Branch t6 update bulletin.

Package zabbix updated to version 1.8.20-alt0.M60P.1 for branch t6 in task 114685.

Published: 2014-05-08
Modified: 2024-11-21

CVE-2014-1682

The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.

Severity: MEDIUM (4.0)

References:

FEDORA-2014-5551
FEDORA-2014-5551
FEDORA-2014-5540
FEDORA-2014-5540
65402
65402
https://support.zabbix.com/browse/ZBX-7703
https://support.zabbix.com/browse/ZBX-7703

Published: 2014-05-08
Modified: 2024-11-21

CVE-2014-1685

The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.

Severity: MEDIUM (5.5)

References:

FEDORA-2014-5551
FEDORA-2014-5551
FEDORA-2014-5540
FEDORA-2014-5540
https://support.zabbix.com/browse/ZBX-7693
https://support.zabbix.com/browse/ZBX-7693

Version: 2.1.0

Branch t6 update on 2014-02-20

ALT-BU-2014-2596-1

ALT-PU-2014-1207-1

Closed vulnerabilities

CVE-2014-1682

CVE-2014-1685