Описание
Security update for zabbix
This update for zabbix fixes the following issues:
- CVE-2022-43515: X-Forwarded-For header is active by default causes access to Zabbix sites in maintenance mode (bsc#1206083).
Список пакетов
SUSE Linux Enterprise Server 12 SP3-BCL
zabbix-agent-4.0.12-4.21.1
SUSE Linux Enterprise Server 12 SP4-LTSS
zabbix-agent-4.0.12-4.21.1
SUSE Linux Enterprise Server 12 SP5
zabbix-agent-4.0.12-4.21.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
zabbix-agent-4.0.12-4.21.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
zabbix-agent-4.0.12-4.21.1
SUSE OpenStack Cloud 9
zabbix-agent-4.0.12-4.21.1
SUSE OpenStack Cloud Crowbar 9
zabbix-agent-4.0.12-4.21.1
Ссылки
- Link for SUSE-SU-2022:4477-1
- E-Mail link for SUSE-SU-2022:4477-1
- SUSE Security Ratings
- SUSE Bug 1206083
- SUSE CVE CVE-2022-43515 page
Описание
Zabbix Frontend provides a feature that allows admins to maintain the installation and ensure that only certain IP addresses can access it. In this way, any user will not be able to access the Zabbix Frontend while it is being maintained and possible sensitive data will be prevented from being disclosed. An attacker can bypass this protection and access the instance using IP address not listed in the defined range.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP3-BCL:zabbix-agent-4.0.12-4.21.1
SUSE Linux Enterprise Server 12 SP4-LTSS:zabbix-agent-4.0.12-4.21.1
SUSE Linux Enterprise Server 12 SP5:zabbix-agent-4.0.12-4.21.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4:zabbix-agent-4.0.12-4.21.1
Ссылки
- CVE-2022-43515
- SUSE Bug 1206083