Security Information / 2017 / Security Information -- DSA-3876-1 otrs2

Debian Security Advisory

DSA-3876-1 otrs2 -- security update

Date Reported:

09 Jun 2017

Affected Packages:

otrs2

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2017-9324.

More information:

Joerg-Thomas Vogt discovered that the SecureMode was insufficiently validated in the OTRS ticket system, which could allow agents to escalate their privileges.

For the stable distribution (jessie), this problem has been fixed in version 3.3.9-3+deb8u1.

For the upcoming stable distribution (stretch), this problem will be fixed soon.

For the unstable distribution (sid), this problem has been fixed in version 5.0.20-1.

We recommend that you upgrade your otrs2 packages.