MGASA-2014-0433

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0433.html

Import Source

https://advisories.mageia.org/MGASA-2014-0433.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2014-0433

Related

CVE-2014-3005

Published

2014-10-29T11:30:40Z

Modified

2014-10-29T09:40:27Z

Summary

Updated zabbix package fixes security vulnerability

Details

It was reported that the Zabbix frontend supported an XML data import feature, where on the server it used DOMDocument to parse the XML. By default, DOMDocument also parses the external DTD, which could allow a remote attacker to use a crafted XML file causing Zabbix to read an arbitrary local file, and send the contents of the specified file to a remote server (CVE-2014-3005).

References

https://advisories.mageia.org/MGASA-2014-0433.html
https://bugs.mageia.org/show_bug.cgi?id=13628
https://support.zabbix.com/browse/ZBX-8151
http://www.zabbix.com/rn2.0.12.php
http://www.zabbix.com/rn2.0.13.php
https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2014-0433

Affected packages