Debian Security Advisory DSA 1420-1 (zabbix)

The remote host is missing an update to zabbix announced via advisory DSA 1420-1.
Bas van Schaik discovered that the agentd process of Zabbix, a network monitor system, may run user-supplied commands as group id root, not zabbix, which may lead to a privilege escalation. For the stable distribution (etch), this problem has been fixed in version 1:1.1.4-10etch1 zabbix is not included in the oldstable distribution (sarge). We recommend that you upgrade your zabbix packages.