Описание
Security update for zabbix
This update for zabbix fixes the following issues:
- CVE-2024-42333: Fixed buffer over-read for broken UTF8 mail data injection. (bsc#1233834)
- CVE-2024-22117: Fixed a bug that can cause the map element to crash when new URLs are added. (bsc#1233791)
Список пакетов
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
zabbix-agent-4.0.12-4.32.1
Ссылки
- Link for SUSE-SU-2025:02746-1
- E-Mail link for SUSE-SU-2025:02746-1
- SUSE Security Ratings
- SUSE Bug 1233791
- SUSE Bug 1233834
- SUSE CVE CVE-2024-22117 page
- SUSE CVE CVE-2024-42333 page
Описание
When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element.
Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:zabbix-agent-4.0.12-4.32.1
Ссылки
- CVE-2024-22117
- SUSE Bug 1233791
Описание
The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c
Затронутые продукты
SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:zabbix-agent-4.0.12-4.32.1
Ссылки
- CVE-2024-42333
- SUSE Bug 1233834