179 lines
7.1 KiB
JSON
179 lines
7.1 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20142165",
|
|
"Version": "oval:org.altlinux.errata:def:20142165",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2014-2165: package `zabbix` update to version 2.4.0-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch c9f2"
|
|
],
|
|
"Products": [
|
|
"ALT SPWorkstation",
|
|
"ALT SPServer"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2014-2165",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2014-2165",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2014-9450",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2014-9450",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-10134",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10134",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-10742",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-10742",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2016-4338",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2016-4338",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades zabbix to version 2.4.0-alt1. \nSecurity Fix(es):\n\n * CVE-2014-9450: Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the (1) itemid or (2) periods parameter.\n\n * CVE-2016-10134: SQL injection vulnerability in Zabbix before 2.2.14 and 3.0 before 3.0.4 allows remote attackers to execute arbitrary SQL commands via the toggle_ids array parameter in latest.php.\n\n * CVE-2016-10742: Zabbix before 2.2.21rc1, 3.x before 3.0.13rc1, 3.1.x and 3.2.x before 3.2.10rc1, and 3.3.x and 3.4.x before 3.4.4rc1 allows open redirect via the request parameter.\n\n * CVE-2016-4338: The mysql user parameter configuration script (userparameter_mysql.conf) in the agent in Zabbix before 2.0.18, 2.2.x before 2.2.13, and 3.0.x before 3.0.3, when used with a shell other than bash, allows context-dependent attackers to execute arbitrary code or SQL commands via the mysql.size parameter.",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Critical",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2014-09-21"
|
|
},
|
|
"Updated": {
|
|
"Date": "2014-09-21"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2014-9450",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"CWE": "CWE-89",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2014-9450",
|
|
"Impact": "High",
|
|
"Public": "20150102"
|
|
},
|
|
{
|
|
"ID": "CVE-2016-10134",
|
|
"CVSS": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-89",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10134",
|
|
"Impact": "Critical",
|
|
"Public": "20170217"
|
|
},
|
|
{
|
|
"ID": "CVE-2016-10742",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
|
"CWE": "CWE-601",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-10742",
|
|
"Impact": "Low",
|
|
"Public": "20190217"
|
|
},
|
|
{
|
|
"ID": "CVE-2016-4338",
|
|
"CVSS": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
|
|
"CVSS3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
|
|
"CWE": "CWE-89",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2016-4338",
|
|
"Impact": "High",
|
|
"Public": "20170123"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:spworkstation:8.4",
|
|
"cpe:/o:alt:spserver:8.4"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142165001",
|
|
"Comment": "zabbix-agent is earlier than 1:2.4.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142165002",
|
|
"Comment": "zabbix-agent-sudo is earlier than 1:2.4.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142165003",
|
|
"Comment": "zabbix-common is earlier than 1:2.4.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142165004",
|
|
"Comment": "zabbix-contrib is earlier than 1:2.4.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142165005",
|
|
"Comment": "zabbix-doc is earlier than 1:2.4.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142165006",
|
|
"Comment": "zabbix-phpfrontend-apache is earlier than 1:2.4.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142165007",
|
|
"Comment": "zabbix-phpfrontend-apache2 is earlier than 1:2.4.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142165008",
|
|
"Comment": "zabbix-phpfrontend-apache2-mod_php5 is earlier than 1:2.4.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142165009",
|
|
"Comment": "zabbix-phpfrontend-engine is earlier than 1:2.4.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142165010",
|
|
"Comment": "zabbix-phpfrontend-php5 is earlier than 1:2.4.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142165011",
|
|
"Comment": "zabbix-proxy is earlier than 1:2.4.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142165012",
|
|
"Comment": "zabbix-server-common is earlier than 1:2.4.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142165013",
|
|
"Comment": "zabbix-server-mysql is earlier than 1:2.4.0-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20142165014",
|
|
"Comment": "zabbix-server-pgsql is earlier than 1:2.4.0-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |