Nome do pacote
otrs
Data
2014-06-10
ID Alerta
MDVSA-2014:111
Versões afetadas
MBS1 x86_64

Descrição do problema

Updated otrs package fixes security vulnerabilities:

A logged in attacker could insert special content in dynamic fields,
leading to JavaScript code being executed in OTRS (CVE-2014-2553).

An attacker could embed OTRS in a hidden iframe tag of another page,
tricking the user into clicking links in OTRS (CVE-2014-2554).

Pacotes atualizados

MBS1 x86_64

 705047cc0c626211bcc60881d3af1469  mbs1/x86_64/otrs-3.2.16-1.mbs1.noarch.rpm 
 a5c3626c92a00103fe916aff0690d791  mbs1/SRPMS/otrs-3.2.16-1.mbs1.src.rpm

Referências