Mageia alert MGASA-2014-0015 (zabbix)

From:
    	     
 
Mageia Updates <buildsystem-daemon@mageia.org> 
To:
    	     
 
updates-announce@ml.mageia.org 
Subject:
    	     
 
[updates-announce] MGASA-2014-0015: Updated zabbix packages fix two security vulnerabilities 
Date:
    	     
 
Tue, 21 Jan 2014 17:06:42 +0100
Message-ID:
    	     
 
<20140121160642.C91BD53E18@valstar.mageia.org>
MGASA-2014-0015 - Updated zabbix packages fix two security vulnerabilities

Publication date: 21 Jan 2014
URL: http://advisories.mageia.org/MGASA-2014-0015.html
Type: security
Affected Mageia releases: 3
CVE: CVE-2013-6824,
     CVE-2013-5743

Description:
Updated zabbix packages fixes security vulnerability:

This update multiples vulnerabilities.

- Fix vulnerability for remote command execution injection
  (ZBX-7479, CVE-2013-6824)
- Fix SQL injection vulnerability (ZBX-7091, CVE-2013-5743)
- Fix XSS issues (ZBX-6952)

References:
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5743
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6824
- https://support.zabbix.com/browse/ZBX-7479
- https://support.zabbix.com/browse/ZBX-7091
- https://support.zabbix.com/browse/ZBX-6952
- http://www.zabbix.com/rn2.0.9.php
- http://www.zabbix.com/rn2.0.10.php
- https://lists.fedoraproject.org/pipermail/package-announc...
- https://bugs.mageia.org/show_bug.cgi?id=11868
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6824
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5743

SRPMS:
- 3/core/zabbix-2.0.10-1.mga3