Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2017.0580 zabbix security update 6 March 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: zabbix Publisher: Debian Operating System: Debian GNU/Linux 8 UNIX variants (UNIX, Linux, OSX) Impact/Access: Execute Arbitrary Code/Commands -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2016-10134 Original Bulletin: http://www.debian.org/security/2017/dsa-3802 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running zabbix check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 - - ------------------------------------------------------------------------- Debian Security Advisory DSA-3802-1 security@debian.org https://www.debian.org/security/ Moritz Muehlenhoff March 05, 2017 https://www.debian.org/security/faq - - ------------------------------------------------------------------------- Package : zabbix CVE ID : CVE-2016-10134 An SQL injection vulnerability has been discovered in the "Latest data" page of the web frontend of the Zabbix network monitoring system For the stable distribution (jessie), this problem has been fixed in version 1:2.2.7+dfsg-2+deb8u2. For the upcoming stable distribution (stretch), this problem has been fixed in version 1:3.0.7+dfsg-1. For the unstable distribution (sid), this problem has been fixed in version 1:3.0.7+dfsg-1. We recommend that you upgrade your zabbix packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org - -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAli8g0gACgkQEMKTtsN8 TjbdEA/+Lt8aKEvOxrtF1jUyf9IPDE+qoKfe9cKf0WY6XtL5XwtndcFddOcSV0Mv fRMcjMK4Tis/8Tb+r0ynNr8aS41ib6duJt4LgnYDJtcaxbYPOkTRi3i+fq4pHSlS mio9O0U+g35MyUo4phygXe7Cfuh7UTdH2cNrS8CKM28CsLN9+cNFE49sfaT4PZY7 sEmTkFZ4XLyz9CnLU2yDqc7g2wlblkjUxrDHi6cXbgX7MiNqwz7w98i3WTL3R0Hq GwoKlGwLqRJbsBpe+4LVHpy6tgl1YLOFMMpLcLxY0RuoIkZKUsQtvRUnDsQO77is gj6TwnAVsn+PWgwZ3C+AoIUOS5WVH6H9dlRNaAW6VgN/JdipixqiKBXke95X/6Xc AJ5bviPckC519AEXEcnjoAYspxKmZa0iKuQvp8zpxVgETrUmKqQlHnSefPiPM7+n Q+Hymnr6PCkCLLUUlwZbmHUV/UzY6CckPGTc4flIeuHcR8UZg+iroMey7df5u+ZR ZMx0MBQz2vyYVH24zddyIzi4cII7GsOtzSMmI5a1LyyR9xVWhUsr8q5H5X3R9Stm pVZfQzZSYcvUSJ3TbWcK1nbDq4u4PC7LwLXKeezNz9/GXqEU/UbhRl8v0o3TDJgX lfnjJU7YsygFjX5UrmAX2KwaD8iT+SzQW/GGC8c7f4A1T1NlQKQ= =YmC0 - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: http://www.auscert.org.au/render.html?cid=1980 =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWLyxOox+lLeg9Ub1AQgL7A//e2x2AmHKbNb8OQLUlm0lwE4Jeylt53WC 11AceAUR7dPrMtrKNpnyHgtagqbaIJwbhasVTAJgpblzrnE8hAI2G0vhdMdtW2mu 5eo6VvNg1MSdfranGYgq9ttQaNOQPivXnjU7tEC4A0eq5IMYV5h+MbZtZx2XzOzI nLPRfbc9Rx+J1V3pctaXFzey2mGvJNtpH2P361OfzEo1A7EXxhMv/JkEYl//7PPv Bxwz5i/tL1JSSTahXr6NrQnr0kwhlBjgE2sR2My1/CEn6RD3jM+5QQWTqVzO4ULq X+gk6Vnc2d/tt5QK2RJFExa8kse0RLK2Wt3kV6YdCenzRtznTlWgW8CvwS5eR1cT 04B1L+mqEKB9V2aeR8UpWt48nFmVBN9K4uqiOETCA7GAz0LwopH1s47uyOPJyOgP Nn9kBLQHcngyIq3vMgBVwhB4JuEIbALvLXUzEsh22/qkA5poXayROu3KocFAuuom mROC4KIS0Lyv7PQVxo+AMy8/JHiFlNq96KgaB+u3HBqtQqfD5sRwCtJGzJTRYGqM YQSIBCa6gQstGgMsimULwMcDhIpCzRY0QqkVm04uDlMFrVxCXeRMnaMiqkgw9fJf 6E7ePXT8Q6YdtnGyOIwIbr4W6m4OeTgcArDzkI/s1iwbt9QFQUOBJFWTz7gELo4g EEStTzsViow= =C4Hk -----END PGP SIGNATURE-----