Alerts This Week
Warning Icon 1 540
Alerts This Week
Warning Icon 1 540

openSUSE: 2023-0191-1 Moderate: Zabbix Security Update for Backports

opensuse
Calendar Grey July 25, 2023
Dist Opensuse Esm H88
This notification pertains to a significant security concern in Zabbix for openSUSE clientele. Discover additional details regarding the enhancements made.
An update that fixes one vulnerability is now available

Description

This update for zabbix fixes the following issues:

Updated to latest release 4.0.47, this version fixes CVE-2023-29454

(boo#1213338):

- New Features and Improvements

+ ZBXNEXT-7694 Added "utf8mb3" character set support for MySQL database

+ ZBX-20946 Enabled Bulgarian, Chinese (zh_TW), German, Greek,

Indonesian, Romanian, Spanish and Vietnamese languages in frontend

- Bug Fixes

+ ZBX-22987 Fixed inefficient URL schema validation

+ ZBX-22688 Fixed AlertScriptPath not allowing links

+ ZBX-22386 Fixed encoding of HTML entities in the user interface

+ ZBX-22858 Fixed xss vulnerability in graph item properties

+ ZBX-22859 Fixed validation of input parameters in action configuration

form

+ ZBX-22622 Fixed alert script path validation

+ ZBX-22520 Fixed versions of integrations

+ ZBX-22026 Fixed SNMP agent item going to unsupported state on NULL

result

+ ZBX-22050 Fixed spoofing X-Forwarded-For...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security fix openSUSE Zabbix backports

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP5:

zypper in -t patch openSUSE-2023-191=1

- openSUSE Backports SLE-15-SP4:

zypper in -t patch openSUSE-2023-191=1

Package List

- openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64):

zabbix-agent-4.0.47-bp155.3.3.1

zabbix-agent-debuginfo-4.0.47-bp155.3.3.1

zabbix-debuginfo-4.0.47-bp155.3.3.1

zabbix-debugsource-4.0.47-bp155.3.3.1

zabbix-java-gateway-4.0.47-bp155.3.3.1

zabbix-phpfrontend-4.0.47-bp155.3.3.1

zabbix-proxy-4.0.47-bp155.3.3.1

zabbix-proxy-mysql-4.0.47-bp155.3.3.1

zabbix-proxy-mysql-debuginfo-4.0.47-bp155.3.3.1

zabbix-proxy-postgresql-4.0.47-bp155.3.3.1

zabbix-proxy-postgresql-debuginfo-4.0.47-bp155.3.3.1

zabbix-proxy-sqlite-4.0.47-bp155.3.3.1

zabbix-proxy-sqlite-debuginfo-4.0.47-bp155.3.3.1

zabbix-server-4.0.47-bp155.3.3.1

zabbix-server-debuginfo-4.0.47-bp155.3.3.1

zabbix-server-mysql-4.0.47-bp155.3.3.1

zabbix-server-mysql-debuginfo-4.0.47-bp155.3.3.1

zabbix-server-postgresql-4.0.47-bp155.3.3.1

zabbix-server-postgresql-debuginfo-4.0.47-bp155.3.3.1

- openSUSE Backports SLE-15-SP4 (aarch64 i586 ppc64le s390x x86_64):

zabbix-agent-4.0.47-bp154.2.3.1

zabbix-java-gateway-4.0.47-bp154.2.3.1

zabbix-phpfrontend-4.0.47...

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2023-29454.html

https://bugzilla.suse.com/1213338

Announcement ID: openSUSE-SU-2023:0191-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP4 openSUSE Backports SLE-15-SP5 .

Topics%20covered

Topics Covered

security advisory security fix openSUSE Zabbix backports

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here