openSUSE-SU-2016:2844-1

Опубликовано: 17 нояб. 2016

Источник: suse-cvrf

Описание

Security update for otrs

This update for otrs fixes the following security issues:

CVE-2016-9139: execution of JavaScript in OTRS context by opening malicious attachment (OSA-2016-02, bsc#1008017)

In addition, OTRS was updated to 3.3.16, containing all upstream improvements and bug fixes.

Список пакетов

openSUSE Leap 42.2

otrs-3.3.16-3.1

otrs-doc-3.3.16-3.1

otrs-itsm-3.3.14-3.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-11/msg00075.html
E-Mail link for openSUSE-SU-2016:2844-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment.

Затронутые продукты

openSUSE Leap 42.2:otrs-3.3.16-3.1

openSUSE Leap 42.2:otrs-doc-3.3.16-3.1

openSUSE Leap 42.2:otrs-itsm-3.3.14-3.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-9139.html
CVE-2016-9139
https://bugzilla.suse.com/1008017
SUSE Bug 1008017

openSUSE-SU-2016:2844-1

Описание

Список пакетов

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2016-9139

Описание

Затронутые продукты

Ссылки