Lucene search
SuseOPENSUSE-SU-2018:3005-1HistoryOct 04, 2018 - 6:25 p.m.
Security update for otrs (moderate)
2018-10-0418:25:33
lists.opensuse.org
47
0.004 Low
EPSS
Percentile
72.4%
This update for otrs to version 4.0.32 fixes the following issues:
These security issues were fixed:
- CVE-2018-16586: An attacker could have sent a malicious email to an OTRS
system. If a logged in user opens it, the email could have caused the
browser to load external image or CSS resources (bsc#1109822). - CVE-2018-16587: An attacker could have sent a malicious email to an OTRS
system. If a user with admin permissions opens it, it caused deletions
of arbitrary files that the OTRS web server user has write access to
(bsc#1109823). - CVE-2018-14593: An attacker who is logged into OTRS as an agent may have
escalated their privileges by accessing a specially crafted URL
(bsc#1103800).
These non-security issues were fixed:
- fixed permissions file @OTRS_ROOT@/var/tmp -> @OTRS_ROOT@/var/tmp/
- ACL for Action AgentTicketBulk were inconsistent.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Leap | 15.0 | noarch | otrs-itsm | < 4.0.32-lp150.2.3.1 | otrs-itsm-4.0.32-lp150.2.3.1.noarch.rpm |
| openSUSE Backports SLE | 15 | noarch | otrs-doc | < 4.0.32-bp150.3.3.1 | otrs-doc-4.0.32-bp150.3.3.1.noarch.rpm |
| openSUSE Backports SLE | 15 | noarch | otrs | < 4.0.32-bp150.3.3.1 | otrs-4.0.32-bp150.3.3.1.noarch.rpm |
| openSUSE Leap | 15.0 | noarch | otrs | < 4.0.32-lp150.2.3.1 | otrs-4.0.32-lp150.2.3.1.noarch.rpm |
| openSUSE Backports SLE | 15 | noarch | otrs-itsm | < 4.0.32-bp150.3.3.1 | otrs-itsm-4.0.32-bp150.3.3.1.noarch.rpm |
| openSUSE Leap | 15.0 | noarch | otrs-doc | < 4.0.32-lp150.2.3.1 | otrs-doc-4.0.32-lp150.2.3.1.noarch.rpm |
Related
osv
osv
otrs2 - security update
2018-10-14 00:00:00
otrs2 - security update
2018-09-26 00:00:00
CVE-2018-16586
2018-09-28 00:29:01
nessus
nessus
openSUSE Security Update : otrs (openSUSE-2018-1106)
2018-10-05 00:00:00
openSUSE Security Update : otrs (openSUSE-2019-748)
2019-03-27 00:00:00
Debian DSA-4317-1 : otrs2 - security update
2018-10-15 00:00:00
openvas
openvas
openSUSE: Security Advisory for otrs (openSUSE-SU-2018:3005-1)
2018-10-26 00:00:00
Debian: Security Advisory (DSA-4317-1)
2018-10-13 00:00:00
Debian: Security Advisory (DLA-1521-1)
2018-09-26 00:00:00
debian
debian
[SECURITY] [DSA 4317-1] otrs2 security update
2018-10-14 19:00:58
[SECURITY] [DLA 1521-1] otrs2 security update
2018-09-26 16:59:00
[SECURITY] [DLA 1473-1] otrs2 security update
2018-08-21 13:54:50
nvd
nvd
cve
cve
cvelist
cvelist
ubuntucve
ubuntucve
prion
prion
Open redirect
2018-09-28 00:29:00
Design/Logic Flaw
2018-09-28 00:29:00
Design/Logic Flaw
2018-08-04 01:29:00
debiancve
debiancve