Описание
Security update for zabbix
This update for zabbix fixes the following issues:
Updated to latest release 4.0.50:
- CVE-2023-32727: Fixed potential arbitrary code execution in icmpping (boo#1218199)
Список пакетов
SUSE Package Hub 15 SP4
zabbix-agent-4.0.50-bp154.2.9.1
zabbix-java-gateway-4.0.50-bp154.2.9.1
zabbix-phpfrontend-4.0.50-bp154.2.9.1
zabbix-proxy-4.0.50-bp154.2.9.1
zabbix-proxy-mysql-4.0.50-bp154.2.9.1
zabbix-proxy-postgresql-4.0.50-bp154.2.9.1
zabbix-proxy-sqlite-4.0.50-bp154.2.9.1
zabbix-server-4.0.50-bp154.2.9.1
zabbix-server-mysql-4.0.50-bp154.2.9.1
zabbix-server-postgresql-4.0.50-bp154.2.9.1
openSUSE Leap 15.4
zabbix-agent-4.0.50-bp154.2.9.1
zabbix-java-gateway-4.0.50-bp154.2.9.1
zabbix-phpfrontend-4.0.50-bp154.2.9.1
zabbix-proxy-4.0.50-bp154.2.9.1
zabbix-proxy-mysql-4.0.50-bp154.2.9.1
zabbix-proxy-postgresql-4.0.50-bp154.2.9.1
zabbix-proxy-sqlite-4.0.50-bp154.2.9.1
zabbix-server-4.0.50-bp154.2.9.1
zabbix-server-mysql-4.0.50-bp154.2.9.1
zabbix-server-postgresql-4.0.50-bp154.2.9.1
Ссылки
- E-Mail link for openSUSE-SU-2023:0419-1
- SUSE Security Ratings
- SUSE Bug 1218199
- SUSE CVE CVE-2023-32727 page
Описание
An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server.
Затронутые продукты
SUSE Package Hub 15 SP4:zabbix-agent-4.0.50-bp154.2.9.1
SUSE Package Hub 15 SP4:zabbix-java-gateway-4.0.50-bp154.2.9.1
SUSE Package Hub 15 SP4:zabbix-phpfrontend-4.0.50-bp154.2.9.1
SUSE Package Hub 15 SP4:zabbix-proxy-4.0.50-bp154.2.9.1
Ссылки
- CVE-2023-32727
- SUSE Bug 1218199