Debian LTS Advisory ([SECURITY] [DLA 1145-1] zoneminder security update)

Multiple vulnerabilities have been found in zoneminder. This update fixes only a serious file disclosure vulnerability (CVE-2017-5595).

zoneminder on Debian Linux

This check tests the installed software version using the apt package manager.

The application has been found to suffer from many other problems such as SQL injection vulnerabilities, cross-site scripting issues, cross-site request forgery, session fixation vulnerability. Due to the amount of issues and to the relative invasiveness of the relevant patches, those issues will not be fixed in Wheezy. We thus advise you to restrict access to zoneminder to trusted users only. If you want to review the list of ignored issues, you can check the referenced security tracker. We recommend that you upgrade your zoneminder packages.