Mageia alert MGASA-2012-0322 (otrs)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2012-0322: otrs-3.1.11-1.mga2 (2/core) | |
| Date: | Tue, 6 Nov 2012 20:27:35 +0100 | |
| Message-ID: | <20121106192735.GA9104@valstar.mageia.org> |
MGASA-2012-0322 Date: November 6th, 2012 Affected releases: 2 Description: Updated otrs package fixes security vulnerabilities: Multiple cross-site scripting (XSS) vulnerabilities in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.13, 3.0.x before 3.0.15, and 3.1.x before 3.1.9, and OTRS ITSM 2.1.x before 2.1.5, 3.0.x before 3.0.6, and 3.1.x before 3.1.6, allow remote attackers to inject arbitrary web script or HTML via an e-mail message body with (1) a Cascading Style Sheets (CSS) expression property in the STYLE attribute of an arbitrary element or (2) UTF-7 text in an HTTP-EQUIV="CONTENT-TYPE" META element (CVE-2012-2582). Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.14, 3.0.x before 3.0.16, and 3.1.x before 3.1.10, when Firefox or Opera is used, allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with nested HTML tags (CVE-2012-4600). Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) Help Desk 2.4.x before 2.4.15, 3.0.x before 3.0.17, and 3.1.x before 3.1.11 allows remote attackers to inject arbitrary web script or HTML via an e-mail message body with whitespace before a javascript: URL in the SRC attribute of an element, as demonstrated by an IFRAME element (CVE-2012-4751). Updated Packages: otrs-3.1.11-1.mga2 References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2582 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4600 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4751 http://www.otrs.com/en/open-source/community-news/securit... http://www.otrs.com/en/open-source/community-news/securit... http://www.otrs.com/en/open-source/community-news/securit... http://lists.opensuse.org/opensuse-updates/2012-09/msg000... https://bugs.mageia.org/show_bug.cgi?id=7527 https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-...