Branch t6 update bulletin.

Package zabbix updated to version 1.8.20-alt0.M60P.1 for branch t6 in task 114685.

Published: 2014-05-08
Modified: 2025-04-12

CVE-2014-1682

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.

Severity: MEDIUM (4.0) Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

References:

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html
http://www.securityfocus.com/bid/65402
https://support.zabbix.com/browse/ZBX-7703
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html
http://www.securityfocus.com/bid/65402
https://support.zabbix.com/browse/ZBX-7703

Published: 2014-05-08
Modified: 2025-04-12

CVE-2014-1685

The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.

Severity: MEDIUM (5.5) Vector: AV:N/AC:L/Au:S/C:N/I:P/A:P

References:

http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html
https://support.zabbix.com/browse/ZBX-7693
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html
https://support.zabbix.com/browse/ZBX-7693

Version: 2.1.2

Branch t6 update on 2014-02-20

ALT-BU-2014-2596-1

ALT-PU-2014-1207-1

Closed vulnerabilities

CVE-2014-1682

CVE-2014-1685