GSA-6324-1: Request Tracker 5 Security Update
Gnoppix Security has released a critical security update for Request Tracker 5 (RT 5). Multiple vulnerabilities allow remote attackers to execute arbitrary code or cause a denial of service. Users must upgrade immediately.
Vulnerabilities Addressed
The update fixes flaws in input sanitization and session handling. Attackers could exploit these to inject malicious content or hijack active user sessions.
Critical warning: Systems running unpatched RT 5 are exposed to remote code execution. No workaround exists.
Affected Systems
- Gnoppix 23/25 (stable) and Gnoppix 25 (testing) are vulnerable.
- All installations of request-tracker5 packages below version 5.1.0-1+deb12uX are affected.
Action Required
- Upgrade packages immediately to request-tracker5 version 5.1.0-1+deb12uX or later.
- Restart services after update to apply fixes.
- Verify integrity using the provided checksums from the advisory.
Background
Request Tracker is a widely used ticketing system. These vulnerabilities were discovered internally and through coordinated disclosure. Gnoppix Security thanks the researchers for their responsible reporting. - Please update your systems.