GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Mon Nov 25, 2013 6:26 pm Post subject: [ GLSA 201311-15 ] Zabbix: Multiple vulnerabilities |
 |
|
Gentoo Linux Security Advisory
Title: Zabbix: Multiple vulnerabilities (GLSA 201311-15)
Severity: normal
Exploitable: remote
Date: November 25, 2013
Bug(s): #312875, #394497, #428372, #452878, #486696
ID: 201311-15
Synopsis
Multiple vulnerabilities have been found in Zabbix, possibly
leading to SQL injection attacks, Denial of Service, or information
disclosure.
Background
Zabbix is software for monitoring applications, networks, and servers.
Affected Packages
Package: net-analyzer/zabbix
Vulnerable: < 2.0.9_rc1-r2
Unaffected: >= 2.0.9_rc1-r2
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Zabbix. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker may be able to execute arbitrary SQL statements, cause
a Denial of Service condition, or obtain sensitive information.
Workaround
There is no known workaround at this time.
Resolution
All Zabbix users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=net-analyzer/zabbix-2.0.9_rc1-r2"
|
References
CVE-2010-1277
CVE-2011-2904
CVE-2011-3263
CVE-2011-4674
CVE-2012-3435
CVE-2013-1364
CVE-2013-5572 |
|
News & Announcements
