{"id":"MGASA-2014-0433","summary":"Updated zabbix package fixes security vulnerability","details":"It was reported that the Zabbix frontend supported an XML data import feature,\nwhere on the server it used DOMDocument to parse the XML.  By default,\nDOMDocument also parses the external DTD, which could allow a remote attacker\nto use a crafted XML file causing Zabbix to read an arbitrary local file, and\nsend the contents of the specified file to a remote server (CVE-2014-3005).\n","modified":"2026-04-16T01:46:41.915425139Z","published":"2014-10-29T11:30:40Z","upstream":["CVE-2014-3005"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0433.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13628"},{"type":"WEB","url":"https://support.zabbix.com/browse/ZBX-8151"},{"type":"WEB","url":"http://www.zabbix.com/rn2.0.12.php"},{"type":"WEB","url":"http://www.zabbix.com/rn2.0.13.php"},{"type":"WEB","url":"https://lists.fedoraproject.org/pipermail/package-announce/2014-June/134885.html"}],"affected":[{"package":{"name":"zabbix","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/zabbix?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.13-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0433.json"}},{"package":{"name":"zabbix","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/zabbix?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.0.13-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0433.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}