[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1816-1] otrs2 security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : otrs2
Version        : 3.3.18-1+deb8u10
CVE ID         : CVE-2019-12248 CVE-2019-12497

Two security vulnerabilities were discovered in the Open Ticket
Request System that could lead to information disclosure or privilege
escalation. New configuration options were added to resolve those
problems.

CVE-2019-12248

    An attacker could send a malicious email to an OTRS system. If a
    logged in agent user quotes it, the email could cause the browser to
    load external image resources.

CVE-2019-12497

    In the customer or external frontend, personal information of agents
    can be disclosed like Name and mail address in external notes.

For Debian 8 "Jessie", these problems have been fixed in version
3.3.18-1+deb8u10.

We recommend that you upgrade your otrs2 packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlz/3LdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeT6Dg/+NgSKrbk7ItxVzrtd8pFRvfqHgzAnIUM6HJHJAKDO41uxQaK+JNZAwmk/
9eVIXfgyCdSwx+c/dKoH+1wmAxz3FVD63QB/sVLFj1xJ+lnPvp52JAhPqkqLrMPY
t6/wmADRaAaM2bMqBmkyDzUiZEOEAQfToCnkGpV5M8FvW4K5zAJKsedjnTBaEk/p
hhK6s2Wu8bNO/p+HV9oCGMsGG0J2Q40HsXy6P21u2cwIdG8ofIjc/jKSejSNiI7+
l7FbncmGUVEbFOQJY/tLF5HErbLvsxCRU/y6avBCOifTrsrH3DxlVd7BOX1LKjer
5V4q+v/fPuTmmsha8Yy5RN3JCSTtD61V8vp5LDnfAl7JYaw3XPsGto6qUhaxn9mR
3K/1qv348J21urQTSY6G5Hpxrz5R60X9/Qfv/zRjJeMVsTSlcIhd0PUGGhFTFRZF
aQ9UUMTfffoEXVZIVzshOzB8fG/hWurL76p5FgtvMZTpyPPpir0VWRyThXoKc8Qd
Bgnm0YGeGqET194ZC/ZZuLNA8lk6ZgGdEg6wjKetp6JZoQ4QmtVj2APMvCmg2EA1
GSqDwJHvDd7DQSj3eDb7y/2MR6antFleDu2Y7R3x4ks1SGuSc4C6zY73WTNYYuvE
mgnmZY5P8T7774WdH4Ht0BjC3wN/HXM/kHTxeFBsm+BJjU5Tdzs=
=ZmIb
-----END PGP SIGNATURE-----


Reply to: