Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2020:1888-1

Опубликовано: 09 нояб. 2020
Источник: suse-cvrf

Описание

Security update for otrs

This update for otrs fixes the following issues:

  • otrs was updated to 6.0.30 (OSA-2020-14 boo#1178434)
    • CVE-2020-11022, CVE-2020-11023: Vulnerability in third-party library - jquery OTRS uses jquery version 3.4.1, which is vulnerable to cross-site scripting (XSS).

Список пакетов

SUSE Package Hub 15 SP1
otrs-6.0.30-bp152.2.11.1
otrs-doc-6.0.30-bp152.2.11.1
otrs-itsm-6.0.30-bp152.2.11.1
SUSE Package Hub 15 SP2
otrs-6.0.30-bp152.2.11.1
otrs-doc-6.0.30-bp152.2.11.1
otrs-itsm-6.0.30-bp152.2.11.1
openSUSE Leap 15.1
otrs-6.0.30-bp152.2.11.1
otrs-doc-6.0.30-bp152.2.11.1
otrs-itsm-6.0.30-bp152.2.11.1
openSUSE Leap 15.2
otrs-6.0.30-bp152.2.11.1
otrs-doc-6.0.30-bp152.2.11.1
otrs-itsm-6.0.30-bp152.2.11.1

Ссылки

Описание

In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Затронутые продукты
SUSE Package Hub 15 SP1:otrs-6.0.30-bp152.2.11.1
SUSE Package Hub 15 SP1:otrs-doc-6.0.30-bp152.2.11.1
SUSE Package Hub 15 SP1:otrs-itsm-6.0.30-bp152.2.11.1
SUSE Package Hub 15 SP2:otrs-6.0.30-bp152.2.11.1
Ссылки

Описание

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Затронутые продукты
SUSE Package Hub 15 SP1:otrs-6.0.30-bp152.2.11.1
SUSE Package Hub 15 SP1:otrs-doc-6.0.30-bp152.2.11.1
SUSE Package Hub 15 SP1:otrs-itsm-6.0.30-bp152.2.11.1
SUSE Package Hub 15 SP2:otrs-6.0.30-bp152.2.11.1
Ссылки