Several security issues were fixed in ZoneMinder.
Software Description:
- zoneminder: video camera security and surveillance solution
Details:
It was discovered that ZoneMinder was not properly sanitizing URL
parameters for certain views. An attacker could possibly use this issue to
perform a cross-site scripting (XSS) attack. This issue was only fixed in
Ubuntu 16.04 ESM. (CVE-2019-6777)
It was discovered that ZoneMinder was not properly sanitizing stored user
input later printed to the user in certain views. An attacker could
possibly use this issue to perform a cross-site scripting (XSS) attack.
This issue was only fixed in Ubuntu 16.04 ESM. (CVE-2019-6990,
CVE-2019-6992)
It was discovered that ZoneMinder was not properly limiting data size and
not properly performing bound checks when processing username and password
data, which could lead to a stack buffer overflow. An attacker could
possibly use this issue to bypass authentication, cause a denial of
...
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS: zoneminder 1.36.12+dfsg1-1ubuntu0.1~esm1 Ubuntu 20.04 LTS: zoneminder 1.32.3-2ubuntu2+esm1 Ubuntu 16.04 ESM: zoneminder 1.29.0+dfsg-1ubuntu2+esm1 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-5889-1
CVE-2019-6777, CVE-2019-6990, CVE-2019-6991, CVE-2019-6992,
CVE-2019-7325, CVE-2019-7326, CVE-2019-7327, CVE-2019-7328,
CVE-2019-7329, CVE-2019-7330, CVE-2019-7331, CVE-2019-7332,
CVE-2022-29806
Get the latest Linux and open source security news straight to your inbox.