-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : zabbix Version : 1:2.2.23+dfsg-0+deb8u1 CVE ID : CVE-2016-10742 CVE-2017-2826
Several security vulnerabilities were discovered in Zabbix, a server/client network monitoring solution. CVE-2016-10742 Zabbix allowed remote attackers to redirect to external links by misusing the request parameter. CVE-2017-2826 An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability. This update also includes several other bug fixes and improvements. For more information please refer to the upstream changelog file. For Debian 8 "Jessie", these problems have been fixed in version 1:2.2.23+dfsg-0+deb8u1. We recommend that you upgrade your zabbix packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlyG1W1fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeR+8g//ciI7m+rpmR8Ff/cQu5W8qSpjlfJsqob/RQOZ+8GIKCn4OPwX5pW21Yjs GXCxkRimXTeZeSG7vOsH5MlthOjVloWtU0SYMPnoPKYU4k1HzzqMSvsBD0j6usUf 8TioFUPM0KyR8/e00IiNeziefSvWr9W3m8hCkvLfP/gFxA65KrDkOtiSZfMhV92Z MDUIFod29XAZnOm7Rt0SDoLm7hUmr6af7vK75R19bGwTxyL2QmWRQWXzfIFLV+a7 YPM2+7+WMMiFJqbaDsI2mQP39ZT4nZSBHAHuva2xYnrsnUul2Th+QqSAr+VQqt59 mUdIWiC1yjhzYFkEQOZECzBs7WrK9CsoZcZ4yf0la1KbdH4NxPZFL3WYR5Dd8EyP DShJK9QdKyWINVX/wuXHJycZaDmnWBG2wYRnoDndbbigABA38g4Pn5LUwbyi4HOz hB2ZD0TTVfzYaMI3gArryerazszAMMAz64pwu6wG7ELZyEUTrF3WrRjaI4bsOrkE gPYKwGLBSCB38h8QYvEn9l6hKNuHz/xscFuFejXBOluie/UJtqTWSXoSOYEnJagh Smo7iRPBEDDkEljgMpAiVzBaF13DIUxSJt0oOESAggqQ88In9qByKkdZCAqpKctV 0XJfZ/ZU2OKWcinbbTAu9QT9122YNTj8GqBC0DRkQ+h2fSBb6Zk= =GFKh -----END PGP SIGNATURE-----