oss-security April 2010 archive
| Main Archive Page > Month Archives > oss-security archives |
Re: [oss-security] CVE Request -- Zabbix v1.8.2 and v.1.6.9
From: Josh Bressers <bressers_at_nospam>Date: Thu Apr 01 2010 - 19:31:18 GMT
To: oss-security@lists.openwall.com
----- "Jan Lieskovsky" <jlieskov@redhat.com> wrote:
> Hi Steve, vendors,
>
> though April the First today, this doesn't seem to be a joke:
>
> a, Zabbix <= 1.8.1 SQL Injection
>
> [1] http://seclists.org/fulldisclosure/2010/Apr/1
> [2] http://www.zabbix.com/rn1.8.2.php
Use CVE-2010-1144 for this one
>
> b, also on 25 March 2010, Zabbix v1.6.9 was
> released:
>
> [3] http://www.zabbix.com/rn1.6.9.php
>
> fixing one security issue -- remote commands execution in Zabbix
> Server.
>
> [4] https://support.zabbix.com/browse/ZBX-1030
>
Use CVE-2010-1145 for this one
Thanks
-- JB