zabbix-2.0.8-3.fc20 security update
|Date Submitted:||2013-10-03 20:31:23|
|Date Released:||2013-10-05 01:23:25|
- New upstream version 2.0.8
- Patch for CVE-2013-5743 (SQL injection vulnerability, ZBX-7091)
- Patch for ZBX-6922 (Failing host XML import)
- SQL speed-up patch for graphs (ZBX-6804)
- Require php-ldap and ZBX-6992 (Service SQL)
- Create and configure a spooling directory for fping files outside of /tmp
- Update README to reflect that and add a SELinux section
- Drop PrivateTmp from systemd unit files
This update solves a security issue involving the use of libcurl in the code used to access the eztexting service. It potentially allows for man-in-the-middle attacks. The issue was described as CVE-2012-6086.
Please refer to https://support.zabbix.com/browse/ZBX-5924 for details!Bugs Fixed892687 - CVE-2012-6086: zabbix: Improper use of cURL API might lead to improper SSL certificate verification (MiTM) [fedora-all]983096 - Zabbix WEB doesn't work due to deprecated mysql_connect()bodhi - 2013-10-03 20:31:43This update has been submitted for testing by volter.
autoqa - 2013-10-03 20:45:21AutoQA: depcheck test PASSED on x86_64. Result log: http://autoqa.fedoraproject.org/report/13d82 (results are informative only)
autoqa - 2013-10-03 20:45:40AutoQA: depcheck test PASSED on i386. Result log: http://autoqa.fedoraproject.org/report/13d85 (results are informative only)
bodhi - 2013-10-04 18:56:35This update is currently being pushed to the Fedora 20 testing updates repository.
bodhi - 2013-10-05 01:42:53This update has been pushed to testing
bodhi - 2013-10-12 10:06:44This update has reached 7 days in testing and can be pushed to stable now if the maintainer wishes
bodhi - 2013-10-12 11:27:44This update has been submitted for stable by volter.
autoqa - 2013-10-12 11:46:11AutoQA: upgradepath test PASSED on noarch. Result log: http://autoqa.fedoraproject.org/report/13r7u (results are informative only)
bodhi - 2013-10-13 18:42:30This update is currently being pushed to the Fedora 20 stable updates repository.
bodhi - 2013-10-13 19:54:38This update has been pushed to stable