Branch p7 update bulletin.

Package etercifs updated to version 5.4.10-alt0.M70P.1 for branch p7 in task 131201.

прошу положить свежий etercifs в репозитарий

Package zabbix updated to version 2.4.0-alt0.M70P.1 for branch p7 in task 130801.

Published: 2015-01-02
Modified: 2024-11-21

CVE-2014-9450

Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.

Severity: HIGH (7.5)

References:

Published: 2017-02-17
Modified: 2024-11-21

CVE-2016-10134

SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Published: 2019-02-17
Modified: 2024-11-21

CVE-2016-10742

Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.

Severity: MEDIUM (6.1) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

References:

Published: 2017-01-24
Modified: 2024-11-21

CVE-2016-4338

The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.

Severity: HIGH (8.1) Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Version: 2.1.0

Branch p7 update on 2014-10-01

ALT-BU-2014-3017-1

ALT-PU-2014-2217-1

Closed bugs

Bug #30363

ALT-PU-2014-2220-1

Closed vulnerabilities

CVE-2014-9450

CVE-2016-10134

CVE-2016-10742

CVE-2016-4338