Otklonjena su dva sigurnosna propusta u radu programskog paketa zabbix koja su zlonamjerni korisnici mogli iskoristiti za umetanje proizvoljnog HTML i skriptnog koda, te pokretanje proizvoljnih SQL naredbi.

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-12496
2012-08-22 20:35:50
--------------------------------------------------------------------------------

Name        : zabbix
Product     : Fedora 17
Version     : 1.8.15
Release     : 1.fc17
URL         : http://www.zabbix.com
Summary     : Open-source monitoring solution for your IT infrastructure
Description :
ZABBIX is software that monitors numerous parameters of a network and
the health and integrity of servers. ZABBIX uses a flexible
notification mechanism that allows users to configure e-mail based
alerts for virtually any event.  This allows a fast reaction to server
problems. ZABBIX offers excellent reporting and data visualisation
features based on the stored data. This makes ZABBIX ideal for
capacity planning.

ZABBIX supports both polling and trapping. All ZABBIX reports and
statistics, as well as configuration parameters are accessed through a
web-based front end. A web-based front end ensures that the status of
your network and the health of your servers can be assessed from any
location. Properly configured, ZABBIX can play an important role in
monitoring IT infrastructure. This is equally true for small
organisations with a few servers and for large companies with a
multitude of servers.

--------------------------------------------------------------------------------
Update Information:

Release notes: http://www.zabbix.com/rn1.8.15.php

Amongst others:

- Solves SQL injection vulnerability CVE-2012-3435
- Removes useless backup files from the frontend
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug 20 2012 Volker FrÄ