Hi!
I just noticed, that 1.6.7 fixes an important security vulnerability.
Unfortunately the announcement only promotes an agent fix concerning active checks. The note about the security fix can only be found in the "fine print" way below under "Other Improvements and Bug Fixes":
http://www.zabbix.com/rn1.6.7.php
I believe that such important issues should be pointed out more clearly!
Other examples:
Cheers,
--leo
I just noticed, that 1.6.7 fixes an important security vulnerability.
Unfortunately the announcement only promotes an agent fix concerning active checks. The note about the security fix can only be found in the "fine print" way below under "Other Improvements and Bug Fixes":
http://www.zabbix.com/rn1.6.7.php
* [ZBX-1031] fixed security vulnerability in server, allowing remote unauthenticated users to execute arbitrary SQL queries. Thanks to Nicob
# [ZBX-1032] fixed security vulnerability in processing of net.tcp.listen under FreeBSD and Solaris agents. Thanks to Nicob
# [ZBX-1032] fixed security vulnerability in processing of net.tcp.listen under FreeBSD and Solaris agents. Thanks to Nicob
Other examples:
- 1.6.6: possible DOS vulnerability in trapper: http://www.zabbix.com/rn1.6.6.php
- 1.6.3: frontend vulnerabilities: http://www.zabbix.com/rn1.6.3.php
Cheers,
--leo
Comment