Bug 892685 (CVE-2012-6086)
Summary: | CVE-2012-6086 zabbix: Improper use of cURL API might lead to improper SSL certificate verification (MiTM) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | brett.lentz, dan, nelsonab, volker27 |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-10-08 20:37:48 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 892687, 892688, 892763, 893414 | ||
Bug Blocks: | 767033 |
Description
Jan Lieskovsky
2013-01-07 15:38:52 UTC
This issue affects the versions of the zabbix package, as shipped with Fedora release of 16 and 17. Please schedule an update. -- This issue affects the version of the zabbix package, as shipped with Fedora EPEL 6. Please schedule an update. -- This issue does not affect the version of the zabbix package, as shipped with Fedora EPEL 5 (looks certificate verification is not supported yet in v.1.4.7 version, currently shipped with Fedora EPEL 5). Created zabbix tracking bugs for this issue Affects: fedora-all [bug 892687] Affects: epel-6 [bug 892688] There's a zabbix20 package in EPEL 6 as well. (In reply to comment #5) > There's a zabbix20 package in EPEL 6 as well. Thank you for pointing out, Volker. Checking that one yet then. This issue affects the version of the zabbix20 package, as shipped with Fedora EPEL 6. Please schedule an update (once there is final upstream patch available). Created zabbix20 tracking bugs for this issue Affects: epel-6 [bug 893414] This has already been corrected in Fedora and EPEL. |