Debian Security Advisory
DSA-3876-1 otrs2 -- security update
- Date Reported:
- 09 Jun 2017
- Affected Packages:
- Security database references:
- In Mitre's CVE dictionary: CVE-2017-9324.
- More information:
Joerg-Thomas Vogt discovered that the SecureMode was insufficiently validated in the OTRS ticket system, which could allow agents to escalate their privileges.
For the stable distribution (jessie), this problem has been fixed in version 3.3.9-3+deb8u1.
For the upcoming stable distribution (stretch), this problem will be fixed soon.
For the unstable distribution (sid), this problem has been fixed in version 5.0.20-1.
We recommend that you upgrade your otrs2 packages.