1157524 – (CVE-2019-18180) VUL-1: CVE-2019-18180: otrs: endless loop by providing filenames with overly long extensions

Bug 1157524 (CVE-2019-18180) - VUL-1: CVE-2019-18180: otrs: endless loop by providing filenames with overly long extensions

Summary: VUL-1: CVE-2019-18180: otrs: endless loop by providing filenames with overly ...

Status:	RESOLVED DUPLICATE of bug 1157001

Alias:	CVE-2019-18180

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Basesystem (show other bugs)
Version:	Leap 42.3
Hardware:	Other Other

Priority:	P4 - Low Severity: Minor (vote)
Target Milestone:	---
Assignee:	Christian Wittmer
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/247712/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2019-11-22 08:17 UTC by Alexander Bergmann
Modified:	2019-12-28 18:27 UTC (History)
CC List:	0 users

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2019-11-22 08:17:28 UTC

CVE-2019-18180

OTRS can be put into an endless loop by providing filenames with overly long
extensions. This applies to the PostMaster (sending in email) and also upload
(attaching files to mails, for example).

Upstream fixes:
https://github.com/OTRS/otrs/commit/799616eb43f7fb53cae4e04c81e2156baaf02e2b 6.x
https://github.com/OTRS/otrs/commit/76b301f4e3f45cb23bb6a3d6907028c733d11145 5.x

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18180
http://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-18180.html

Comment 1 Christian Wittmer 2019-12-28 18:27:15 UTC

duplicate of #1157001

*** This bug has been marked as a duplicate of bug 1157001 ***