Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 533
Alerts This Week
Warning Icon 1 533

openSUSE 2020:1509-1 Moderate: OTRS Update Fixes Security Issues

opensuse
Calendar Grey September 23, 2020
Dist Opensuse Esm H88
openSUSE Security Update: Recommended update for otrs_______________________________________________
An update that fixes 18 vulnerabilities is now available.

Description

Otrs was updated to 5.0.42, fixing lots of bugs and security issues:

https://otrs.com/es/soluciones-de-software-otrs/otrs-community-edition/

- CVE-2020-1773 boo#1168029 OSA-2020-10:

* Session / Password / Password token leak An attacker with the ability

to generate session IDs or password reset tokens, either by being able

to authenticate or by exploiting OSA-2020-09, may be able to predict

other users session IDs, password reset tokens and automatically

generated passwords.

- CVE-2020-1772 boo#1168029 OSA-2020-09:

* Information Disclosure It’s possible to craft Lost Password requests

with wildcards in the Token value, which allows attacker to retrieve

valid Token(s), generated by users which already requested new

passwords.

- CVE-2020-1771 boo#1168030 OSA-2020-08:

* Possible XSS in Customer user address book Attacker is able craft an

article with a link to the customer address book with...

Read the Full Advisory

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP2:

zypper in -t patch openSUSE-2020-1509=1

Package List

- openSUSE Backports SLE-15-SP2 (noarch):

otrs-6.0.29-bp152.2.8.1

otrs-doc-6.0.29-bp152.2.8.1

otrs-itsm-6.0.29-bp152.2.8.1

References

https://www.suse.com/security/cve/CVE-2019-10067.html

https://www.suse.com/security/cve/CVE-2019-12248.html

https://www.suse.com/security/cve/CVE-2019-12497.html

https://www.suse.com/security/cve/CVE-2019-12746.html

https://www.suse.com/security/cve/CVE-2019-13457.html

https://www.suse.com/security/cve/CVE-2019-13458.html

https://www.suse.com/security/cve/CVE-2019-16375.html

https://www.suse.com/security/cve/CVE-2019-18179.html

https://www.suse.com/security/cve/CVE-2019-18180.html

https://www.suse.com/security/cve/CVE-2019-9752.html

https://www.suse.com/security/cve/CVE-2019-9892.html

https://www.suse.com/security/cve/CVE-2020-1765.html

https://www.suse.com/security/cve/CVE-2020-1766.html

https://www.suse.com/security/cve/CVE-2020-1769.html

https://www.suse.com/security/cve/CVE-2020-1770.html

https://www.suse.com/security/cve/CVE-2020-1771.html

https://www.suse.com/security/cve/CVE-2020-1772.html

https://www.suse.com/security/cve/CVE-2020-1773.html

https://bugzilla.suse.com/1122560

https://bugzilla.suse....

Read the Full Advisory

Announcement ID: openSUSE-SU-2020:1509-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.