- Split the port to server, frontend, agent and proxy slaves
- Add zabbix16 for people who don't want to update to 1.8 yet
PR: ports/141364
Submitted by: Jim Riggs <ports@christianserving.org> (maintainer)
Note:
Input appended to and passed via the "extlang" parameter to the "calc_exp2()"
function in include/validate.inc.php is not properly sanitised before being
used. This can be exploited to inject and execute arbitrary PHP code.
The application allows users to perform certain actions via HTTP requests
without performing any validity checks to verify the requests. This can be
exploited to e.g. create users by enticing a logged in administrator to
visit a malicious web page.
Input passed to the "srclang" parameter in locales.php (when "next" is set
to a non-NULL value) is not properly verified before being used to include
files. This can be exploited to include arbitrary files from local resources
via directory traversal attacks and URL-encoded NULL bytes.
- Bump PORTREVISION
PR: 132944
Submitted by: Eygene Ryabinkin <rea-fbsd@codelabs.ru> (many thanks!)
Approved by: maintainer timeout (security 1 day)
Security: http://www.vuxml.org/freebsd/03140526-1250-11de-a964-0030843d3802.html
Note:
Input appended to and passed via the "extlang" parameter to the "calc_exp2()"
function in include/validate.inc.php is not properly sanitised before being
used. This can be exploited to inject and execute arbitrary PHP code.
The application allows users to perform certain actions via HTTP requests without
performing any validity checks to verify the requests. This can be exploited to e.g.
create users by enticing a logged in administrator to visit a malicious web page.
Input passed to the "srclang" parameter in locales.php (when "next" is set to a non-NULL
value) is not properly verified before being used to include files. This can be
exploited to include arbitrary files from local resources via directory traversal
attacks and URL-encoded NULL bytes.
Original Advisory:
http://www.ush.it/team/ush/hack-zabbix_162/adv.txt
With hat: secteam
Security: http://www.vuxml.org/freebsd/03140526-1250-11de-a964-0030843d3802.html
Zabbix is software for application and network monitoring.
Zabbix supports both polling and trapping techniques to
collect data from monitored hosts. Flexible notification
mechanism allows easy and quckly configure email notifications
for pre-defined events. Zabbix is freely available under
the terms of the GNU General Public License (GPL).
PR: ports/54565
Submitted by: Sergey Akifyev <asa@gascom.ru>