-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3876-1 security@xxxxxxxxxx https://www.debian.org/security/ Moritz Muehlenhoff June 09, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : otrs2 CVE ID : CVE-2017-9324 Joerg-Thomas Vogt discovered that the SecureMode was insufficiently validated in the OTRS ticket system, which could allow agents to escalate their privileges. For the stable distribution (jessie), this problem has been fixed in version 3.3.9-3+deb8u1. For the upcoming stable distribution (stretch), this problem will be fixed soon. For the unstable distribution (sid), this problem has been fixed in version 5.0.20-1. We recommend that you upgrade your otrs2 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAlk67mEACgkQEMKTtsN8 TjbMrA//eS8BVJdg4V+S5FhD/vthgkrAM6Ms/kMmypE4KOFkOWn5ozK2cLntmnND GfPdOISKJwakVnECYBTIbDYoIwkyZPFxc2ETLAY/HiHpXndF8ZyK9vKX51BHmhlz xtt6EO4uu1c1e3RPtmHh/TUMPka3+YMx3CKbXiZf+daYobHs+8Y+tx3X7OXCWnZF ntBJp81rvSJJZnR7EchlX+pYtPEGA8sXxYvgWcoo6nb+4WurrUd/P6dvkEi5afi/ hYjawb8HZ6PM31qAJMLtmQ2kpoLtjZGxSEy7hqsT4LN7ZKhqFUcit1VkzEVZ0MiW S0/9L5YA/TV5Uvbp5GlVjkcJOFtxn5bndeR2jPQ0fTSe4L7EGMWEKKMdkbSwpx3h H5NmpKVYuteHvaOX/QPjTZWTy42edZiunQfhV7z9zG8DYckVFkPmNyAxwVnLq9OE JBKcOz49s9Doos/KvLFf28OOUK2L6oLApGcZqKQYaCJwP6vZfiQHLiDUP/IUv1Xa vnFXATxtf3qBH/GAmNP9YdQC6NTg07ARtrP4+tFIjckw4QBMy5SRsAZdG1CMi8Pl J2ioglMlviJP9/SCkwcuLbA7aWZYbag4JvPp6OfuOlqhbPPvwCbEsAZASghtiNZx TEWHp5GyMtUsnzusdi4guOIrmg+GVb93LrrtvITpnKZDlBBDomo= =LebT -----END PGP SIGNATURE-----