Your message dated Thu, 27 Mar 2008 12:17:08 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#471678: fixed in zabbix 1:1.4.5-1
has caused the Debian Bug report #471678,
regarding zabbix: CVE-2008-1353 local or remote DoS for authenticated hosts
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)
--
471678: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471678
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: zabbix
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for zabbix.
CVE-2008-1353[0]:
| zabbix_agentd in ZABBIX 1.4.4 allows remote attackers to cause a
| denial of service (CPU and connection consumption) via multiple
| vfs.file.cksum commands with a special device node such as
| /dev/urandom or /dev/zero.
This should just work for authenticated hosts or hosts with
a spoofed IP address. However from what I see this is also
useable for local users.
If you fix this vulnerability please also include the CVE id
in your changelog entry.
For further information:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1353
Kind regards
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgpAwExsOun3H.pgp
Description: PGP signature
--- End Message ---
--- Begin Message ---
Source: zabbix
Source-Version: 1:1.4.5-1
We believe that the bug you reported is fixed in the latest version of
zabbix, which is due to be installed in the Debian FTP archive:
zabbix-agent_1.4.5-1_amd64.deb
to pool/main/z/zabbix/zabbix-agent_1.4.5-1_amd64.deb
zabbix-frontend-php_1.4.5-1_all.deb
to pool/main/z/zabbix/zabbix-frontend-php_1.4.5-1_all.deb
zabbix-server-mysql_1.4.5-1_amd64.deb
to pool/main/z/zabbix/zabbix-server-mysql_1.4.5-1_amd64.deb
zabbix-server-pgsql_1.4.5-1_amd64.deb
to pool/main/z/zabbix/zabbix-server-pgsql_1.4.5-1_amd64.deb
zabbix_1.4.5-1.diff.gz
to pool/main/z/zabbix/zabbix_1.4.5-1.diff.gz
zabbix_1.4.5-1.dsc
to pool/main/z/zabbix/zabbix_1.4.5-1.dsc
zabbix_1.4.5.orig.tar.gz
to pool/main/z/zabbix/zabbix_1.4.5.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Ablassmeier <[EMAIL PROTECTED]> (supplier of updated zabbix package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 27 Mar 2008 12:15:28 +0100
Source: zabbix
Binary: zabbix-agent zabbix-server-mysql zabbix-server-pgsql zabbix-frontend-php
Architecture: source amd64 all
Version: 1:1.4.5-1
Distribution: unstable
Urgency: high
Maintainer: [EMAIL PROTECTED]
Changed-By: Michael Ablassmeier <[EMAIL PROTECTED]>
Description:
zabbix-agent - software for monitoring of your networks -- agent
zabbix-frontend-php - software for monitoring of your servers -- php frontend
zabbix-server-mysql - software for monitoring of your networks -- server
zabbix-server-pgsql - software for monitoring of your networks -- server
Closes: 471678
Changes:
zabbix (1:1.4.5-1) unstable; urgency=high
.
* New upstream release
* Fixed remote DoS (CVE-2008-1353) Closes: #471678
Files:
d7d14428ed9035e719c0b078d0e77cfe 875 net optional zabbix_1.4.5-1.dsc
f87d73852fdab33f99beebfd16c21c63 4137972 net optional zabbix_1.4.5.orig.tar.gz
9ca3700d1014d064afe2ecb1924d75b8 19834 net optional zabbix_1.4.5-1.diff.gz
0c0187b176fbdecd1192dcb1a40a7cd6 172896 net optional
zabbix-agent_1.4.5-1_amd64.deb
ce0403fbd83bef7e372f60d466b3875f 367188 net optional
zabbix-server-mysql_1.4.5-1_amd64.deb
519c3fee6c12c51273c0c262ba37266c 372660 net optional
zabbix-server-pgsql_1.4.5-1_amd64.deb
3b07db6fe57dbda9cf365d129f29f6b6 1023688 net optional
zabbix-frontend-php_1.4.5-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFH64aHEFV7g4B8rCURAv+7AJsGxnWfOeoAlJ9i9KuaJ63MZVxdPgCeIFHu
yn9X1gnKjEr3NTMWUpLC1hw=
=kg/k
-----END PGP SIGNATURE-----
--- End Message ---
