Debian alert DLA-1816-1 (otrs2)
| From: | Markus Koschany <apo@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1816-1] otrs2 security update | |
| Date: | Tue, 11 Jun 2019 18:54:15 +0200 | |
| Message-ID: | <22f81203-7e0c-1163-d3de-7d620556e23c@debian.org> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : otrs2 Version : 3.3.18-1+deb8u10 CVE ID : CVE-2019-12248 CVE-2019-12497 Two security vulnerabilities were discovered in the Open Ticket Request System that could lead to information disclosure or privilege escalation. New configuration options were added to resolve those problems. CVE-2019-12248 An attacker could send a malicious email to an OTRS system. If a logged in agent user quotes it, the email could cause the browser to load external image resources. CVE-2019-12497 In the customer or external frontend, personal information of agents can be disclosed like Name and mail address in external notes. For Debian 8 "Jessie", these problems have been fixed in version 3.3.18-1+deb8u10. We recommend that you upgrade your otrs2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlz/3LdfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeT6Dg/+NgSKrbk7ItxVzrtd8pFRvfqHgzAnIUM6HJHJAKDO41uxQaK+JNZAwmk/ 9eVIXfgyCdSwx+c/dKoH+1wmAxz3FVD63QB/sVLFj1xJ+lnPvp52JAhPqkqLrMPY t6/wmADRaAaM2bMqBmkyDzUiZEOEAQfToCnkGpV5M8FvW4K5zAJKsedjnTBaEk/p hhK6s2Wu8bNO/p+HV9oCGMsGG0J2Q40HsXy6P21u2cwIdG8ofIjc/jKSejSNiI7+ l7FbncmGUVEbFOQJY/tLF5HErbLvsxCRU/y6avBCOifTrsrH3DxlVd7BOX1LKjer 5V4q+v/fPuTmmsha8Yy5RN3JCSTtD61V8vp5LDnfAl7JYaw3XPsGto6qUhaxn9mR 3K/1qv348J21urQTSY6G5Hpxrz5R60X9/Qfv/zRjJeMVsTSlcIhd0PUGGhFTFRZF aQ9UUMTfffoEXVZIVzshOzB8fG/hWurL76p5FgtvMZTpyPPpir0VWRyThXoKc8Qd Bgnm0YGeGqET194ZC/ZZuLNA8lk6ZgGdEg6wjKetp6JZoQ4QmtVj2APMvCmg2EA1 GSqDwJHvDd7DQSj3eDb7y/2MR6antFleDu2Y7R3x4ks1SGuSc4C6zY73WTNYYuvE mgnmZY5P8T7774WdH4Ht0BjC3wN/HXM/kHTxeFBsm+BJjU5Tdzs= =ZmIb -----END PGP SIGNATURE-----