Security update for otrs
This update for otrs fixes the following security issues:
- CVE-2017-15864: Remote authenticated attackers could have caused otrs to disclose configuration information, including database credentials (boo#1068677, OSA-2017-06)
- CVE-2017-16664: Remote authenticated attackers could have caused the execution of shell commands with the permission of the web server user (boo#1069391, OSA-2017-07)
-
Submitted by
Christian Wittmer (computersalat)
Fixed bugs
bnc#1069391
VUL-0: CVE-2017-16664: otrs: Code injection in Kernel/System/Spelling.pm for authenticated remote attackers
bnc#1068677
VUL-0: CVE-2017-15864: otrs: In the Agent Frontend a crafted URL allows to gain information like database user and password
