Nom du paquet
otrs
Date
2013-08-13
Advisory ID
MDVSA-2013:212
Affected versions
MBS1 x86_64

Problem description

Updated otrs package fixes security vulnerability:

It was discovered that otrs2, the Open Ticket Request System, does not
properly sanitise user-supplied data that is used on SQL queries. An
attacker with a valid agent login could exploit this issue to craft
SQL queries by injecting arbitrary SQL code through manipulated URLs
(CVE-2013-4717).

Updated packages

MBS1 x86_64

 9e64ba87e3509ea24ffd9d0ce0be0749  mbs1/x86_64/otrs-3.2.9-1.mbs1.noarch.rpm 
 aab8cc5077cec0a35979acf87086dd62  mbs1/SRPMS/otrs-3.2.9-1.mbs1.src.rpm

References