTRS™ 6, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) git Master

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com :: Share your ideas

al1ta
OTRS newbie
Posts: 1
Joined: 18 Oct 2012, 17:01
OTRS Version?: 3.1.11

Re: OTRS Security Advisory 2012-03 OTRS 3.1.11

Post by al1ta » 18 Oct 2012, 18:36

after upgrading from 3.1.10 and ran otrs.RebuildConfig.pl

otrs ask me to reinstall the following itsm modules

ITSMCore
ITSMIncidentProblemManagement
ITSMConfigurationManagement

after reinstall everything seems works right but this wasn't said on upgrade instructions

hoping that everything is running fine now :lol:

jojo
Moderator
Posts: 14387
Joined: 26 Jan 2007, 14:50
OTRS Version?: Git Master
Contact:

Re: OTRS Security Advisory 2012-03 OTRS 3.1.11

Post by jojo » 18 Oct 2012, 22:41

you should alwys check modules after updates
"Production": OTRS™ 6, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) git Master

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com :: Share your ideas

Migento
OTRS newbie
Posts: 1
Joined: 17 Dec 2012, 17:56
OTRS Version?: 20000

Re: OTRS Security Advisory 2012-03 OTRS 3.1.11

Post by Migento » 17 Dec 2012, 17:59

jojo wrote:+++++++++++++++++++++++++ OTRS Security Advisory 2012-03 OTRS 3.1.11 +++++++++++++++++++++++

Release: OTRS Help Desk 3.1.11
Release date: 16-October-2012
Status: Patch Level Release


SECURITY FIXES:
==============

------------------------------------------------------------------
OTRS Security Advisory 2012-03 <security at otrs.org>
------------------------------------------------------------------
ID: OSA-2012-03
Date: 2012-10-16
Title: XSS vulnerability
Severity: Low (Overall CVSS Score: 3.9)
Affected: OTRS Help Desk 2.4.x, OTRS Help Desk 3.0.x, OTRS Help Desk 3.1.x
Fixed in: OTRS 2.4.15, 3.0.17, 3.1.11
URL: http://www.otrs.com/en/open-source/comm ... y-2012-03/
FULL CVSS v2 VECTOR: AV:N/AC:L/AU:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C/CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND
References: CVE-2012-4751, VU#603276

To read the entire Security Advisory please follow this link.

http://www.otrs.com/en/open-source/comm ... y-2012-03/

There will also be Release Notes for the newest versions of OTRS Help Desk, where this vulnerability is fixed and we recommend an update to one of these new versions.
It would be fine to mention that modules have to be checked. It is a little confusing to "solve" issues like this on your own because of the reason you dont know if it is the right solution ^^ But thanks! :) You did a great job!

jojo
Moderator
Posts: 14387
Joined: 26 Jan 2007, 14:50
OTRS Version?: Git Master
Contact:

Re: OTRS Security Advisory 2012-03 OTRS 3.1.11

Post by jojo » 17 Dec 2012, 18:01

this is standard work on all OTRS Updates. So why it should be extra mentioned
"Production": OTRS™ 6, STORM powered by OTRS
"Testing": ((OTRS Community Edition)) git Master

Never change Defaults.pm! :: Blog
Professional Services:: http://www.otrs.com :: enjoy@otrs.com :: Share your ideas

Post Reply