MIRACLE ZBX 2.0.13-1
MIRACLE ZBX 2.0.13-1
2014/11/07
- アクション時に、スクリプトタイプのメディアを使用したアクションを実行する場合、『`』、『$』、『~』、『@』などの特殊文字がエスケープさ れずに /bin/sh へ渡されるため、アクションの文面にこれらの特殊文字が存在する場合にコマンドインジェクトされる可能性のあった問題を修正 (ZBX-4529)
- コマンドインジェクトされた場合は、zabbix-server を実行しているマシンにおいて zabbix ユーザー権限で任意のコマンドが実行可能になります。
- {ITEM.VALUE} などのマクロを使用した外部からの入力をアクションの文面に表示される設定をしていない場合は、外部からコマンドインジェクトされる可能性はありません。
- パッケージバージョン表記を "zabbix-2.0.13-1ML6.x86_64.rpm" を "zabbix-2.0.13-1.ML6.x86_64.rpm" のように、OS 名の前に "." を入れる形式へ変更
- ZBX-4800 の変更を同じく適用し、org-json-2010-12-28.jar を android-json-4.3_r3.1.jar へ差し替え
- MIRACLE ZBX のベースとしているソフトウェアを Zabbix 2.0.13 へアップデート
- 変更内容は以下 Changelog からの引用を参照
New features in 2.0.13:
[ZBX-1357] updated Slovak and Ukrainian translations; thanks to Zabbix translators (Richlv)
Bug fixes in 2.0.13:
[ZBX-3407] fixed NVPS query to not fail on DB2 (Krists)
[ZBX-8646] added a warning on UNIX/GNU/Linux platforms if logrt[] directory has no 'execute' permission (Andris)
[ZBX-8629] fixed crash in get_string() function when checking "Database monitor" items (asaveljevs)
[ZBX-4800] replaced JSON.org library with Android JSON library; thanks to Volker Fröhlich for legal research (asaveljevs)
[ZBX-6229] removed pretty formatting from Java gateway JSON responses (asaveljevs)
[ZBX-4800] fixed typo in item name in "Template JMX Generic": "mpTenured" -> "mp Tenured" (asaveljevs)
[ZBX-8608] added support of IP masks for action conditions (Sasha)
[ZBX-8151] fixed XXE vulnerability on XML import using obsolete libxml versions; thanks to pnig0s@Freebuf for the report (Andrejs)
[ZBX-8358] fixed overview screen elements being displayed incorrectly after refreshing (Pavels)
[ZBX-8348] fixed processing of LLD triggers; functions in a trigger expression could have incorrect ordering (Sasha)
[ZBX-8343] fixed a bug in binary heap that could cause a slightly inconsistent ordering of elements in the queue (asaveljevs)
[ZBX-8327] fixed possible crash when processing Windows eventlog (wiper)
[ZBX-8188] fixed IPMI items staying supported when sensor data becomes unavailable (asaveljevs, dimir)
[ZBX-7576] when pinging a broadcast address ignore responses from other addresses (wiper)
[ZBX-6531] fixed memory leak in filesystem discovery on AIX systems (Juris)
[ZBX-8241] fixed duplicate display of actions in media type list (Andrejs)
[ZBX-8269] fixed processing of active checks in agent (Andris)
[ZBX-8238] fixed updating agent 'mtime' for logrt[] items; thanks to Yoshinori Komuro for patch (Andris)
[ZBX-7098] improved handling of log file rotation/truncation for logrt[] and log[] items (Andris)
[ZBX-8198] decreased verbosity of Windows agent with DebugLevel=4 (Nikolaj)
[ZBX-7875] fixed wrongly reported system version for Windows 8.1 and Server 2012 R2 (Nikolaj, wiper)
[ZBX-8646] added a warning on UNIX/GNU/Linux platforms if logrt[] directory has no 'execute' permission (Andris)
[ZBX-8629] fixed crash in get_string() function when checking "Database monitor" items (asaveljevs)
[ZBX-4800] replaced JSON.org library with Android JSON library; thanks to Volker Fröhlich for legal research (asaveljevs)
[ZBX-6229] removed pretty formatting from Java gateway JSON responses (asaveljevs)
[ZBX-4800] fixed typo in item name in "Template JMX Generic": "mpTenured" -> "mp Tenured" (asaveljevs)
[ZBX-8608] added support of IP masks for action conditions (Sasha)
[ZBX-8151] fixed XXE vulnerability on XML import using obsolete libxml versions; thanks to pnig0s@Freebuf for the report (Andrejs)
[ZBX-8358] fixed overview screen elements being displayed incorrectly after refreshing (Pavels)
[ZBX-8348] fixed processing of LLD triggers; functions in a trigger expression could have incorrect ordering (Sasha)
[ZBX-8343] fixed a bug in binary heap that could cause a slightly inconsistent ordering of elements in the queue (asaveljevs)
[ZBX-8327] fixed possible crash when processing Windows eventlog (wiper)
[ZBX-8188] fixed IPMI items staying supported when sensor data becomes unavailable (asaveljevs, dimir)
[ZBX-7576] when pinging a broadcast address ignore responses from other addresses (wiper)
[ZBX-6531] fixed memory leak in filesystem discovery on AIX systems (Juris)
[ZBX-8241] fixed duplicate display of actions in media type list (Andrejs)
[ZBX-8269] fixed processing of active checks in agent (Andris)
[ZBX-8238] fixed updating agent 'mtime' for logrt[] items; thanks to Yoshinori Komuro for patch (Andris)
[ZBX-7098] improved handling of log file rotation/truncation for logrt[] and log[] items (Andris)
[ZBX-8198] decreased verbosity of Windows agent with DebugLevel=4 (Nikolaj)
[ZBX-7875] fixed wrongly reported system version for Windows 8.1 and Server 2012 R2 (Nikolaj, wiper)
