1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 2733-1] otrs2 security update

    From Salvatore Bonaccorso@1:229/2 to All on Fri Aug 2 22:30:02 2013
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-2733-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso August 02, 2013 http://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : otrs2
    Vulnerability : SQL injection
    Problem type : remote
    Debian-specific: no
    CVE ID : CVE-2013-4717

    It was discovered that otrs2, the Open Ticket Request System, does not
    properly sanitise user-supplied data that is used on SQL queries. An
    attacker with a valid agent login could exploit this issue to craft SQL
    queries by injecting arbitrary SQL code through manipulated URLs.

    For the oldstable distribution (squeeze), this problem has been fixed in version 2.4.9+dfsg1-3+squeeze4. This update also provides fixes for CVE-2012-4751, CVE-2013-2625 and CVE-2013-4088, which were all fixed for
    stable already.

    For the stable distribution (wheezy), this problem has been fixed in
    version 3.1.7+dfsg1-8+deb7u3.

    For the testing distribution (jessie), this problem has been fixed in
    version 3.2.9-1.

    For the unstable distribution (sid), this problem has been fixed in
    version 3.2.9-1.

    We recommend that you upgrade your otrs2 packages.

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: http://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.4.14 (GNU/Linux)

    iQIcBAEBCgAGBQJR/BD2AAoJEHidbwV/2GP+eHIQAMDZ7Q/0lFFurEfNoa+0uS5e kW4lOIggjajvhnmZ95zlOQEBlHz/yXUwGoVnX8CvYyjXz0bqrPQc6QWOk5y0Wm1q ETKQIOeUXXFpDL7ZLiXvoWpy8RgQskhCiqmraVBsGKKLeZRnTT9yz31sTtWJ5RjK umkN1a4mPIFtJboPJRq/JCw9sDU1Fldn/XGcqFQel/u1z5w11ef1Dfo7o6crvEJa 6PwxKIQNaDxapZxlPaAoFycRlQ96DJ1et1bVg7c9AwqFyhgbubihKAlJ8WFZMk9F 8+N+kuZB/HE/pp1PVpyWBm7mUelBzBaGFnpohAZpSE6Yc/sPLrFt/E7PJ6XpAw1K HCSKQw64twUK5hBxvrG/soyFrHxieVo2NtGLLPOsxQWH/Dud6BgFK3BH4QCImo9m dul0OEui6cxt2edCyoLhAMcnq4kLcY9wKYrZMvwQrCJEKBlR5AzgELBwzm2wm6JP 2uOBK8g+Spy9oT3eBgxUHIztsrN7nDUIbfdgUpjpd9U4ywbVfOBfBtlAEF377rAh qR8muzXnGlrrssZE1ALgdHn6hXCYkFPnQPPraQ5olbwDWTZIkGi4257KTxvB5mry TAXwd1JDIhwSZ+J5QEp2VgxhAO0HAEk0keUOhyf4z3b8DJJDxN/frB0BmijohwSL aSH+yPNXIEwyNDeoHOJ2
    =binX
    -----END PGP SIGNATURE-----


    --
    To UNSUBSCRIBE, email to [email protected]
    with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)