Advisories ยป MGASA-2014-0095

Updated zabbix packages fix multiple vulnerabilities

Publication date: 25 Feb 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2013-5572 , CVE-2014-1682 , CVE-2014-1685

Description

Updated zabbix packages fix security vulnerabilities:

Zabbix before 2.0.11 allows remote authenticated users to discover the LDAP
bind password by leveraging management-console access and reading the
ldap_bind_password value in the HTML source code (CVE-2013-5572).

Zabbix before 2.0.11 allows switching users without proper credentials when
using HTTP authentication (CVE-2014-1682).

In Zabbix before 2.0.11, the admin user is able to update media for other
users (CVE-2014-1685).
                

References

SRPMS

4/core

3/core