You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa otrs2

Sigurnosni nedostatak programskog paketa otrs2

by ncert - 0

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

– ————————————————————————-
Debian Security Advisory DSA-4069-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
December 20, 2017 https://www.debian.org/security/faq
– ————————————————————————-

Package : otrs2
CVE ID : CVE-2017-17476
Debian Bug : 884801

Francesco Sirocco discovered a flaw in otrs2, the Open Ticket Request
System, which could result in session information disclosure when cookie
support is disabled. A remote attacker can take advantage of this flaw
to take over an agent’s session if the agent is tricked into clicking a
link in a specially crafted mail.

For the oldstable distribution (jessie), this problem has been fixed
in version 3.3.18-1+deb8u4.

For the stable distribution (stretch), this problem has been fixed in
version 5.0.16-1+deb9u5.

We recommend that you upgrade your otrs2 packages.

For the detailed security status of otrs2 please refer to its security
tracker page at: https://security-tracker.debian.org/tracker/otrs2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
—–BEGIN PGP SIGNATURE—–

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlo62lNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0S0vg//fsm9VLOCO9DdAXUABtdGFrocCxAVYO5+7ipf8iqnGFaKxhDWQ86ZBSqH
C0NPUaZ4wOwFU81KuMeLP4zCLaftS6nhy19jplbIF7b0xQ9mcFYzcjQdUB3sNgFC
toPF0Kqw1klYocvzg81w2ca9lsVKazUvCvmYARpotHsdF3iEXu7Z1+ukYOHffhst
CsWjewAg+sMspY8AyogQd8+hnzfBOcqGZNpOTpAO+KE48qligrfn0Sn15uuAgWxf
9jZS0EWAQzHc4jdteNOcdjBEprAvNJd/wF8PT/7LxZmkj0XIAZKxiMMeupKI2r3l
bHlA8uzGmXTCySFJii0koF13SYnAQxYDg/kxugAOzsR8VzGULuuVsAcPjTU5Bcku
JEnjS5MghWzxjzE9HrEkpQ4n+lB2vQS0kq4XkkIYwNVzm4GVsZquRO1IuWccE35u
RgXLEiYCj6YGmAMjUXlGGjaWXjes8GT0LrAswXpUWEiHEAINP4ZJqyP1u/hXMZZ4
cor0lpK61Dkbloab5XVPvVeW15BH6Ck6JkufhoOJlzrPLmvLFu1qJMziDPtVYlhm
XVBnBfkS1r0ohI+U34HexUK/4UrdrKHHR9pw+PiUCO9pzBnEkBxGyIvVYGGgzuAl
2TrUGZPVvS6a0cbM+CKMwvMS+uKXP5fl9YVoNf/sNX4frJesMqY=
=hbZD
—–END PGP SIGNATURE—–

ncert
Top
More in Preporuke
Sigurnosni nedostaci programske jezgre

Otkriveni su sigurnosni nedostaci programske jezgre za operacijski sustav Fedora. Otkriveni nedostaci potencijalnim napadačima omogućuju stjecanje privilegija, otkrivanje osjetljivih informacija,...

Close