openSUSE-SU-2022:0036-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:0036-1.json

JSON Data

https://api.osv.dev/v1/vulns/openSUSE-SU-2022:0036-1

Related

Published

2022-02-16T09:04:51Z

Modified

2022-02-16T09:04:51Z

Summary

Security update for zabbix

Details

This update for zabbix fixes the following issues:

Updated to latest realease 4.0.37.

Security issues fixed:

CVE-2022-23134: Fixed possible view of the setup pages by unauthenticated users if config file already exists (boo#1194681).
CVE-2021-27927: Fixed CSRF protection mechanism inside CControllerAuthenticationUpdate controller (boo#1183014).
CVE-2020-15803: Fixed stored XSS in the URL Widget (boo#1174253).

Bugfixes:

boo#1181400: Added hardening to systemd service(s)
boo#1144018: Restructured for easier maintenance because FATE#324346

References

Affected packages

openSUSE:Leap 15.3 / zabbix

Package

Name: zabbix
Purl: pkg:rpm/opensuse/zabbix&distro=openSUSE%20Leap%2015.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.0.37-lp153.2.3.1

Ecosystem specific

{
    "binaries": [
        {
            "zabbix-java-gateway": "4.0.37-lp153.2.3.1",
            "zabbix-proxy-postgresql": "4.0.37-lp153.2.3.1",
            "zabbix-agent": "4.0.37-lp153.2.3.1",
            "zabbix-server-postgresql": "4.0.37-lp153.2.3.1",
            "zabbix-proxy-mysql": "4.0.37-lp153.2.3.1",
            "zabbix-proxy-sqlite": "4.0.37-lp153.2.3.1",
            "zabbix-server-mysql": "4.0.37-lp153.2.3.1",
            "zabbix-server": "4.0.37-lp153.2.3.1",
            "zabbix-phpfrontend": "4.0.37-lp153.2.3.1",
            "zabbix-proxy": "4.0.37-lp153.2.3.1"
        }
    ]
}