Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

openSUSE 2020:1509-1 Moderate: OTRS Update Fixes Security Issues

opensuse
Calendar Grey September 23, 2020
Dist Opensuse Esm H88
An update for openSUSE has been released, which fixes several security vulnerabilities in OTRS, categorized with a moderate severity level.
An update that fixes 18 vulnerabilities is now available.

Description

Otrs was updated to 5.0.42, fixing lots of bugs and security issues:

https://otrs.com/es/soluciones-de-software-otrs/otrs-community-edition/

- CVE-2020-1773 boo#1168029 OSA-2020-10:

* Session / Password / Password token leak An attacker with the ability

to generate session IDs or password reset tokens, either by being able

to authenticate or by exploiting OSA-2020-09, may be able to predict

other users session IDs, password reset tokens and automatically

generated passwords.

- CVE-2020-1772 boo#1168029 OSA-2020-09:

* Information Disclosure It’s possible to craft Lost Password requests

with wildcards in the Token value, which allows attacker to retrieve

valid Token(s), generated by users which already requested new

passwords.

- CVE-2020-1771 boo#1168030 OSA-2020-08:

* Possible XSS in Customer user address book Attacker is able craft an

article with a link to the customer address book with...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate XSS information disclosure session management otrs openSUSE

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP2:

zypper in -t patch openSUSE-2020-1509=1

Package List

- openSUSE Backports SLE-15-SP2 (noarch):

otrs-6.0.29-bp152.2.8.1

otrs-doc-6.0.29-bp152.2.8.1

otrs-itsm-6.0.29-bp152.2.8.1

References

https://www.suse.com/security/cve/CVE-2019-10067.html

https://www.suse.com/security/cve/CVE-2019-12248.html

https://www.suse.com/security/cve/CVE-2019-12497.html

https://www.suse.com/security/cve/CVE-2019-12746.html

https://www.suse.com/security/cve/CVE-2019-13457.html

https://www.suse.com/security/cve/CVE-2019-13458.html

https://www.suse.com/security/cve/CVE-2019-16375.html

https://www.suse.com/security/cve/CVE-2019-18179.html

https://www.suse.com/security/cve/CVE-2019-18180.html

https://www.suse.com/security/cve/CVE-2019-9752.html

https://www.suse.com/security/cve/CVE-2019-9892.html

https://www.suse.com/security/cve/CVE-2020-1765.html

https://www.suse.com/security/cve/CVE-2020-1766.html

https://www.suse.com/security/cve/CVE-2020-1769.html

https://www.suse.com/security/cve/CVE-2020-1770.html

https://www.suse.com/security/cve/CVE-2020-1771.html

https://www.suse.com/security/cve/CVE-2020-1772.html

https://www.suse.com/security/cve/CVE-2020-1773.html

https://bugzilla.suse.com/1122560

https://bugzilla.suse....

Read the Full Advisory

Announcement ID: openSUSE-SU-2020:1509-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP2

Topics%20covered

Topics Covered

security advisory moderate XSS information disclosure session management otrs openSUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here