Описание
Security update for zabbix
This update for zabbix fixes the following issues:
Updated to latest release 4.0.50:
- CVE-2023-32727: Fixed potential arbitrary code execution in icmpping (boo#1218199)
Список пакетов
SUSE Package Hub 15 SP5
zabbix-agent-4.0.50-bp155.3.9.1
zabbix-java-gateway-4.0.50-bp155.3.9.1
zabbix-phpfrontend-4.0.50-bp155.3.9.1
zabbix-proxy-4.0.50-bp155.3.9.1
zabbix-proxy-mysql-4.0.50-bp155.3.9.1
zabbix-proxy-postgresql-4.0.50-bp155.3.9.1
zabbix-proxy-sqlite-4.0.50-bp155.3.9.1
zabbix-server-4.0.50-bp155.3.9.1
zabbix-server-mysql-4.0.50-bp155.3.9.1
zabbix-server-postgresql-4.0.50-bp155.3.9.1
openSUSE Leap 15.5
zabbix-agent-4.0.50-bp155.3.9.1
zabbix-java-gateway-4.0.50-bp155.3.9.1
zabbix-phpfrontend-4.0.50-bp155.3.9.1
zabbix-proxy-4.0.50-bp155.3.9.1
zabbix-proxy-mysql-4.0.50-bp155.3.9.1
zabbix-proxy-postgresql-4.0.50-bp155.3.9.1
zabbix-proxy-sqlite-4.0.50-bp155.3.9.1
zabbix-server-4.0.50-bp155.3.9.1
zabbix-server-mysql-4.0.50-bp155.3.9.1
zabbix-server-postgresql-4.0.50-bp155.3.9.1
Ссылки
- E-Mail link for openSUSE-SU-2023:0418-1
- SUSE Security Ratings
- SUSE Bug 1218199
- SUSE CVE CVE-2023-32727 page
Описание
An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.
Затронутые продукты
SUSE Package Hub 15 SP5:zabbix-agent-4.0.50-bp155.3.9.1
SUSE Package Hub 15 SP5:zabbix-java-gateway-4.0.50-bp155.3.9.1
SUSE Package Hub 15 SP5:zabbix-phpfrontend-4.0.50-bp155.3.9.1
SUSE Package Hub 15 SP5:zabbix-proxy-4.0.50-bp155.3.9.1
Ссылки
- CVE-2023-32727
- SUSE Bug 1218199