[Bug 224729] www/otrs: Update to 5.0.26 (security)
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Dec 30 14:19:17 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224729
Bug ID: 224729
Summary: www/otrs: Update to 5.0.26 (security)
Product: Ports & Packages
Version: Latest
Hardware: Any
OS: Any
Status: New
Keywords: patch, security
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: freebsd-ports-bugs at FreeBSD.org
Reporter: vidar at karlsen.tech
CC: m.tsatsenko at gmail.com
Flags: maintainer-feedback?(m.tsatsenko at gmail.com)
CC: m.tsatsenko at gmail.com
Created attachment 189220
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=189220&action=edit
Proposed patch
OTRS 5.0.23 is vulnerable, as described in CVE-2017-16921:
https://www.otrs.com/security-advisory-2017-09-security-update-otrs-framework/
https://nvd.nist.gov/vuln/detail/CVE-2017-16921
Privilege Escalation: An attacker who is logged into OTRS as an agent can
manipulate form parameters and execute arbitrary shell commands with the
permissions of the OTRS or web server user.
The attached patch will update to 5.0.26.
portlint -C: looks fine
poudriere testport ok on:
10.3-RELEASE amd64
10.3-RELEASE i386
10.4-RELEASE amd64
10.4-RELEASE i386
11.1-RELEASE amd64
11.1-RELEASE i386
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list