[SECURITY] [DLA 1774-1] otrs2 security update

ID DEBIAN:DLA-1774-1:36281
Type debian
Reporter Debian
Modified 2019-05-03T11:43:09


Package : otrs2 Version : 3.3.18-1+deb8u9 CVE ID : CVE-2019-9892

A flaw was discovered in OTRS, the Open Ticket Request System. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbitrary files of OTRS filesystem.

For Debian 8 "Jessie", this problem has been fixed in version 3.3.18-1+deb8u9.

We recommend that you upgrade your otrs2 packages.

Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS