Common Vulnerabilities and Exposures assigned an identifier CVE-2014-1685 to the following vulnerability: Name: CVE-2014-1685 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1685 Assigned: 20140128 Reference: https://support.zabbix.com/browse/ZBX-7693 Reference: FEDORA:FEDORA-2014-5540 Reference: http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132377.html Reference: FEDORA:FEDORA-2014-5551 Reference: http://lists.fedoraproject.org/pipermail/package-announce/2014-May/132376.html The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors. Current Fedora has zabbix-2.0.11 Current EPEL5 has zabbix20-2.0.11 Current EPEL6 has zabbix-1.8.20, zabbix20-2.0.11, zabbix22-2.2.1 (this last one is still vulnerable)
Created zabbix22 tracking bugs for this issue: Affects: epel-6 [bug 1095927]
Oh, nevermind the 2 updates!
zabbix-2.0.12-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
zabbix-2.0.12-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.