===================================================================== CERT-Renater Note d'Information No. 2013/VULN127 _____________________________________________________________________ DATE : 08/04/2013 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running OTRS Help Desk versions prior to 3.2.4, 3.1.14, 3.0.19, OTRS ITSM versions prior to 3.2.3, 3.1.8, 3.0.7, FAQ versions prior to 2.2.3, 2.1.4, 2.0.8. ====================================================================== http://lists.otrs.org/pipermail/announce/2013/000257.html http://lists.otrs.org/pipermail/announce/2013/000258.html ______________________________________________________________________ +++++++++++++++++++++++++ OTRS Security Advisory 2013-01 OTRS Help Desk 3.2.4, OTRS ITSM 3.2.3, FAQ 2.2.3 +++++++++++++++++++++++ Release: OTRS Help Desk 3.2.4, OTRS ITSM 3.2.3, FAQ 2.2.3 Release date: 2-April-2013 Status: Patch Level Release SECURITY FIXES: ============== ------------------------------------------------------------------ OTRS Security Advisory 2013-01 ------------------------------------------------------------------ ID: OSA-2013-01 Date: 2013-04-02 Title: Information disclosure, Data manipulation Severity: Medium (Overall CVSS Score: 4.1) Fixed in: OTRS 3.2.4, 3.1.14, 3.0.19, OTRS ITSM 3.2.3, 3.1.8, 3.0.7, FAQ 2.2.3, 2.1.4, 2.0.8 http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-01/ CVE: CVE-2013-2625 Credits: André Luerssen ------------------------------------------------------------------- To read the entire Security Advisory please follow this link. http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-01/ There will also be Release Notes for the newest versions of OTRS Help Desk, OTRS ITSM and the FAQ Module, where this vulnerability is fixed and we recommend an update to one of these new versions. Best regards Josephine Günther ---- Marketing Manager OTRS AG Norsk-Data-Straße 1 61352 Bad Homburg Germany T: +49 (0) 6172 681988 0 F: +49 (0) 9421 56818 18 I: http://www.otrs.com/ Business location: Bad Homburg, Country Court: Bad Homburg, HRB 10751, VAT ID: DE256610065 Chairman: Burchard Steinbild, Managing Board: André Mindermann (CEO), Christopher Kuhn, Sabine Riedel OTRS 3.2 - More than a Help Desk System – Process and Customer Management – Be an early bird with our special offer ______________________________________________________________________ +++++++++++++++++++++++++ OTRS Security Advisory 2013-02 OTRS ITSM 3.2.3, FAQ 2.1.4 +++++++++++++++++++++++ Release: OTRS ITSM 3.2.3, FAQ 2.1.4 Release date: 2-April-2013 Status: Patch Level Release SECURITY FIXES: ============== ------------------------------------------------------------------ OTRS Security Advisory 2013-02 ------------------------------------------------------------------ ID: OSA-2013-02 Date: 2013-04-02 Title: XSS Vulnerability Severity: Low (Overall CVSS Score: 3) Fixed in: OTRS ITSM 3.2.3, 3.1.8, 3.0.7, FAQ 2.1.4, 2.0.8 URL: http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-02/ CVE: CVE-2013-2637 Credits: Luigi Vezzoso ------------------------------------------------------------------- To read the entire Security Advisory please follow this link. http://www.otrs.com/en/open-source/community-news/security-advisories/security-advisory-2013-02/ There will also be Release Notes for the newest versions of OTRS ITSM and the FAQ Module, where this vulnerability is fixed and we recommend an update to one of these new versions. Best regards Josephine Günther ---- Marketing Manager OTRS AG Norsk-Data-Straße 1 61352 Bad Homburg Germany T: +49 (0) 6172 681988 0 F: +49 (0) 9421 56818 18 I: http://www.otrs.com/ Business location: Bad Homburg, Country Court: Bad Homburg, HRB 10751, VAT ID: DE256610065 Chairman: Burchard Steinbild, Managing Board: André Mindermann (CEO), Christopher Kuhn, Sabine Riedel OTRS 3.2 - More than a Help Desk System – Process and Customer Management – Be an early bird with our special offer ====================================================================== ========================================================= Serveur de référence du CERT-Renater https://services.renater.fr/ssi/ ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================