-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2015:043
http://www.mandriva.com/en/support/security/
_______________________________________________________________________
Package : otrs
Date : February 10, 2015
Affected: Business Server 1.0
_______________________________________________________________________
Problem Description:
Updated otrs package fixes security vulnerability:
An attacker with valid OTRS credentials could access and manipulate
ticket data of other users via the GenericInterface, if a ticket
webservice is configured and not additionally secured (CVE-2014-9324).
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9324
http://advisories.mageia.org/MGASA-2015-0031.html
_______________________________________________________________________