Hi Rudolf, jepp, wurde alles in 1.3.3 gefixed.
Ciao, Christian On Wed, Feb 15, 2006 at 09:56:09AM +0100, Rudolf Harney wrote: >Hi, > >diesse Debian Security Meldung ist durch otrs 1.3.3 abgedeckt, sehe ich >das richtig? > >Rudolf > >-------- Weitergeleitete Nachricht -------- >Von: Marek Kralewski <[EMAIL PROTECTED]> >An: rudolf harney <[EMAIL PROTECTED]> >Betreff: [Fwd: [SECURITY] [DSA 973-1] New OTRS packages fix several >vulnerabilities] >Datum: Wed, 15 Feb 2006 09:06:33 +0100 > >Sind das die Punkte, die wir gefixt haben? > >-------- Weitergeleitete Nachricht -------- >Von: Martin Schulze <[EMAIL PROTECTED]> >Antwort an: [email protected] >An: Debian Security Announcements ><[email protected]> >Betreff: [SECURITY] [DSA 973-1] New OTRS packages fix several >vulnerabilities >Datum: Wed, 15 Feb 2006 08:57:03 +0100 (CET) > >-------------------------------------------------------------------------- >Debian Security Advisory DSA 973-1 [EMAIL PROTECTED] >http://www.debian.org/security/ Martin Schulze >February 15th, 2006 http://www.debian.org/security/faq >-------------------------------------------------------------------------- > >Package : otrs >Vulnerability : several >Problem type : remote >Debian-specific: no >CVE IDs : CVE-2005-3893 CVE-2005-3894 CVE-2005-3895 >BugTraq ID : 15537 >Debian Bug : 340352 > >Several vulnerabilities have been discovered in otrs, the Open Ticket >Request System, that can be exploited remotely. The Common >vulnerabilities and Exposures Project identifies the following >problems: > >CVE-2005-3893 > > Multiple SQL injection vulnerabilities allow remote attackers to > execute arbitrary SQL commands and bypass authentication. > >CVE-2005-3894 > > Multiple cross-site scripting vulnerabilities allow remote > authenticated users to inject arbitrary web script or HTML. > >CVE-2005-3895 > > Internally attached text/html mails are rendered as HTML when the > queue moderator attempts to download the attachment, which allows > remote attackers to execute arbitrary web script or HTML. > >the old stable distribution (woody) does not contain OTRS packages. > >For the stable distribution (sarge) these problems have been fixed in >version 1.3.2p01-6. > >For the unstable distribution (sid) these problems have been fixed in >version 2.0.4p01-1. > >We recommend that you upgrade your otrs package. > > >Upgrade Instructions >-------------------- > >wget url > will fetch the file for you >dpkg -i file.deb > will install the referenced file. > >If you are using the apt-get package manager, use the line for >sources.list as given below: > >apt-get update > will update the internal database >apt-get upgrade > will install corrected packages > >You may use an automated update by adding the resources from the >footer to the proper configuration. > > >Debian GNU/Linux 3.1 alias sarge >-------------------------------- > > Source archives: > > http://security.debian.org/pool/updates/main/o/otrs/otrs_1.3.2p01-6.dsc > Size/MD5 checksum: 600 0dd0acec3580502a8f9ecf061ed931de > http://security.debian.org/pool/updates/main/o/otrs/otrs_1.3.2p01-6.diff.gz > Size/MD5 checksum: 15917 f94589b636198b60b76d36ce074dc04f > > http://security.debian.org/pool/updates/main/o/otrs/otrs_1.3.2p01.orig.tar.gz > Size/MD5 checksum: 6639786 8861ace308c6f058b331fbd0e8437f0c > > Architecture independent components: > > > http://security.debian.org/pool/updates/main/o/otrs/otrs-doc-de_1.3.2p01-6_all.deb > Size/MD5 checksum: 3005222 9783133f230474fabdca9b6fa30ea1d9 > > http://security.debian.org/pool/updates/main/o/otrs/otrs-doc-en_1.3.2p01-6_all.deb > Size/MD5 checksum: 2312748 2cd8499682e6b4a5fd3ad7472329a3da > http://security.debian.org/pool/updates/main/o/otrs/otrs_1.3.2p01-6_all.deb > Size/MD5 checksum: 920580 c29a6b599e31d7b5a847f2f74b658a3c > > > These files will probably be moved into the stable distribution on > its next update. > >--------------------------------------------------------------------------------- >For apt-get: deb http://security.debian.org/ stable/updates main >For dpkg-ftp: ftp://security.debian.org/debian-security >dists/stable/updates/main >Mailing list: [email protected] >Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> > > > > >_______________________________________________ >OTRS Mailingliste: otrs-de - Webpage: http://otrs.org/ >Archiv: http://lists.otrs.org/pipermail/otrs-de/ >Listenabo verwalten: http://lists.otrs.org/cgi-bin/listinfo/otrs-de/ >Support oder Consulting fuer Ihr OTRS System? >=> http://www.otrs.de/ -- ((otrs)) :: OTRS GmbH :: Europaring 4 :: D - 94315 Straubing Fon: +49 (0) 9421 1862 760 :: Fax: +49 (0) 9421 1862 769 http://www.otrs.com/ :: Communication with success!
signature.asc
Description: Digital signature
_______________________________________________ OTRS Mailingliste: otrs-de - Webpage: http://otrs.org/ Archiv: http://lists.otrs.org/pipermail/otrs-de/ Listenabo verwalten: http://lists.otrs.org/cgi-bin/listinfo/otrs-de/ Support oder Consulting fuer Ihr OTRS System? => http://www.otrs.de/
