OTRS plugs security hole, launches OtterHub
OTRS Inc has released versions 2.4.11 and 3.0.10 of OTRS (Open source Ticket Request System) – maintenance and security updates to the company's open source help desk system. The latest versions of the help desk solution address a moderate severity security vulnerability in the OTRS-Core that could allow an attacker gain read access to any file on the host system's filesystem, although the attacker would need administrator permissions to the OTRS application.
The information disclosure vulnerability is caused by an error in the Kernel/Modules/AdminPackageManager.pm script. Versions up to and including 2.4.10 and 3.0.9 are affected. Further details about the security updates, including download information, can be found in the 2.4.11 and 3.0.10 release notes. OTRS source code is licensed under the GNU Affero General Public License (AGPL).
Founded in February of this year, the OTRS Community Board has also announced the launch OtterHub, its new official site which features the Otter as its mascot. OtterHub has an events calendar, projects page, blog and links to other OTRS resources. OtterHub is available in English and German.
See also:
- OTRS Security Advisory 2011-03, security advisory from OTRS.
- OTRS 3.0 adds new Ajax-powered GUI, a report from The H.
(crve)