Zabbix versions between 2.2 and 3.0.3 are vulnerable to remote code execution.
Created zabbix22 tracking bugs for this issue:
Affects: epel-all [bug 1390906]
Created zabbix tracking bugs for this issue:
Affects: fedora-all [bug 1390905]
Not a security issue according to the upstream: