Security Information / 2017 / Security Information -- DSA-3937-1 zabbix

Debian Security Advisory

DSA-3937-1 zabbix -- security update

Date Reported:

12 Aug 2017

Affected Packages:

zabbix

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2017-2824, CVE-2017-2825.

More information:

Lilith Wyatt discovered two vulnerabilities in the Zabbix network monitoring system which may result in execution of arbitrary code or database writes by malicious proxies.

For the oldstable distribution (jessie), these problems have been fixed in version 1:2.2.7+dfsg-2+deb8u3.

For the stable distribution (stretch), these problems have been fixed prior to the initial release.

We recommend that you upgrade your zabbix packages.