Site Navigation:
security zabbix-2.0.8-3.fc20 security update
Status:stable
Release: Fedora 20
Update ID: FEDORA-2013-18314
Builds: zabbix-2.0.8-3.fc20 (logs)
Pushed: True
Date Submitted: 2013-10-03 20:31:23
Date Released: 2013-10-05 01:23:25
Submitter: volter
Karma: 0
Stable karma: 3
Unstable karma: -3
Details
  • New upstream version 2.0.8
  • Patch for CVE-2013-5743 (SQL injection vulnerability, ZBX-7091)
  • Patch for ZBX-6922 (Failing host XML import)
  • SQL speed-up patch for graphs (ZBX-6804)
  • Require php-ldap and ZBX-6992 (Service SQL)
  • Create and configure a spooling directory for fping files outside of /tmp
  • Update README to reflect that and add a SELinux section
  • Drop PrivateTmp from systemd unit files

This update solves a security issue involving the use of libcurl in the code used to access the eztexting service. It potentially allows for man-in-the-middle attacks. The issue was described as CVE-2012-6086.

Please refer to https://support.zabbix.com/browse/ZBX-5924 for details!

Bugs Fixed
892687 - CVE-2012-6086: zabbix: Improper use of cURL API might lead to improper SSL certificate verification (MiTM) [fedora-all]
983096 - Zabbix WEB doesn't work due to deprecated mysql_connect()
Feedback
bodhi - 2013-10-03 20:31:43
This update has been submitted for testing by volter.
autoqa - 2013-10-03 20:45:21
AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/13d82 (results are informative only)
autoqa - 2013-10-03 20:45:40
AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/13d85 (results are informative only)
bodhi - 2013-10-04 18:56:35
This update is currently being pushed to the Fedora 20 testing updates repository.
bodhi - 2013-10-05 01:42:53
This update has been pushed to testing
bodhi - 2013-10-12 10:06:44
This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
bodhi - 2013-10-12 11:27:44
This update has been submitted for stable by volter.
autoqa - 2013-10-12 11:46:11
AutoQA: upgradepath test PASSED on noarch. Result log: http://autoqa.fedoraproject.org/report/13r7u (results are informative only)
bodhi - 2013-10-13 18:42:30
This update is currently being pushed to the Fedora 20 stable updates repository.
bodhi - 2013-10-13 19:54:38
This update has been pushed to stable

Add a comment

Tip: Login to impact how quickly this update gets pushed or unpushed.
obfuscated letters