Bug 1157001

Summary: VUL-0: otrs: Security Advisory 2019-15, Security Advisory 2019-14
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Christian Wittmer <chris>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: abergmann
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2019-11-18 10:00:42 UTC 
via otrs announce and chris

Betreff: [announce] Security Advisory 2018-15, Security Advisory 2018-14
Datum: Fri, 15 Nov 2019 09:48:00 +0100
Von: Melanie Krüger <melanie.krueger@otrs.com>
Antwort an: Announcements about OTRS.org <announce@lists.otrs.org>
An: announce@otrs.org

+++++++++ Security Advisory 2019-15: Security Update for OTRS Framework
+++++++++

Releases:            OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x
Release date:        15-November-2019
Status:              Patch Level Release

SECURITY FIXES:
==============
------------------------------------------------------------------
OTRS Security Advisory 2019-15           <security at otrs.org>
------------------------------------------------------------------
ID:            OSA-2019-15 Date:          2019-11-15
Title:         Denial of service Severity:      Medium
Product:       OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x Fixed in:      OTRS
7.0.13, OTRS 6.0.24,, OTRS 5.0.39       References:    CVE-2019-18180

To read the entire Security Advisory please follow this link.

https://community.otrs.com/security-advisory-2019-15-security-update-for-otrs-framework/



+++++++++ Security Advisory 2019-14: Security Update for OTRS Framework
+++++++++

Releases:            OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x
Release date:        15-November-2019
Status:              Patch Level Release

SECURITY FIXES:
==============
------------------------------------------------------------------
OTRS Security Advisory 2019-14          <security at otrs.org>
------------------------------------------------------------------
ID:            OSA-2019-14 Date:          2019-11-15
Title:         Information Disclosure  Severity:      Low
Product:       OTRS 7.0.x, OTRS 6.0.x, OTRS 5.0.x Fixed in:      OTRS
7.0.13, OTRS 6.0.24,, OTRS 5.0.39       References:    CVE-2019-18179

To read the entire Security Advisory please follow this link.

https://community.otrs.com/security-advisory-2019-14-security-update-for-otrs-framework/
Comment 1 Christian Wittmer 2019-12-28 18:27:06 UTC 
*** Bug 1157523 has been marked as a duplicate of this bug. ***
Comment 2 Christian Wittmer 2019-12-28 18:27:15 UTC 
*** Bug 1157524 has been marked as a duplicate of this bug. ***
Comment 3 Christian Wittmer 2019-12-28 18:37:31 UTC 
- update to 5.0.39
- update to 6.0.24
Comment 4 Swamp Workflow Management 2019-12-28 21:40:06 UTC 
This is an autogenerated message for OBS integration:
This bug (1157001) was mentioned in
https://build.opensuse.org/request/show/759812 Factory / otrs
Comment 5 Christian Wittmer 2020-01-01 21:09:36 UTC 
fixed
Comment 6 Swamp Workflow Management 2020-04-08 12:40:39 UTC 
This is an autogenerated message for OBS integration:
This bug (1157001) was mentioned in
https://build.opensuse.org/request/show/792434 15.1+Backports:SLE-15+Backports:SLE-15-SP1 / otrs
Comment 7 Swamp Workflow Management 2020-04-09 10:20:32 UTC 
This is an autogenerated message for OBS integration:
This bug (1157001) was mentioned in
https://build.opensuse.org/request/show/792677 15.1+Backports:SLE-15+Backports:SLE-15-SP1 / otrs
https://build.opensuse.org/request/show/792678 15.1+Backports:SLE-15+Backports:SLE-15-SP1 / otrs
Comment 8 Swamp Workflow Management 2020-04-22 12:40:34 UTC 
This is an autogenerated message for OBS integration:
This bug (1157001) was mentioned in
https://build.opensuse.org/request/show/796277 15.1 / otrs
Comment 9 Swamp Workflow Management 2020-04-25 19:14:39 UTC 
openSUSE-SU-2020:0551-1: An update that fixes 18 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1122560,1137614,1137615,1139406,1141430,1141431,1141432,1156431,1157001,1160663,1168029,1168030,1168031,1168032
CVE References: CVE-2019-10067,CVE-2019-12248,CVE-2019-12497,CVE-2019-12746,CVE-2019-13457,CVE-2019-13458,CVE-2019-16375,CVE-2019-18179,CVE-2019-18180,CVE-2019-9752,CVE-2019-9892,CVE-2020-1765,CVE-2020-1766,CVE-2020-1769,CVE-2020-1770,CVE-2020-1771,CVE-2020-1772,CVE-2020-1773
Sources used:
openSUSE Leap 15.1 (src):    otrs-5.0.42-lp151.2.3.1
openSUSE Backports SLE-15-SP1 (src):    otrs-5.0.42-bp151.3.3.1
openSUSE Backports SLE-15 (src):    otrs-5.0.42-bp150.2.10.1
Comment 10 Swamp Workflow Management 2020-09-20 04:22:41 UTC 
openSUSE-SU-2020:1475-1: An update that fixes 18 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1122560,1137614,1137615,1139406,1141430,1141431,1141432,1156431,1157001,1160663,1168029,1168030,1168031,1168032
CVE References: CVE-2019-10067,CVE-2019-12248,CVE-2019-12497,CVE-2019-12746,CVE-2019-13457,CVE-2019-13458,CVE-2019-16375,CVE-2019-18179,CVE-2019-18180,CVE-2019-9752,CVE-2019-9892,CVE-2020-1765,CVE-2020-1766,CVE-2020-1769,CVE-2020-1770,CVE-2020-1771,CVE-2020-1772,CVE-2020-1773
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    otrs-6.0.29-lp152.2.3.4
openSUSE Leap 15.1 (src):    otrs-6.0.29-lp151.2.6.2
openSUSE Backports SLE-15-SP2 (src):    otrs-6.0.29-bp152.2.5.4
openSUSE Backports SLE-15-SP1 (src):    otrs-6.0.29-bp151.3.6.2
Comment 11 Swamp Workflow Management 2020-09-23 13:21:31 UTC 
openSUSE-SU-2020:1509-1: An update that fixes 18 vulnerabilities is now available.

Category: security (moderate)
Bug References: 1122560,1137614,1137615,1139406,1141430,1141431,1141432,1156431,1157001,1160663,1168029,1168030,1168031,1168032
CVE References: CVE-2019-10067,CVE-2019-12248,CVE-2019-12497,CVE-2019-12746,CVE-2019-13457,CVE-2019-13458,CVE-2019-16375,CVE-2019-18179,CVE-2019-18180,CVE-2019-9752,CVE-2019-9892,CVE-2020-1765,CVE-2020-1766,CVE-2020-1769,CVE-2020-1770,CVE-2020-1771,CVE-2020-1772,CVE-2020-1773
JIRA References: 
Sources used:
openSUSE Backports SLE-15-SP2 (src):    otrs-6.0.29-bp152.2.8.1