Advisories » MGASA-2015-0031

Updated otrs package fixes CVE-2014-9324

Publication date: 20 Jan 2015
Modification date: 20 Jan 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9324

Description

Updated otrs package fixes security vulnerability:

An attacker with valid OTRS credentials could access and manipulate ticket
data of other users via the GenericInterface, if a ticket webservice is
configured and not additionally secured (CVE-2014-9324).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=15024
• https://www.otrs.com/security-advisory-2014-06-incomplete-access-control/
• https://www.otrs.com/release-notes-otrs-help-desk-3-2-17/
• https://www.debian.org/security/2015/dsa-3124
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9324

SRPMS

4/core

• otrs-3.2.17-1.mga4