MGASA-2013-0104
| Date: | April 2nd, 2013 |
| Affected releases: | 2 |
| Media: | Core, Tainted |
Description:
Updated zoneminder package fixes security vulnerability:
Zoneminder is prone to an arbitrary command execution vulnerability.
Remote (authenticated) attackers could execute arbitrary commands as the
web server user (CVE-2013-0232).
Updated Packages:
i586:
zoneminder-1.25.0-10.2.mga2.i586.rpm
zoneminder-debug-1.25.0-10.2.mga2.i586.rpm
zoneminder-1.25.0-10.2.mga2.tainted.i586.rpm
zoneminder-debug-1.25.0-10.2.mga2.tainted.i586.rpm
x86_64:
zoneminder-1.25.0-10.2.mga2.x86_64.rpm
zoneminder-debug-1.25.0-10.2.mga2.x86_64.rpm
zoneminder-1.25.0-10.2.mga2.tainted.x86_64.rpm
zoneminder-debug-1.25.0-10.2.mga2.tainted.x86_64.rpm
SRPMS:
zoneminder-1.25.0-10.2.mga2.src.rpm
zoneminder-1.25.0-10.2.mga2.tainted.src.rpm
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0232
http://www.zoneminder.com/forums/viewtopic.php?f=29&t=20771
http://itsecuritysolutions.org/2013-01-22-ZoneMinder-Video-Server-arbitrary-command-execution-vulnerability/
https://bugzilla.redhat.com/show_bug.cgi?id=904104
http://www.debian.org/security/2013/dsa-2640
https://bugs.mageia.org/show_bug.cgi?id=9402
