Security update for otrs (important)

2017-11-23T18:09:38
ID OPENSUSE-SU-2017:3054-1
Type suse
Reporter Suse
Modified 2017-11-23T18:09:38

Description

This update for otrs fixes the following security issues:

  • CVE-2017-15864: Remote authenticated attackers could have caused otrs to disclose configuration information, including database credentials (boo#1068677, OSA-2017-06)
  • CVE-2017-16664: Remote authenticated attackers could have caused the execution of shell commands with the permission of the web server user (boo#1069391, OSA-2017-07)