openSUSE-SU-2023:0191-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2023:0191-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2023:0191-1
Related
Published
2023-07-24T22:01:47Z
Modified
2023-07-24T22:01:47Z
Summary
Security update for zabbix
Details

This update for zabbix fixes the following issues:

Updated to latest release 4.0.47, this version fixes CVE-2023-29454 (boo#1213338):

  • New Features and Improvements
    • ZBXNEXT-7694 Added 'utf8mb3' character set support for MySQL database
    • ZBX-20946 Enabled Bulgarian, Chinese (zh_TW), German, Greek, Indonesian, Romanian, Spanish and Vietnamese languages in frontend
  • Bug Fixes
    • ZBX-22987 Fixed inefficient URL schema validation
    • ZBX-22688 Fixed AlertScriptPath not allowing links
    • ZBX-22386 Fixed encoding of HTML entities in the user interface
    • ZBX-22858 Fixed xss vulnerability in graph item properties
    • ZBX-22859 Fixed validation of input parameters in action configuration form
    • ZBX-22622 Fixed alert script path validation
    • ZBX-22520 Fixed versions of integrations
    • ZBX-22026 Fixed SNMP agent item going to unsupported state on NULL result
    • ZBX-22050 Fixed spoofing X-Forwarded-For request header allowing to access Zabbix frontend in maintenance mode
    • ZBX-21416 Fixed check now not working on calculated items, aggregate checks and some internal items
    • ZBX-21449 Fixed accessibility attributes
    • ZBX-21306 Fixed xss in discovery rules
    • ZBX-21305 Fixed xss in graph
    • ZBX-20600 Fixed vmware hv.datastore.latency item when multiple datastores with duplicate name
    • ZBX-20844 Fixed external check becoming unsupported when Zabbix server or Zabbix proxy is stopped
    • ZBX-19789 Added SourceIP support to ldap simple checks
    • ZBX-20680 Fixed reflected XSS issues
    • ZBX-20387 Fixed default language of the setup routine for logged in superadmin users
    • ZBX-19652 Fixed JavaScript syntax for Internet Explorer 11 compatibility
References

Affected packages

SUSE:Package Hub 15 SP4 / zabbix

Package

Name
zabbix
Purl
pkg:rpm/suse/zabbix&distro=SUSE%20Package%20Hub%2015%20SP4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.47-bp155.3.3.1

Ecosystem specific

{
    "binaries": [
        {
            "zabbix-java-gateway": "4.0.47-bp155.3.3.1",
            "zabbix-proxy-postgresql": "4.0.47-bp155.3.3.1",
            "zabbix-agent": "4.0.47-bp155.3.3.1",
            "zabbix-server-postgresql": "4.0.47-bp155.3.3.1",
            "zabbix-proxy-mysql": "4.0.47-bp155.3.3.1",
            "zabbix-proxy-sqlite": "4.0.47-bp155.3.3.1",
            "zabbix-server-mysql": "4.0.47-bp155.3.3.1",
            "zabbix-server": "4.0.47-bp155.3.3.1",
            "zabbix-phpfrontend": "4.0.47-bp155.3.3.1",
            "zabbix-proxy": "4.0.47-bp155.3.3.1"
        }
    ]
}

SUSE:Package Hub 15 SP5 / zabbix

Package

Name
zabbix
Purl
pkg:rpm/suse/zabbix&distro=SUSE%20Package%20Hub%2015%20SP5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.47-bp155.3.3.1

Ecosystem specific

{
    "binaries": [
        {
            "zabbix-java-gateway": "4.0.47-bp155.3.3.1",
            "zabbix-proxy-postgresql": "4.0.47-bp155.3.3.1",
            "zabbix-agent": "4.0.47-bp155.3.3.1",
            "zabbix-server-postgresql": "4.0.47-bp155.3.3.1",
            "zabbix-proxy-mysql": "4.0.47-bp155.3.3.1",
            "zabbix-proxy-sqlite": "4.0.47-bp155.3.3.1",
            "zabbix-server-mysql": "4.0.47-bp155.3.3.1",
            "zabbix-server": "4.0.47-bp155.3.3.1",
            "zabbix-phpfrontend": "4.0.47-bp155.3.3.1",
            "zabbix-proxy": "4.0.47-bp155.3.3.1"
        }
    ]
}

openSUSE:Leap 15.4 / zabbix

Package

Name
zabbix
Purl
pkg:rpm/opensuse/zabbix&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.47-bp155.3.3.1

Ecosystem specific

{
    "binaries": [
        {
            "zabbix-java-gateway": "4.0.47-bp155.3.3.1",
            "zabbix-proxy-postgresql": "4.0.47-bp155.3.3.1",
            "zabbix-agent": "4.0.47-bp155.3.3.1",
            "zabbix-server-postgresql": "4.0.47-bp155.3.3.1",
            "zabbix-proxy-mysql": "4.0.47-bp155.3.3.1",
            "zabbix-proxy-sqlite": "4.0.47-bp155.3.3.1",
            "zabbix-server-mysql": "4.0.47-bp155.3.3.1",
            "zabbix-server": "4.0.47-bp155.3.3.1",
            "zabbix-phpfrontend": "4.0.47-bp155.3.3.1",
            "zabbix-proxy": "4.0.47-bp155.3.3.1"
        }
    ]
}

openSUSE:Leap 15.5 / zabbix

Package

Name
zabbix
Purl
pkg:rpm/opensuse/zabbix&distro=openSUSE%20Leap%2015.5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.47-bp155.3.3.1

Ecosystem specific

{
    "binaries": [
        {
            "zabbix-java-gateway": "4.0.47-bp155.3.3.1",
            "zabbix-proxy-postgresql": "4.0.47-bp155.3.3.1",
            "zabbix-agent": "4.0.47-bp155.3.3.1",
            "zabbix-server-postgresql": "4.0.47-bp155.3.3.1",
            "zabbix-proxy-mysql": "4.0.47-bp155.3.3.1",
            "zabbix-proxy-sqlite": "4.0.47-bp155.3.3.1",
            "zabbix-server-mysql": "4.0.47-bp155.3.3.1",
            "zabbix-server": "4.0.47-bp155.3.3.1",
            "zabbix-phpfrontend": "4.0.47-bp155.3.3.1",
            "zabbix-proxy": "4.0.47-bp155.3.3.1"
        }
    ]
}