Dear Community Members, ++++++++++ OTRS Security Advisory 2010-01 OTRS 2.2.9 ++++++++++ Release: OTRS 2.2.9 Status: stable Code Name: Ipanema SECURITY FIXES: =============== --------------------------------------------------------------- OTRS Security Advisory 2010-01 --------------------------------------------------------------- ID: OSA-2010-01 Date: 2010-02-08 Title: Vulnerability in OTRS-Core allows SQL-Injection Severity: Critical Product: OTRS 2.4.x, OTRS 2.3.x, OTRS 2.2.x, OTRS 2.1.x Fixed in: OTRS 2.4.7, OTRS 2.3.5, OTRS 2.2.9, OTRS 2.1.9 URL: http://otrs.org/advisory/OSA-2010-01-en/ CVE: CVE-2010-0438 --------------------------------------------------------------- To read the entire Security Advisory please follow this link: ENGLISH VERSION: http://otrs.org/advisory/OSA-2010-01-en/ GERMAN VERSION: http://otrs.org/advisory/OSA-2010-01-de/ MD5 CHECKSUMS: ============== be262a6005c315f036703f8505846212 http://ftp.otrs.org/pub/otrs/RPMS/suse/7.3/otrs-2.2.9-01.noarch.rpm 14b801622514951698dea9320145c1b1 http://ftp.otrs.org/pub/otrs/RPMS/suse/8.x/otrs-2.2.9-01.noarch.rpm 11d6086f7356933e1104e039c7d25418 http://ftp.otrs.org/pub/otrs/RPMS/suse/9.0/otrs-2.2.9-01.noarch.rpm b68be271262800112536c8e7df50fe06 http://ftp.otrs.org/pub/otrs/RPMS/suse/9.1/otrs-2.2.9-01.noarch.rpm 937fa0f653c424b03a4036be86d7936a http://ftp.otrs.org/pub/otrs/RPMS/suse/10.0/otrs-2.2.9-01.noarch.rpm 0b6620074ce3907b956adecf795e7367 http://ftp.otrs.org/pub/otrs/RPMS/redhat/7.x/otrs-2.2.9-01.noarch.rpm dc6aef34ad102b088879330696ea5be6 http://ftp.otrs.org/pub/otrs/RPMS/redhat/8.0/otrs-2.2.9-01.noarch.rpm ca118c6fa218b23736745b09a4ff76b5 http://ftp.otrs.org/pub/otrs/RPMS/fedora/4/otrs-2.2.9-01.noarch.rpm 9ae3e3531e88667185ef154c2e7b0044 http://ftp.otrs.org/pub/otrs/otrs-2.2.9.tar.gz 9d5bcbf90a08878589b41dd70ab44258 http://ftp.otrs.org/pub/otrs/otrs-2.2.9.tar.bz2 99849327935ae309e39dbc41cce2ea21 http://ftp.otrs.org/pub/otrs/otrs-2.2.9.zip 5c2c5e84cf41d556868387c33e56f508 http://ftp.otrs.org/pub/otrs/otrs-2.2.9-win-installer-2.1.1.exe DOWNLOAD FIXED RELEASES: ======================== http://otrs.org/releases/ YOUR CONTRIBUTION: =================== * Please send information regarding vulnerabilities in OTRS to security@otrs.org. * We kindly ask for your assistance to update the translation files! The current status can be found here: http://users.otrs.com/~me/i18n/ FEEDBACK & BUG REPORTING: ========================= Although OTRS 2.2.9 has been tested before, we appreciate your contributions. As always, you’re encouraged to tell us what you think, using this feedback e-Mail: [enjoy at otrs.com] or by filing a bug in Bugzilla [http://bugs.otrs.org]. MEET US: ======== CU@ PINK - 14th. IT Service Management Conference in Las Vegas (USA) and get to know more about OTRS at booth no. 517b from Feb 21-24, 2010! CU@ CeBIT 2010 in Hannover (Germany) and get to know more about OTRS at booth no. C37, in hall 2 from March 2.-6., 2010! -- ((enjoy)) Hauke Jan Böttcher Director Sales & Marketing OTRS AG Norsk-Data-Straße 1 61352 Bad Homburg Germany T: +49 (0) 6172 681988 0 F: +49 (0) 9421 56818 18 I: http://www.otrs.com/ Business Location: Bad Homburg Country Court: Bad Homburg, HRB 10751 VAT ID: DE256610065 Chairman: Burchard Steinbild Managing Board: André Mindermann (CEO)