-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : otrs2 Version : 3.3.18-1~deb7u3 CVE ID : CVE-2017-17476 Debian Bug : 884801
Francesco Sirocco discovered a flaw in otrs2, the Open Ticket Request System, which could result in session information disclosure when cookie support is disabled. A remote attacker can take advantage of this flaw to take over an agent's session if the agent is tricked into clicking a link in a specially crafted mail. For Debian 7 "Wheezy", these problems have been fixed in version 3.3.18-1~deb7u3. We recommend that you upgrade your otrs2 packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAlo654sACgkQnUbEiOQ2 gwKc3g/+MNQPVuKqdUeGA7QHw0KcOx3GL7Y+/tptGFg3wMdOGtN0T83U830VPL03 fXpf8t6OX6iX87I3XilXqfM1cXoJWISZG5+0JpgnZhJziYnjQKWCfWLn6jgTjnx0 e3dEGSEDsCCgshr2yYxTsAF+wA4nzN5FO/GjcAcz9+N6FwAhKS7uBIGCnyl7DY2+ aakagq5XTBk1S3aAH0DIjOjaABJYugoejiIy/P7OikmgWEfFHRsw0OlY48ycId0v 9XHnddkwMMoTsPwRtbrvdSyTEEhfdP2vNuQELFegsVFlQUV7lIsawyo03cg4Fld2 6U5eWWSAOt2tWYp0WqPXaPOqnhC9IeCos+5nRaq8No2JCJobcmWeJUiwBVkoxTh+ 8q4wom9py0nBM1VWIj8QTx7f0BiMP9tCubJVlFI+5jIGu/gJVugRYZngBK1trlcz 2+CQoEYYvA2W8JMAEnBCkjstHuYLL7PHG0rNnPTaU6WMqggaCgYjf+GoUR6jyAI+ 4RFkTLu1FZMLzESH61AYsZ9S8h8fV069hcc0V/o5KfWHYZRGe2NK0bl56WZMNiwQ f8NTCPS6eWY8TGec6DyFuq0oi2/jkpG5t0FQ1Zh0SshHHWnQFoWk5u4MXGbYEIaX dNUKnONE9alYH0aYgRNgetLIQbgrWL35EYYWsNtuxx3Wo7W+jQs= =5pmQ -----END PGP SIGNATURE-----
