Security update for otrs SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:2844-1 Final 1 1 2016-11-17T15:25:36Z current 2016-11-17T15:25:36Z 2016-11-17T15:25:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for otrs This update for otrs fixes the following security issues: - CVE-2016-9139: execution of JavaScript in OTRS context by opening malicious attachment (OSA-2016-02, bsc#1008017) In addition, OTRS was updated to 3.3.16, containing all upstream improvements and bug fixes. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-11/msg00075.html E-Mail link for openSUSE-SU-2016:2844-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 otrs-3.3.16-3.1 otrs-doc-3.3.16-3.1 otrs-itsm-3.3.14-3.1 otrs-3.3.16-3.1 as a component of openSUSE Leap 42.2 otrs-doc-3.3.16-3.1 as a component of openSUSE Leap 42.2 otrs-itsm-3.3.14-3.1 as a component of openSUSE Leap 42.2 Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment. CVE-2016-9139 openSUSE Leap 42.2:otrs-3.3.16-3.1 openSUSE Leap 42.2:otrs-doc-3.3.16-3.1 openSUSE Leap 42.2:otrs-itsm-3.3.14-3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-11/msg00075.html https://www.suse.com/security/cve/CVE-2016-9139.html CVE-2016-9139 https://bugzilla.suse.com/1008017 SUSE Bug 1008017