From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
- ------------------------------------------------------------------------- Debian Security Advisory DSA-3876-1
[email protected] https://www.debian.org/security/ Moritz Muehlenhoff
June 09, 2017
https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : otrs2
CVE ID : CVE-2017-9324
Joerg-Thomas Vogt discovered that the SecureMode was insufficiently
validated in the OTRS ticket system, which could allow agents to
escalate their privileges.
For the stable distribution (jessie), this problem has been fixed in
version 3.3.9-3+deb8u1.
For the upcoming stable distribution (stretch), this problem will be
fixed soon.
For the unstable distribution (sid), this problem has been fixed in
version 5.0.20-1.
We recommend that you upgrade your otrs2 packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at:
https://www.debian.org/security/
Mailing list:
[email protected]
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlk67mEACgkQEMKTtsN8 TjbMrA//eS8BVJdg4V+S5FhD/vthgkrAM6Ms/kMmypE4KOFkOWn5ozK2cLntmnND GfPdOISKJwakVnECYBTIbDYoIwkyZPFxc2ETLAY/HiHpXndF8ZyK9vKX51BHmhlz xtt6EO4uu1c1e3RPtmHh/TUMPka3+YMx3CKbXiZf+daYobHs+8Y+tx3X7OXCWnZF ntBJp81rvSJJZnR7EchlX+pYtPEGA8sXxYvgWcoo6nb+4WurrUd/P6dvkEi5afi/ hYjawb8HZ6PM31qAJMLtmQ2kpoLtjZGxSEy7hqsT4LN7ZKhqFUcit1VkzEVZ0MiW S0/9L5YA/TV5Uvbp5GlVjkcJOFtxn5bndeR2jPQ0fTSe4L7EGMWEKKMdkbSwpx3h H5NmpKVYuteHvaOX/QPjTZWTy42edZiunQfhV7z9zG8DYckVFkPmNyAxwVnLq9OE JBKcOz49s9Doos/KvLFf28OOUK2L6oLApGcZqKQYaCJwP6vZfiQHLiDUP/IUv1Xa vnFXATxtf3qBH/GAmNP9YdQC6NTg07ARtrP4+tFIjckw4QBMy5SRsAZdG1CMi8Pl J2ioglMlviJP9/SCkwcuLbA7aWZYbag4JvPp6OfuOlqhbPPvwCbEsAZASghtiNZx TEWHp5GyMtUsnzusdi4guOIrmg+GVb93LrrtvITpnKZDlBBDomo=
=LebT
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)