From Mageia wiki
Jump to: navigation, search

MGASA-2012-0370

Date: December 31st, 2012
Affected releases: 2


Description:
Updated zabbix packages fix security vulnerability:

SQL injection vulnerability in frontends/php/popup_bitem.php in Zabbix
1.8.15rc1 and earlier, and 2.x before 2.0.2rc1, allows remote attackers to
execute arbitrary SQL commands via the itemid parameter (CVE-2012-3435).


Updated Packages:
zabbix-1.8.15-2.mga2
zabbix-agent-1.8.15-2.mga2
zabbix-web-1.8.15-2.mga2


References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3435
http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085844.html
https://bugs.mageia.org/show_bug.cgi?id=7277