[SECURITY] [DLA 1215-1] otrs2 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : otrs2
Version : 3.3.18-1~deb7u3
CVE ID : CVE-2017-17476
Debian Bug : 884801
Francesco Sirocco discovered a flaw in otrs2, the Open Ticket Request
System, which could result in session information disclosure when cookie
support is disabled. A remote attacker can take advantage of this flaw
to take over an agent's session if the agent is tricked into clicking a
link in a specially crafted mail.
For Debian 7 "Wheezy", these problems have been fixed in version
3.3.18-1~deb7u3.
We recommend that you upgrade your otrs2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlo654sACgkQnUbEiOQ2
gwKc3g/+MNQPVuKqdUeGA7QHw0KcOx3GL7Y+/tptGFg3wMdOGtN0T83U830VPL03
fXpf8t6OX6iX87I3XilXqfM1cXoJWISZG5+0JpgnZhJziYnjQKWCfWLn6jgTjnx0
e3dEGSEDsCCgshr2yYxTsAF+wA4nzN5FO/GjcAcz9+N6FwAhKS7uBIGCnyl7DY2+
aakagq5XTBk1S3aAH0DIjOjaABJYugoejiIy/P7OikmgWEfFHRsw0OlY48ycId0v
9XHnddkwMMoTsPwRtbrvdSyTEEhfdP2vNuQELFegsVFlQUV7lIsawyo03cg4Fld2
6U5eWWSAOt2tWYp0WqPXaPOqnhC9IeCos+5nRaq8No2JCJobcmWeJUiwBVkoxTh+
8q4wom9py0nBM1VWIj8QTx7f0BiMP9tCubJVlFI+5jIGu/gJVugRYZngBK1trlcz
2+CQoEYYvA2W8JMAEnBCkjstHuYLL7PHG0rNnPTaU6WMqggaCgYjf+GoUR6jyAI+
4RFkTLu1FZMLzESH61AYsZ9S8h8fV069hcc0V/o5KfWHYZRGe2NK0bl56WZMNiwQ
f8NTCPS6eWY8TGec6DyFuq0oi2/jkpG5t0FQ1Zh0SshHHWnQFoWk5u4MXGbYEIaX
dNUKnONE9alYH0aYgRNgetLIQbgrWL35EYYWsNtuxx3Wo7W+jQs=
=5pmQ
-----END PGP SIGNATURE-----
Reply to: