openSUSE Security Update: Security update for otrs ______________________________________________________________________________ Announcement ID: openSUSE-SU-2016:2844-1 Rating: moderate References: #1008017 Cross-References: CVE-2016-9139 Affected Products: openSUSE Leap 42.2 openSUSE 13.2 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for otrs fixes the following security issues: - CVE-2016-9139: execution of JavaScript in OTRS context by opening malicious attachment (OSA-2016-02, bsc#1008017) In addition, OTRS was updated to 3.3.16, containing all upstream improvements and bug fixes. Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2016-1316=1 - openSUSE 13.2: zypper in -t patch openSUSE-2016-1316=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (noarch): otrs-3.3.16-3.1 otrs-doc-3.3.16-3.1 otrs-itsm-3.3.14-3.1 - openSUSE 13.2 (noarch): otrs-3.3.16-7.1 otrs-doc-3.3.16-7.1 otrs-itsm-3.3.14-7.1 References: https://www.suse.com/security/cve/CVE-2016-9139.html https://bugzilla.suse.com/1008017