[announce] OTRS Security Advisory 2010-01: OTRS 2.1.9 (Playa Esmeralda)

Dear Community Members, ++++++++++ OTRS Security Advisory 2010-01 OTRS 2.1.9 ++++++++++ Release: OTRS 2.1.9 Status: stable Code Name: Playa Esmeralda SECURITY FIXES: =============== --------------------------------------------------------------- OTRS Security Advisory 2010-01 --------------------------------------------------------------- ID: OSA-2010-01 Date: 2010-02-08 Title: Vulnerability in OTRS-Core allows SQL-Injection Severity: Critical Product: OTRS 2.4.x, OTRS 2.3.x, OTRS 2.2.x, OTRS 2.1.x Fixed in: OTRS 2.4.7, OTRS 2.3.5, OTRS 2.2.9, OTRS 2.1.9 URL: http://otrs.org/advisory/OSA-2010-01-en/ CVE: CVE-2010-0438 --------------------------------------------------------------- To read the entire Security Advisory please follow this link: ENGLISH VERSION: http://otrs.org/advisory/OSA-2010-01-en/ GERMAN VERSION: http://otrs.org/advisory/OSA-2010-01-de/ BUG FIXES: ========== * Bug# 2491 - OTRS crashes after initial login on fresh installation on perl 5.10. [ http://bugs.otrs.org/show_bug.cgi?id=2491 ] MD5 CHECKSUMS: ============== dec0657db6cd3a627ee6a206f9c1a168 http://ftp.otrs.org/pub/otrs/RPMS/suse/7.3/otrs-2.1.9-01.i386.rpm 5393d405232abe1a4017f339587f41ec http://ftp.otrs.org/pub/otrs/RPMS/suse/8.x/otrs-2.1.9-01.i386.rpm 76c0f6343ad639a1f599263d7b1ce8c0 http://ftp.otrs.org/pub/otrs/RPMS/suse/9.0/otrs-2.1.9-01.i386.rpm eb3388eb5e36644033958e45aa745f95 http://ftp.otrs.org/pub/otrs/RPMS/suse/9.1/otrs-2.1.9-01.i386.rpm 44fadc2919c733ec3e7bae1aea26fb07 http://ftp.otrs.org/pub/otrs/RPMS/suse/10.0/otrs-2.1.9-01.i386.rpm 8df01a19a8e9f0d35d3cf2c79d184f44 http://ftp.otrs.org/pub/otrs/RPMS/redhat/7.x/otrs-2.1.9-01.i386.rpm 40626e5734c43e9fb4b247563c2c4b29 http://ftp.otrs.org/pub/otrs/RPMS/redhat/8.0/otrs-2.1.9-01.i386.rpm 433cde4c5b2781fd3749e58fb1aed084 http://ftp.otrs.org/pub/otrs/RPMS/fedora/4/otrs-2.1.9-01.i386.rpm 3585a3f7397a5e0607f02cd0fc4187ab http://ftp.otrs.org/pub/otrs/otrs-2.1.9.tar.gz 83238bb68b14de4ceea7910c3efc9c00 http://ftp.otrs.org/pub/otrs/otrs-2.1.9.tar.bz2 dd1351534a5a3308ce9932808551dadb http://ftp.otrs.org/pub/otrs/otrs-2.1.9-win-installer-2.1.1.exe DOWNLOAD FIXED RELEASES: ======================== http://otrs.org/releases/ YOUR CONTRIBUTION: =================== * Please send information regarding vulnerabilities in OTRS to security@otrs.org. * We kindly ask for your assistance to update the translation files! The current status can be found here: http://users.otrs.com/~me/i18n/ FEEDBACK & BUG REPORTING: ========================= Although OTRS 2.1.9 has been tested before, we appreciate your contributions. As always, you’re encouraged to tell us what you think, using this feedback e-Mail: [enjoy at otrs.com] or by filing a bug in Bugzilla [http://bugs.otrs.org]. MEET US: ======== CU@ PINK - 14th. IT Service Management Conference in Las Vegas (USA) and get to know more about OTRS at booth no. 517b from Feb 21-24, 2010! CU@ CeBIT 2010 in Hannover (Germany) and get to know more about OTRS at booth no. C37, in hall 2 from March 2.-6., 2010! -- ((enjoy)) Hauke Jan Böttcher Director Sales & Marketing OTRS AG Norsk-Data-Straße 1 61352 Bad Homburg Germany T: +49 (0) 6172 681988 0 F: +49 (0) 9421 56818 18 I: http://www.otrs.com/ Business Location: Bad Homburg Country Court: Bad Homburg, HRB 10751 VAT ID: DE256610065 Chairman: Burchard Steinbild Managing Board: André Mindermann (CEO)