Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 20.04 LTS: USN-6751-1 Severe: Zabbix XSS Attack Mitigation

ubuntu
Calendar Grey April 25, 2024
Dist Ubuntu Esm H88
Discover Zabbix vulnerabilities impacting Ubuntu 20.04 LTS with updates to mitigate XSS attacks in USN-6751-1.
Zabbix could allow reflected cross-site scripting (XSS) attacks.

Summary

Zabbix could allow reflected cross-site scripting (XSS) attacks.

Software Description:

- zabbix: Open-source monitoring software tool for diverse IT components

Details:

It was discovered that Zabbix incorrectly handled input data in the

discovery and graphs pages. A remote authenticated attacker could possibly

use this issue to perform reflected cross-site scripting (XSS) attacks.

(CVE-2022-35229, CVE-2022-35230)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS (Available with Ubuntu Pro):
   zabbix-agent                    1:4.0.17+dfsg-1ubuntu0.1~esm1
   zabbix-frontend-php             1:4.0.17+dfsg-1ubuntu0.1~esm1
   zabbix-java-gateway             1:4.0.17+dfsg-1ubuntu0.1~esm1
   zabbix-proxy-mysql              1:4.0.17+dfsg-1ubuntu0.1~esm1
   zabbix-proxy-pgsql              1:4.0.17+dfsg-1ubuntu0.1~esm1
   zabbix-proxy-sqlite3            1:4.0.17+dfsg-1ubuntu0.1~esm1
   zabbix-server-mysql             1:4.0.17+dfsg-1ubuntu0.1~esm1
   zabbix-server-pgsql             1:4.0.17+dfsg-1ubuntu0.1~esm1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   zabbix-agent                    1:3.0.12+dfsg-1ubuntu0.1~esm3
   zabbix-frontend-php             1:3.0.12+dfsg-1ubuntu0.1~esm3
   zabbix-java-gateway             1:3.0.12+dfsg-1ubuntu0.1~esm3
   zabbix-proxy-mysql              1:3.0.12+dfsg-1ubuntu0.1~esm3
   zabbix-proxy-pgsql              1:3.0.12+dfsg-1ubuntu0.1~esm3
   zabbix-proxy-sqlite3            1:3.0.12+dfsg-1ubuntu0.1~esm3
   zabbix-server-mysql             1:3.0.12+dfsg-1ubuntu0.1~esm3
   zabbix-server-pgsql             1:3.0.12+dfsg-1ubuntu0.1~esm3

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   zabbix-agent                    1:2.4.7+dfsg-2ubuntu2.1+esm3
   zabbix-frontend-php             1:2.4.7+dfsg-2ubuntu2.1+esm3
   zabbix-java-gateway             1:2.4.7+dfsg-2ubuntu2.1+esm3
   zabbix-proxy-mysql              1:2.4.7+dfsg-2ubuntu2.1+esm3
   zabbix-proxy-pgsql              1:2.4.7+dfsg-2ubuntu2.1+esm3
   zabbix-proxy-sqlite3            1:2.4.7+dfsg-2ubuntu2.1+esm3
   zabbix-server-mysql             1:2.4.7+dfsg-2ubuntu2.1+esm3
   zabbix-server-pgsql             1:2.4.7+dfsg-2ubuntu2.1+esm3

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
   zabbix-agent                    1:2.2.2+dfsg-1ubuntu1+esm5
   zabbix-frontend-php             1:2.2.2+dfsg-1ubuntu1+esm5
   zabbix-java-gateway             1:2.2.2+dfsg-1ubuntu1+esm5
   zabbix-proxy-mysql              1:2.2.2+dfsg-1ubuntu1+esm5
   zabbix-proxy-pgsql              1:2.2.2+dfsg-1ubuntu1+esm5
   zabbix-proxy-sqlite3            1:2.2.2+dfsg-1ubuntu1+esm5
   zabbix-server-mysql             1:2.2.2+dfsg-1ubuntu1+esm5
   zabbix-server-pgsql             1:2.2.2+dfsg-1ubuntu1+esm5

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6751-1

  CVE-2022-35229, CVE-2022-35230

Severity
critical
Lowest
Low
Medium
High
Critical

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here