Debian Long Term Support / LTS Security Information / 2019 / Security Information -- DLA-1774-1 otrs2

Debian Security Advisory

DLA-1774-1 otrs2 -- LTS security update

Date Reported:

03 May 2019

Affected Packages:

otrs2

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2019-9892.

More information:

A flaw was discovered in OTRS, the Open Ticket Request System. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files of OTRS filesystem.

For Debian 8 Jessie, this problem has been fixed in version 3.3.18-1+deb8u9.

We recommend that you upgrade your otrs2 packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS