Dear Community Members,

++++++++++ OTRS Security Advisory 2010-01 OTRS 2.3.5 ++++++++++

Release: OTRS 2.3.5
Status: stable
Code Name: Bora Bora

SECURITY FIXES:
===============

---------------------------------------------------------------

OTRS Security Advisory 2010-01 <security@otrs.org>

---------------------------------------------------------------

ID: OSA-2010-01

Date: 2010-02-08

Title: Vulnerability in OTRS-Core allows SQL-Injection

Severity: Critical

Product: OTRS 2.4.x, OTRS 2.3.x, OTRS 2.2.x, OTRS 2.1.x

Fixed in: OTRS 2.4.7, OTRS 2.3.5, OTRS 2.2.9, OTRS 2.1.9

URL: http://otrs.org/advisory/OSA-2010-01-en/

CVE: CVE-2010-0438

---------------------------------------------------------------

To read the entire Security Advisory please follow this link:

ENGLISH VERSION:

http://otrs.org/advisory/OSA-2010-01-en/

GERMAN VERSION:

http://otrs.org/advisory/OSA-2010-01-de/

BUG FIXES:
==========

* Bug# 3573 - Deleting tickets on PostgreSQL 8.3.0 fails.

[ http://bugs.otrs.org/show_bug.cgi?id=3573 ]

* Bug# 3404 - PendingJobs.pl doesn't unlock the closed tickets.

[ http://bugs.otrs.org/show_bug.cgi?id=3404 ]

* Bug# 3137 - Ticket search does not work with words like "BPX"

and "new".

[ http://bugs.otrs.org/show_bug.cgi?id=3137 ]

* Bug# 3745 - German umlaut in customer login_id breaks login.

[ http://bugs.otrs.org/show_bug.cgi?id=3745 ]

MD5 CHECKSUMS:
==============

8709ced8e72d8108da8ef7d512b5a042

http://ftp.otrs.org/pub/otrs/RPMS/suse/7.3/otrs-2.3.5-01.i386.rpm

f2a4a86545c575140228f34114bfaaca

http://ftp.otrs.org/pub/otrs/RPMS/suse/8.x/otrs-2.3.5-01.i386.rpm

ce2a1c5217702bd9170ea4f0a0869395

http://ftp.otrs.org/pub/otrs/RPMS/suse/9.0/otrs-2.3.5-01.i386.rpm

8f6ca387f28333d96c83d1969128f48d

http://ftp.otrs.org/pub/otrs/RPMS/suse/9.1/otrs-2.3.5-01.i386.rpm

3ef3239fb04168d834b553d77123404f

http://ftp.otrs.org/pub/otrs/RPMS/suse/10.0/otrs-2.3.5-01.i386.rpm

a5720f3aa2813b89921bb490e6f35e0a

http://ftp.otrs.org/pub/otrs/RPMS/redhat/7.x/otrs-2.3.5-01.i386.rpm

1eac5ea54ba799c52b67ba2156fbe989

http://ftp.otrs.org/pub/otrs/RPMS/redhat/8.0/otrs-2.3.5-01.i386.rpm

519a643a8f58f4403b200a0504ef3fe3

http://ftp.otrs.org/pub/otrs/RPMS/fedora/4/otrs-2.3.5-01.i386.rpm

fd5f96d664c98cba19c1d07270ad2287

http://ftp.otrs.org/pub/otrs/otrs-2.3.5.tar.gz

c07dcabfb6d001a5cacee71a2a7fc1cf

http://ftp.otrs.org/pub/otrs/otrs-2.3.5.tar.bz2

d90a164e4fd4453a4240730fe964514d

http://ftp.otrs.org/pub/otrs/otrs-2.3.5.zip

5c2c5e84cf41d556868387c33e56f508

http://ftp.otrs.org/pub/otrs/otrs-2.3.5-win-installer-2.1.1.exe

DOWNLOAD FIXED RELEASES:
========================

http://otrs.org/releases/

YOUR CONTRIBUTION:

===================

* Please send information regarding vulnerabilities in OTRS to

security@otrs.org.

* We kindly ask for your assistance to update the translation

files! The current status can be found here:

http://users.otrs.com/~me/i18n/

FEEDBACK & BUG REPORTING:

=========================

Although OTRS 2.3.5 has been tested before, we appreciate

your contributions. As always, you�re encouraged to tell

us what you think, using this feedback e-Mail: [enjoy at otrs.com]

or by filing a bug in Bugzilla [http://bugs.otrs.org].

MEET US:

========

CU@ PINK - 14th. IT Service Management Conference in Las Vegas (USA)

and get to know more about OTRS at booth no. 517b from Feb 21-24, 2010!

CU@ CeBIT 2010 in Hannover (Germany) and get to know more
about OTRS at booth no. C37, in hall 2 from March 2.-6., 2010!

--

((enjoy))

Hauke Jan B�ttcher
Director Sales & Marketing

OTRS AG
Norsk-Data-Stra�e 1
61352 Bad Homburg
Germany

T: +49 (0) 6172 681988 0
F: +49 (0) 9421 56818 18
I: http://www.otrs.com/

Business Location: Bad Homburg
Country Court: Bad Homburg, HRB 10751
VAT ID: DE256610065
Chairman: Burchard Steinbild
Managing Board: Andr� Mindermann (CEO)