Lucene search
SuseOPENSUSE-SU-2018:4046-1HistoryDec 08, 2018 - 12:23 a.m.
Security update for otrs (moderate)
2018-12-0800:23:24
lists.opensuse.org
64
EPSS
0.001
Percentile
18.7%
This update for otrs fixes the following issues:
Update to version 4.0.33.
Security issues fixed:
- CVE-2018-19141: Fixed privilege escalation, that an attacker who is
logged into OTRS as an admin user cannot manipulate the URL to cause
execution of JavaScript in the context of OTRS. - CVE-2018-19143: Fixed remote file deletion, that an attacker who is
logged into OTRS as a user cannot manipulate the submission form to
cause deletion of arbitrary files that the OTRS web server user has
write access to.
Non-security issues fixed:
- Full release notes can be found at:
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| openSUSE Backports SLE | 15 | noarch | otrs-itsm | < 4.0.33-bp150.3.6.1 | otrs-itsm-4.0.33-bp150.3.6.1.noarch.rpm |
| openSUSE Leap | 15.0 | noarch | otrs-itsm | < 4.0.33-lp150.2.6.1 | otrs-itsm-4.0.33-lp150.2.6.1.noarch.rpm |
| openSUSE Leap | 15.0 | noarch | otrs | < 4.0.33-lp150.2.6.1 | otrs-4.0.33-lp150.2.6.1.noarch.rpm |
| openSUSE Backports SLE | 15 | noarch | otrs-doc | < 4.0.33-bp150.3.6.1 | otrs-doc-4.0.33-bp150.3.6.1.noarch.rpm |
| openSUSE Backports SLE | 15 | noarch | otrs | < 4.0.33-bp150.3.6.1 | otrs-4.0.33-bp150.3.6.1.noarch.rpm |
| openSUSE Leap | 15.0 | noarch | otrs-doc | < 4.0.33-lp150.2.6.1 | otrs-doc-4.0.33-lp150.2.6.1.noarch.rpm |
References
Related
nessus
nessus
Debian DLA-1592-1 : otrs2 security update
2018-11-26 00:00:00
openSUSE Security Update : otrs (openSUSE-2019-973)
2019-03-27 00:00:00
openSUSE Security Update : otrs (openSUSE-2018-1503)
2018-12-10 00:00:00
osv
osv
otrs2 - security update
2018-11-23 00:00:00
CVE-2018-19141
2018-11-11 05:29:00
CVE-2018-19143
2018-11-11 05:29:00
openvas
openvas
Debian: Security Advisory (DLA-1592-1)
2018-11-25 00:00:00
openSUSE: Security Advisory for otrs (openSUSE-SU-2018:4046-1)
2018-12-10 00:00:00
debian
debian
[SECURITY] [DLA 1592-1] otrs2 security update
2018-11-23 19:31:40
debiancve
debiancve
CVE-2018-19141
2018-11-11 05:29:00
CVE-2018-19143
2018-11-11 05:29:00
prion
prion
Open redirect
2018-11-11 05:29:00
Design/Logic Flaw
2018-11-11 05:29:00
nvd
nvd
CVE-2018-19141
2018-11-11 05:29:00
CVE-2018-19143
2018-11-11 05:29:00
cvelist
cvelist
CVE-2018-19141
2018-11-11 05:00:00
CVE-2018-19143
2018-11-11 05:00:00
cve
cve
CVE-2018-19141
2018-11-11 05:29:00
CVE-2018-19143
2018-11-11 05:29:00
ubuntucve
ubuntucve
CVE-2018-19141
2018-11-11 00:00:00
CVE-2018-19143
2018-11-11 00:00:00