openSUSE-SU-2022:0036-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:0036-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2022:0036-1
Related
Published
2022-02-16T09:04:51Z
Modified
2022-02-16T09:04:51Z
Summary
Security update for zabbix
Details

This update for zabbix fixes the following issues:

  • Updated to latest realease 4.0.37.

Security issues fixed:

  • CVE-2022-23134: Fixed possible view of the setup pages by unauthenticated users if config file already exists (boo#1194681).
  • CVE-2021-27927: Fixed CSRF protection mechanism inside CControllerAuthenticationUpdate controller (boo#1183014).
  • CVE-2020-15803: Fixed stored XSS in the URL Widget (boo#1174253).

Bugfixes:

  • boo#1181400: Added hardening to systemd service(s)
  • boo#1144018: Restructured for easier maintenance because FATE#324346
References

Affected packages

openSUSE:Leap 15.3 / zabbix

Package

Name
zabbix
Purl
pkg:rpm/opensuse/zabbix&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.37-lp153.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "zabbix-java-gateway": "4.0.37-lp153.2.3.1",
            "zabbix-proxy-postgresql": "4.0.37-lp153.2.3.1",
            "zabbix-agent": "4.0.37-lp153.2.3.1",
            "zabbix-server-postgresql": "4.0.37-lp153.2.3.1",
            "zabbix-proxy-mysql": "4.0.37-lp153.2.3.1",
            "zabbix-proxy-sqlite": "4.0.37-lp153.2.3.1",
            "zabbix-server-mysql": "4.0.37-lp153.2.3.1",
            "zabbix-server": "4.0.37-lp153.2.3.1",
            "zabbix-phpfrontend": "4.0.37-lp153.2.3.1",
            "zabbix-proxy": "4.0.37-lp153.2.3.1"
        }
    ]
}