-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4021-1 security@xxxxxxxxxx https://www.debian.org/security/ Moritz Muehlenhoff November 07, 2017 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : otrs2 CVE ID : CVE-2017-14635 It was discovered that missing input validation in the Open Ticket Request System could result in privilege escalation by an agent with write permissions for statistics. For the oldstable distribution (jessie), this problem has been fixed in version 3.3.18-1+deb8u1. For the stable distribution (stretch), this problem has been fixed in version 5.0.16-1+deb9u2. We recommend that you upgrade your otrs2 packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAloCHIsACgkQEMKTtsN8 TjbYwQ/8Cyqy21hL/FxEEONP4rnnv4XtqN/Y9Ia/eEhw9HPVVlj2xo7voUHvczpb tk0Q8VJxSKaLX2RNS3tXUekmjtTwg1p/lABPJdiaW0NSlNig2374pBiXEKWf1XU3 yV1YGIcF+LtSNasMkDaQBFLTJDWvDcV3PK6jY1Gkgey+dcCG+E3+VRMq2ria8v8X hxi6eLKmGkO04qxjTABHEQYora663bOS9ifsnlKswhJqqMDAAn7tWJzYQhGq49TJ q9Hxn4+gHyLos11DoEx9iUeEQ3NPAf6egGrIxFf/LiHy7pt+M00jp3Qel0Djse4o XnqM0tWniSG410mrlXHryKf0MpjxEnusNJMOyBmbG/n6WvQtl2gANrdYoG8sXPvf 3DtnTZ4+ZT61w8lEidTEfxsObc80k5xpZVFFIjV3MuQU/dMRlXG7DEhqOnJttpNT iRGLIRc8BioaENts1vxPtoaV2F2tMLke7tsV6g+112spZbhE9ijzLXPxSRGorVSj Yb49QPsab8AdlBUNvDAHzp0WVFcpCzFwvtVXChM3K5su1g9FY0p7UfTfQD358d6Q 2nT4gQQ5OpIwQf6sKFxWpF+Dp9jKuXP8/cJQM8MU+9r3flSQ+qg62yFSi6IlNWHc dtThX9MUc5jUwKxsQDGGHmLnDU3ayo2j1ZIlKKWiD4V2H2WtEoY= =2fwj -----END PGP SIGNATURE-----