Dear Community Members,

++++++++++ OTRS Security Advisory 2010-01 OTRS 2.1.9 ++++++++++

Release: OTRS 2.1.9

Status: stable

Code Name: Playa Esmeralda

SECURITY FIXES:

===============

---------------------------------------------------------------

OTRS Security Advisory 2010-01 <security@otrs.org>

---------------------------------------------------------------

ID: OSA-2010-01

Date: 2010-02-08

Title: Vulnerability in OTRS-Core allows SQL-Injection

Severity: Critical

Product: OTRS 2.4.x, OTRS 2.3.x, OTRS 2.2.x, OTRS 2.1.x

Fixed in: OTRS 2.4.7, OTRS 2.3.5, OTRS 2.2.9, OTRS 2.1.9

URL: http://otrs.org/advisory/OSA-2010-01-en/

CVE: CVE-2010-0438

---------------------------------------------------------------

To read the entire Security Advisory please follow this link:

ENGLISH VERSION:

http://otrs.org/advisory/OSA-2010-01-en/

GERMAN VERSION:

http://otrs.org/advisory/OSA-2010-01-de/

BUG FIXES:

==========

* Bug# 2491 - OTRS crashes after initial login on fresh

installation on perl 5.10.

[ http://bugs.otrs.org/show_bug.cgi?id=2491 ]

MD5 CHECKSUMS:

==============

dec0657db6cd3a627ee6a206f9c1a168

http://ftp.otrs.org/pub/otrs/RPMS/suse/7.3/otrs-2.1.9-01.i386.rpm

5393d405232abe1a4017f339587f41ec

http://ftp.otrs.org/pub/otrs/RPMS/suse/8.x/otrs-2.1.9-01.i386.rpm

76c0f6343ad639a1f599263d7b1ce8c0

http://ftp.otrs.org/pub/otrs/RPMS/suse/9.0/otrs-2.1.9-01.i386.rpm

eb3388eb5e36644033958e45aa745f95

http://ftp.otrs.org/pub/otrs/RPMS/suse/9.1/otrs-2.1.9-01.i386.rpm

44fadc2919c733ec3e7bae1aea26fb07

http://ftp.otrs.org/pub/otrs/RPMS/suse/10.0/otrs-2.1.9-01.i386.rpm

8df01a19a8e9f0d35d3cf2c79d184f44

http://ftp.otrs.org/pub/otrs/RPMS/redhat/7.x/otrs-2.1.9-01.i386.rpm

40626e5734c43e9fb4b247563c2c4b29

http://ftp.otrs.org/pub/otrs/RPMS/redhat/8.0/otrs-2.1.9-01.i386.rpm

433cde4c5b2781fd3749e58fb1aed084

http://ftp.otrs.org/pub/otrs/RPMS/fedora/4/otrs-2.1.9-01.i386.rpm

3585a3f7397a5e0607f02cd0fc4187ab

http://ftp.otrs.org/pub/otrs/otrs-2.1.9.tar.gz

83238bb68b14de4ceea7910c3efc9c00

http://ftp.otrs.org/pub/otrs/otrs-2.1.9.tar.bz2

dd1351534a5a3308ce9932808551dadb

http://ftp.otrs.org/pub/otrs/otrs-2.1.9-win-installer-2.1.1.exe

DOWNLOAD FIXED RELEASES:

========================

http://otrs.org/releases/

YOUR CONTRIBUTION:

===================

* Please send information regarding vulnerabilities in OTRS to

security@otrs.org.

* We kindly ask for your assistance to update the translation

files! The current status can be found here:

http://users.otrs.com/~me/i18n/

FEEDBACK & BUG REPORTING:

=========================

Although OTRS 2.1.9 has been tested before, we appreciate

your contributions. As always, you�re encouraged to tell

us what you think, using this feedback e-Mail: [enjoy at otrs.com]

or by filing a bug in Bugzilla [http://bugs.otrs.org].

MEET US:

========

CU@ PINK - 14th. IT Service Management Conference in Las Vegas (USA)

and get to know more about OTRS at booth no. 517b from Feb 21-24, 2010!

CU@ CeBIT 2010 in Hannover (Germany) and get to know more

about OTRS at booth no. C37, in hall 2 from March 2.-6., 2010!

--

((enjoy))

Hauke Jan B�ttcher
Director Sales & Marketing

OTRS AG
Norsk-Data-Stra�e 1
61352 Bad Homburg
Germany

T: +49 (0) 6172 681988 0
F: +49 (0) 9421 56818 18
I: http://www.otrs.com/

Business Location: Bad Homburg
Country Court: Bad Homburg, HRB 10751
VAT ID: DE256610065
Chairman: Burchard Steinbild
Managing Board: Andr� Mindermann (CEO)