Lucene search

Gentoo FoundationMGASA-2014-0015

HistoryJan 21, 2014 - 8:06 p.m.

Updated zabbix packages fix two security vulnerabilities

2014-01-2120:06:35

Gentoo Foundation

advisories.mageia.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.974 High

EPSS

Percentile

99.9%

JSON

Updated zabbix packages fixes security vulnerability: This update multiples vulnerabilities. - Fix vulnerability for remote command execution injection (ZBX-7479, CVE-2013-6824) - Fix SQL injection vulnerability (ZBX-7091, CVE-2013-5743) - Fix XSS issues (ZBX-6952)

OSVersionArchitecturePackageVersionFilename
Mageia3noarchzabbix< 2.0.10-1zabbix-2.0.10-1.mga3

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	zabbix	< 2.0.10-1	zabbix-2.0.10-1.mga3

References

www.zabbix.com/rn2.0.10.php

www.zabbix.com/rn2.0.9.php

bugs.mageia.org/show_bug.cgi?id=11868

lists.fedoraproject.org/pipermail/package-announce/2013-December/123446.html

support.zabbix.com/browse/ZBX-6952

support.zabbix.com/browse/ZBX-7091

support.zabbix.com/browse/ZBX-7479

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.974 High

EPSS

Percentile

99.9%

JSON

Related for MGASA-2014-0015