Mageia alert MGASA-2013-0104 (zoneminder) [LWN.net]


From:
    	       Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	       updates-announce@ml.mageia.org 
Subject:
    	       [updates-announce] MGASA-2013-0104: zoneminder-1.25.0-10.2.mga2
 (2/Core, Tainted) 
Date:
    	       Tue, 2 Apr 2013 22:11:40 +0200
Message-ID:
    	       <20130402201140.GA6503@valstar.mageia.org>
Archive-link:
    	       Article, Thread
              
MGASA-2013-0104
Date: 	April 2nd, 2013
Affected releases: 	2
Media: 	Core, Tainted


Description:
Updated zoneminder package fixes security vulnerability:

Zoneminder is prone to an arbitrary command execution vulnerability.
Remote (authenticated) attackers could execute arbitrary commands as the
web server user (CVE-2013-0232).


Updated Packages:
i586:
zoneminder-1.25.0-10.2.mga2.i586.rpm
zoneminder-debug-1.25.0-10.2.mga2.i586.rpm
zoneminder-1.25.0-10.2.mga2.tainted.i586.rpm
zoneminder-debug-1.25.0-10.2.mga2.tainted.i586.rpm

x86_64:
zoneminder-1.25.0-10.2.mga2.x86_64.rpm
zoneminder-debug-1.25.0-10.2.mga2.x86_64.rpm
zoneminder-1.25.0-10.2.mga2.tainted.x86_64.rpm
zoneminder-debug-1.25.0-10.2.mga2.tainted.x86_64.rpm

SRPMS:
zoneminder-1.25.0-10.2.mga2.src.rpm
zoneminder-1.25.0-10.2.mga2.tainted.src.rpm


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0232
http://www.zoneminder.com/forums/viewtopic.php?f=29&t...
http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Vide...
https://bugzilla.redhat.com/show_bug.cgi?id=904104
http://www.debian.org/security/2013/dsa-2640
https://bugs.mageia.org/show_bug.cgi?id=9402
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-...
(Log in to post comments)