[SECURITY] [DLA 1774-1] otrs2 security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 1774-1] otrs2 security update
From: Markus Koschany <apo@debian.org>
Date: Fri, 3 May 2019 13:42:54 +0200
Message-id: <[🔎] 5140951f-057a-79f7-18ae-48d52a7e2424@debian.org>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : otrs2
Version        : 3.3.18-1+deb8u9
CVE ID         : CVE-2019-9892

A flaw was discovered in OTRS, the Open Ticket Request System. An
attacker who is logged into OTRS as an agent user with appropriate
permissions may try to import carefully crafted Report Statistics XML
that will result in reading of arbitrary files of OTRS filesystem.

For Debian 8 "Jessie", this problem has been fixed in version
3.3.18-1+deb8u9.

We recommend that you upgrade your otrs2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlzMKT5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeRthg//Z6J5AcPUNBLf2uP74hN+rbI7C/O+rbrRPGUMBZ9nzWrFMVeapZUmeYIZ
6XTd4foP2DShfxZrF4WrtPsu0la5iOmke6FL9kTeO8743PDrgSKOL2tJRy/Q+fNu
jjraS/J4778hoICjqUogCNT5dYrLDslOHBXPP49FglrSlEHkM2v23JpKwVyJs1F1
w6B/rxCcXJ6T3FTwtjBEiDoelc65uQjeg97toDfMvdoRQVyyyvnUcCXzvHdLXGlI
tdGQIuHG2iv1QxJHq39Vt2yIM+X4zDRQrB3vO4GMOcfkstv32ZUqFadlGRzTSkTG
YQ/I5FWu8tlC8LOMn/EhvB3QedMXzHZVMmgYFUgYr1zrBUWXnrrzcZ4rTxOnygOj
I4j4vBF61QTdHbrIO7Q1BcXqH178+NkoeiHe7yR9m+wdm0h7IShai5EC+f3CBpOC
Vfoc1N2133QNbd8QBKXdMEP0xryQN783UIaQ9hWxgiLnywcLwnOT2y6VuaH3tmII
WXTa54SZaNCfAU5G6iVwC8ACGvul4EPOUjijvx6qnjwovPPOTUEyszFZx6CZ3Siz
H/rsqGP9AjVMYfL2O6KAA9N+fuJDBwVbNP+3wmapa2qj/oTEyiczq1LGvmJUfrhW
K47NMFudWOICHDDFkfc8tF16su/qETDXCWxxBoRgrs1vGYacUkU=
=Lvpt
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 1771-1] linux-4.9 security update
Next by Date: [SECURITY] [DLA 1775-1] phpbb3 security update
Previous by thread: [SECURITY] [DLA 1771-1] linux-4.9 security update
Next by thread: [SECURITY] [DLA 1775-1] phpbb3 security update
Index(es):
- Date
- Thread