openSUSE Security Update : otrs (openSUSE-SU-2012:1214-1)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

- fix a XSS vulnerability: bnc#778655 (CVE-2012-4600)

- update to 2.4.14 (openSUSE 11.4) (fix for OSA-2012-02,
http://otrs.org/advisory/)

- Improved HTML security filter to detect tag nesting.

- update to 3.0.16 (openSUSE 12.1) (fix for OSA-2012-02,
http://otrs.org/advisory/)

- Improved HTML security filter to detect tag nesting.

- Bug#8611 - Ticket count is wrong in QueueView.

- update to 3.1.10 (openSUSE 12.2) (fix for OSA-2012-02,
http://otrs.org/advisory/)

- Improved HTML security filter to detect tag nesting.

- Bug#8611 - Ticket count is wrong in QueueView.

- Bug#8698 - Layout.pm only looks at first entry from
HTTP_ACCEPT_LANGUAGE to determine language.

- Bug#8731 - LDAP group check returns wrong error.

See also :

http://lists.opensuse.org/opensuse-updates/2012-09/msg00079.html
http://otrs.org/advisory/
https://bugzilla.novell.com/show_bug.cgi?id=778655

Solution :

Update the affected otrs packages.

Risk factor :

Low / CVSS Base Score : 2.6
(CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N)

Family: SuSE Local Security Checks

Nessus Plugin ID: 74760 ()

Bugtraq ID:

CVE ID: CVE-2012-4600

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now