Hauke Böttcher
Sun, 07 Feb 2010 13:57:22 -0800
Dear Community Members, ++++++++++ OTRS Security Advisory 2010-01 OTRS 2.4.7 ++++++++++
Release: OTRS 2.4.7 Status: stable Code Name: Aitutaki Beach SECURITY FIXES: =============== --------------------------------------------------------------- OTRS Security Advisory 2010-01 <secur...@otrs.org> --------------------------------------------------------------- ID: OSA-2010-01 Date: 2010-02-08 Title: Vulnerability in OTRS-Core allows SQL-Injection Severity: Critical Product: OTRS 2.4.x, OTRS 2.3.x, OTRS 2.2.x, OTRS 2.1.x Fixed in: OTRS 2.4.7, OTRS 2.3.5, OTRS 2.2.9, OTRS 2.1.9 URL: http://otrs.org/advisory/OSA-2010-01-en/ CVE: CVE-2010-0438 --------------------------------------------------------------- To read the entire Security Advisory please follow this link: ENGLISH VERSION: http://otrs.org/advisory/OSA-2010-01-en/ GERMAN VERSION: http://otrs.org/advisory/OSA-2010-01-de/ BUG FIXES: ========== * Bug# 4754 - Multiple tickets get created with a huge POP3 Mailbox - more then 2000 email in the box. Error message: ("Deep recursion on subroutine"). [ http://bugs.otrs.org/show_bug.cgi?id=4754 ] * Bug# 4770 - Attachments are stripped/not shown from outgoing emails in some scenarios with ms exchange. [ http://bugs.otrs.org/show_bug.cgi?id=4770 ] * Bug# 4735 - TicketFreeTime option in Customer frontend for ticket search does not work as expected (only every second is used). [ http://bugs.otrs.org/show_bug.cgi?id=4735 ] * Bug# 4818 - Removed inline image of forwarded message and composing answers in agent interface are still included. [ http://bugs.otrs.org/show_bug.cgi?id=4818 ] MD5 CHECKSUMS: ============== b0bc7d2135431694e515515aedcb021c http://ftp.otrs.org/pub/otrs/RPMS/suse/7.3/otrs-2.4.7-01.noarch.rpm 15a26ee60b17b871b315e816c0634dfa http://ftp.otrs.org/pub/otrs/RPMS/suse/8.x/otrs-2.4.7-01.noarch.rpm 9688f2c41f03d59ea69beb8f8705c28f http://ftp.otrs.org/pub/otrs/RPMS/suse/9.0/otrs-2.4.7-01.noarch.rpm 24ce79ad1abf3ee7b3a1727af8833de9 http://ftp.otrs.org/pub/otrs/RPMS/suse/9.1/otrs-2.4.7-01.noarch.rpm fe310dd5c0d0bb800dccc1e970afeaa9 http://ftp.otrs.org/pub/otrs/RPMS/suse/10.0/otrs-2.4.7-01.noarch.rpm 64d6f67049c4b147601545460f3d9897 http://ftp.otrs.org/pub/otrs/RPMS/suse/11.0/otrs-2.4.7-01.noarch.rpm 578070ba8ddf62074eab0f43d17d5d3d http://ftp.otrs.org/pub/otrs/RPMS/fedora/4/otrs-2.4.7-01.noarch.rpm df273a147c9313ce8a4e46098131ab2b http://ftp.otrs.org/pub/otrs/RPMS/redhat/7.x/otrs-2.4.7-01.noarch.rpm 6e02958ff98d56e09c36730852fe6dfe http://ftp.otrs.org/pub/otrs/RPMS/redhat/8.0/otrs-2.4.7-01.noarch.rpm 1295255918f32150b35b73df1afd0b0c http://ftp.otrs.org/pub/otrs/otrs-2.4.7.tar.gz d233b500ec996c00b284ce1d241ea172 http://ftp.otrs.org/pub/otrs/otrs-2.4.7.tar.bz2 f786229c8410435fd57630235d2fad24 http://ftp.otrs.org/pub/otrs/otrs-2.4.7.zip 0663b2e320f49eced27cd19e9de4b268 http://ftp.otrs.org/pub/otrs/otrs-2.4.7-win-installer-2.1.1.exe 9440d68226f51a7b345132d25a11f1e3 http://ftp.otrs.org/pub/otrs/otrs-2.4.7-win-installer-2.2.0beta7.exe DOWNLOAD FIXED RELEASES: ======================== http://otrs.org/releases/ YOUR CONTRIBUTION: =================== * Please send information regarding vulnerabilities in OTRS to secur...@otrs.org. * We kindly ask for your assistance to update the translation files! The current status can be found here: http://users.otrs.com/~me/i18n/ FEEDBACK & BUG REPORTING: ========================= Although OTRS 2.4.7 has been tested before, we appreciate your contributions. As always, you’re encouraged to tell us what you think, using this feedback e-Mail: [enjoy at otrs.com] or by filing a bug in Bugzilla [http://bugs.otrs.org]. MEET US: ======== CU@ PINK - 14th. IT Service Management Conference in Las Vegas (USA) and get to know more about OTRS at booth no. 517b from Feb 21-24, 2010! CU@ CeBIT 2010 in Hannover (Germany) and get to know more about OTRS at booth no. C37, in hall 2 from March 2.-6., 2010! -- ((enjoy)) Hauke Jan Böttcher Director Sales & Marketing OTRS AG Norsk-Data-Straße 1 61352 Bad Homburg Germany T: +49 (0) 6172 681988 0 F: +49 (0) 9421 56818 18 I: http://www.otrs.com/ Business Location: Bad Homburg Country Court: Bad Homburg, HRB 10751 VAT ID: DE256610065 Chairman: Burchard Steinbild Managing Board: André Mindermann (CEO)
--------------------------------------------------------------------- OTRS mailing list: announce - Webpage: http://otrs.org/ Archive: http://lists.otrs.org/pipermail/announce To unsubscribe: http://lists.otrs.org/cgi-bin/listinfo/announce NEW! ENTERPRISE SUBSCRIPTION - Get more information NOW! http://www.otrs.com/en/support/enterprise-subscription/