30. 09. 2015 MarinovMihail Service Management

EriZone Security Advisory

Two new packages have been published to overcome the following two vulnerabilities of the OTRS framework on which EriZone is based:

Security Advisory 2015-02: Scheduler Process ID File Access

Security Advisory 2015-01: Vulnerability in OTRS iPhoneHandle interface allows user with valid session privilege escalation

The packages have been published for the EriZone releases 3.1, 3.2 and 3.3

Please install the package EriZonePatches. If you have already installed the iPhoneHandle package, please update it to the new 1.3.3 version.

You can do that through the Agent web interface in the System Administration area.

Follow the sequence:

  1. Update the Package Manager repository information
  2. Install the EriZonePatches package
  3. Update the iPhoneHandle package (if it has been already installed)
  4. Execute the following actions from the command line:
  •             /opt/otrs/scripts/EriZone/erizone.global_makelink
  •             /opt/otrs/scripts/EriZone/Permissions.sh
  •             /opt/otrs/scripts/EriZone/RestartEriZone.sh

ErizoneSecurityadvisory

Contact our support team if you do not feel comfortable on any operation net.support@wuerth-phoenix.com or +39 0471 564101

MarinovMihail

MarinovMihail

Developer at Würth Phoenix
“Hi guys! I’m Mihail and since the university years I has been fascinated by distributed systems and measurements on them. Now when I join the Neteye project I get the possibility to continue with this passion and this is great. My free time is completely dedicated to my wife and my daughters, I simply love them.”

Author

MarinovMihail

“Hi guys! I’m Mihail and since the university years I has been fascinated by distributed systems and measurements on them. Now when I join the Neteye project I get the possibility to continue with this passion and this is great. My free time is completely dedicated to my wife and my daughters, I simply love them.”

Leave a Reply

Your email address will not be published. Required fields are marked *

Archive