Summary: | =net-analyzer/zabbix-3.4.4 version bump | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Opportunist <axiator> |
Component: | Current packages | Assignee: | Gentoo Security <security> |
Status: | RESOLVED OBSOLETE | ||
Severity: | normal | CC: | alicef, patrick, security |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | ~2 [noglsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Opportunist
2017-11-10 07:11:28 UTC
Bumped. [DEV-593] fixed multiple security issues this might require stabling new versions, CCing security@ thank you! Vulnerability Details : CVE-2017-2824 An exploitable code execution vulnerability exists in the trapper command functionality of Zabbix Server 2.4.X. A specially crafted set of packets can cause a command injection resulting in remote code execution. An attacker can make requests from an active Zabbix Proxy to trigger this vulnerability. Publish Date : 2017-05-24 Last Update Date : 2017-11-05 Vulnerability Details : CVE-2016-10134 SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php. Publish Date : 2017-02-16 Last Update Date : 2017-11-03 @Maintainers I'm adding two CVEs to the list, but those are not affecting Gentoo, if you find any that affects a current stable version please let us know. Thank you |