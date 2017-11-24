-----BEGIN PGP SIGNED MESSAGE-----

Debian Security Advisory DSA-4047-1 security@debian.org

https://www.debian.org/security/ Moritz Muehlenhoff

November 23, 2017 https://www.debian.org/security/faq

- -------------------------------------------------------------------------



Package : otrs2

CVE ID : CVE-2017-15864 CVE-2017-16664



Two vulnerabilities were discovered in the Open Ticket Request System

which could result in disclosure of database credentials or the

execution of arbitrary shell commands by logged-in agents.



For the oldstable distribution (jessie), these problems have been fixed

in version 3.3.18-1+deb8u2.



For the stable distribution (stretch), these problems have been fixed in

version 5.0.16-1+deb9u3.



We recommend that you upgrade your otrs2 packages.



For the detailed security status of otrs2 please refer to

its security tracker page at:

https://security-tracker.debian.org/tracker/otrs2



Further information about Debian Security Advisories, how to apply

these updates to your system and frequently asked questions can be

found at: https://www.debian.org/security/



Mailing list: debian-security-announce@lists.debian.org

