Debian alert DLA-2914-1 (zabbix)
| From: | Sylvain Beucler <beuc@beuc.net> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 2914-1] zabbix security update | |
| Date: | Mon, 07 Feb 2022 22:48:51 +0100 | |
| Message-ID: | <20220207214851.GA9514@mail.beuc.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2914-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Sylvain Beucler February 07, 2022 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : zabbix Version : 1:3.0.32+dfsg-0+deb9u2 CVE ID : CVE-2022-23134 Thomas Chauchefoin from SonarSource discovered that in Zabbix, a server/client network monitoring system, after the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. An attacker could bypass checks and potentially change the configuration of Zabbix Frontend. For Debian 9 stretch, this problem has been fixed in version 1:3.0.32+dfsg-0+deb9u2. We recommend that you upgrade your zabbix packages. For the detailed security status of zabbix please refer to its security tracker page at: https://security-tracker.debian.org/tracker/zabbix Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmIBkycACgkQDTl9HeUl XjBfLg/+JHY6UBdsXO8R/TT3FnP6/IEsxeNQNILK+b9LaHAg3/Sd9nPem11dpEQx GzIZlXciVAKsxb5Y8aZU1CbCWZE43O4CrrDpqzjqI4/w+NadyCsaedQhCP+VXu9i hOvQI6OunN3bdzjJk3SsJMnbKQ+w0MHDfh565iOdWIkzBFgbmlhRYGS0rHfaXwfu gomN8jrXrPECuzLYC95Kq0YZwZcXx3Qg+VJ62GNHoeEuTv22HY79EBjVEt+BGlLt 5S4DHi+gzfm9jG+A7TzlbirfDD5mQUqtXsauAxkqR7pZp+WTnVdiV6bblB5Jxmt7 +IsNqbT0yeGnWtbyafO2kVmVwjCaI+AoACrQ5bOD0HbgBm15cWDoDOYqx/U/4Ab0 QHr6qfzHI1LGydIVQkjIiRa4/S1FBoG//aj/2eqFiOuDKrDwtFwAuOqIdp92IZdh Y9OkVOLi0h6nDQS9DfziiIa1GruTvteWXsR2s/dtykotOZpgalnMuQ7fTm7GshPI FatiXyHDd2QMAcFHlCu0LylSkcFtjaH4/vYfaO57/IuNiw70yJBOfRzeiQ/wIuTh HpYed3u3/3dCEbm7OZNUVZ2JXoJ8JGDNitEHpcv8pXyW/ke/ejX8Owa8RCwVac2R 7UkkrVgrTA+ubAZxU4NXBri31apL9BthOH21MwycqZ870N0qvlo= =UeUm -----END PGP SIGNATURE-----