Advisories » MGASA-2014-0114

Updated otrs package fixes security vulnerability

Publication date: 02 Mar 2014
Modification date: 02 Mar 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-1695

Description

An attacker could send a specially prepared HTML email to OTRS. If he can
then trick an agent into following a special link to display this email,
JavaScript code would be executed (CVE-2014-1695).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=12910
• https://www.otrs.com/security-advisory-2014-03-xss-issue/
• http://www.otrs.com/release-notes-otrs-help-desk-3-2-15/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1695

SRPMS

4/core

• otrs-3.2.15-1.mga4

3/core

• otrs-3.2.15-1.mga3