[SECURITY] [DLA 1521-1] otrs2 security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Package : otrs2
Version : 3.3.18-1+deb8u6
CVE ID : CVE-2018-16586 CVE-2018-16587
Fabien Arnoux discovered several security issues in email validation
of otrs system.
CVE-2018-16586
Load external image or CSS resources in browser when user opens a
malicious email.
CVE-2018-16587
Remote deletions of arbitrary files that the OTRS web server user
has write access when opening malicious email.
For Debian 8 "Jessie", these problems have been fixed in version
3.3.18-1+deb8u6.
We recommend that you upgrade your otrs2 packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE7xPqJqaY/zX9fJAuhj1N8u2cKO8FAlururYACgkQhj1N8u2c
KO9c6Q//bCZJI5hUNnoilRF0eWfci5ykPbFFqGWBown91OnIIMZdZ25N93m5v94y
GnVcj+ZbhKnOBGjgjkCeBghz9nsutABwrVV+Qu9fl4zRn0rw4CwCxmE7LTwpHblW
h8geOWVcAugjW19kOMx6vfl7aN91pdfswLprmndPnqCzh4AM4hnbEaUQrqc8EHof
XtPzN4SUDs7O2ZaIDoJSkQ6l2+wwofMQ5Wp9chaQJ1KxVzh60lrXpyVMiT5xAKes
4F7AilTx/5msWiOSqceELPd8p5gIBu96dycD0uBf/7Fv7ZYJ5l3RKnZeGooAdB8+
bQdgh3GCsY0rxcPOSud8e7VLEXn8m1Bi7J1AnvDPZw6Z30sb5DfccvpD2O9DahdG
fa0pBvDDLQ4gIJ4NEGH+JKmNk6ZQGIn6PabxuJwkQ9djpBdIXJNG69ZPnAc8ef1p
DCD0ECt7UZ+wgcg0KlZwQV+Iu6F9mPi6eOLAs40tzwInloJNbUUtKMzBrvH4SjKK
W9QJDef6P2U8yRhUGNpIoumPM9JGMnfeFjQOwficHKH2qhAZIE0UC/AGw9k57cI8
Xk3iD8VZ7s8HY9/jL4ouBaQHuZN0TS7zN0f3l1Hnv3E269pxeVwHGnD5OrqYqlMo
aJGQ0HjL4Vx5Gkvj4SgO2fj1fJHmuaFLEMFtkWNhvtj1FADX54g=
=R2Hi
-----END PGP SIGNATURE-----
Reply to: