[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1708-1] zabbix security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : zabbix
Version        : 1:2.2.23+dfsg-0+deb8u1
CVE ID         : CVE-2016-10742 CVE-2017-2826

Several security vulnerabilities were discovered in Zabbix, a
server/client network monitoring solution.

CVE-2016-10742

    Zabbix allowed remote attackers to redirect to external links by
    misusing the request parameter.

CVE-2017-2826

    An information disclosure vulnerability exists in the iConfig proxy
    request of Zabbix server. A specially crafted iConfig proxy request
    can cause the Zabbix server to send the configuration information of
    any Zabbix proxy, resulting in information disclosure. An attacker
    can make requests from an active Zabbix proxy to trigger this
    vulnerability.

This update also includes several other bug fixes and improvements. For
more information please refer to the upstream changelog file.

For Debian 8 "Jessie", these problems have been fixed in version
1:2.2.23+dfsg-0+deb8u1.

We recommend that you upgrade your zabbix packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlyG1W1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeR+8g//ciI7m+rpmR8Ff/cQu5W8qSpjlfJsqob/RQOZ+8GIKCn4OPwX5pW21Yjs
GXCxkRimXTeZeSG7vOsH5MlthOjVloWtU0SYMPnoPKYU4k1HzzqMSvsBD0j6usUf
8TioFUPM0KyR8/e00IiNeziefSvWr9W3m8hCkvLfP/gFxA65KrDkOtiSZfMhV92Z
MDUIFod29XAZnOm7Rt0SDoLm7hUmr6af7vK75R19bGwTxyL2QmWRQWXzfIFLV+a7
YPM2+7+WMMiFJqbaDsI2mQP39ZT4nZSBHAHuva2xYnrsnUul2Th+QqSAr+VQqt59
mUdIWiC1yjhzYFkEQOZECzBs7WrK9CsoZcZ4yf0la1KbdH4NxPZFL3WYR5Dd8EyP
DShJK9QdKyWINVX/wuXHJycZaDmnWBG2wYRnoDndbbigABA38g4Pn5LUwbyi4HOz
hB2ZD0TTVfzYaMI3gArryerazszAMMAz64pwu6wG7ELZyEUTrF3WrRjaI4bsOrkE
gPYKwGLBSCB38h8QYvEn9l6hKNuHz/xscFuFejXBOluie/UJtqTWSXoSOYEnJagh
Smo7iRPBEDDkEljgMpAiVzBaF13DIUxSJt0oOESAggqQ88In9qByKkdZCAqpKctV
0XJfZ/ZU2OKWcinbbTAu9QT9122YNTj8GqBC0DRkQ+h2fSBb6Zk=
=GFKh
-----END PGP SIGNATURE-----


Reply to: