Ubuntu 20.04 LTS: USN-6751-1 Severe: Zabbix XSS Attack Mitigation
ubuntu
April 25, 2024
Zabbix could allow reflected cross-site scripting (XSS) attacks.
Summary
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS (Available with Ubuntu Pro) - Ubuntu 18.04 LTS (Available with Ubuntu Pro) - Ubuntu 16.04 LTS (Available with Ubuntu Pro) - Ubuntu 14.04 LTS (Available with Ubuntu Pro) Summary: Zabbix could allow reflected cross-site scripting (XSS) attacks. Software Description: - zabbix: Open-source monitoring software tool for diverse IT components Details: It was discovered that Zabbix incorrectly handled input data in the discovery and graphs pages. A remote authenticated attacker could possibly use this issue to perform reflected cross-site scripting (XSS) attacks. (CVE-2022-35229, CVE-2022-35230)
Topics Covered
Update Instructions
The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS (Available with Ubuntu Pro): zabbix-agent 1:4.0.17+dfsg-1ubuntu0.1~esm1 zabbix-frontend-php 1:4.0.17+dfsg-1ubuntu0.1~esm1 zabbix-java-gateway 1:4.0.17+dfsg-1ubuntu0.1~esm1 zabbix-proxy-mysql 1:4.0.17+dfsg-1ubuntu0.1~esm1 zabbix-proxy-pgsql 1:4.0.17+dfsg-1ubuntu0.1~esm1 zabbix-proxy-sqlite3 1:4.0.17+dfsg-1ubuntu0.1~esm1 zabbix-server-mysql 1:4.0.17+dfsg-1ubuntu0.1~esm1 zabbix-server-pgsql 1:4.0.17+dfsg-1ubuntu0.1~esm1 Ubuntu 18.04 LTS (Available with Ubuntu Pro): zabbix-agent 1:3.0.12+dfsg-1ubuntu0.1~esm3 zabbix-frontend-php 1:3.0.12+dfsg-1ubuntu0.1~esm3 zabbix-java-gateway 1:3.0.12+dfsg-1ubuntu0.1~esm3 zabbix-proxy-mysql 1:3.0.12+dfsg-1ubuntu0.1~esm3 zabbix-proxy-pgsql 1:3.0.12+dfsg-1ubuntu0.1~esm3 zabbix-proxy-sqlite3 1:3.0.12+dfsg-1ubuntu0.1~esm3 zabbix-server-mysql 1:3.0.12+dfsg-1ubuntu0.1~esm3 zabbix-server-pgsql 1:3.0.12+dfsg-1ubuntu0.1~esm3 Ubuntu 16.04 LTS (Available with Ubuntu Pro): zabbix-agent 1:2.4.7+dfsg-2ubuntu2.1+esm3 zabbix-frontend-php 1:2.4.7+dfsg-2ubuntu2.1+esm3 zabbix-java-gateway 1:2.4.7+dfsg-2ubuntu2.1+esm3 zabbix-proxy-mysql 1:2.4.7+dfsg-2ubuntu2.1+esm3 zabbix-proxy-pgsql 1:2.4.7+dfsg-2ubuntu2.1+esm3 zabbix-proxy-sqlite3 1:2.4.7+dfsg-2ubuntu2.1+esm3 zabbix-server-mysql 1:2.4.7+dfsg-2ubuntu2.1+esm3 zabbix-server-pgsql 1:2.4.7+dfsg-2ubuntu2.1+esm3 Ubuntu 14.04 LTS (Available with Ubuntu Pro): zabbix-agent 1:2.2.2+dfsg-1ubuntu1+esm5 zabbix-frontend-php 1:2.2.2+dfsg-1ubuntu1+esm5 zabbix-java-gateway 1:2.2.2+dfsg-1ubuntu1+esm5 zabbix-proxy-mysql 1:2.2.2+dfsg-1ubuntu1+esm5 zabbix-proxy-pgsql 1:2.2.2+dfsg-1ubuntu1+esm5 zabbix-proxy-sqlite3 1:2.2.2+dfsg-1ubuntu1+esm5 zabbix-server-mysql 1:2.2.2+dfsg-1ubuntu1+esm5 zabbix-server-pgsql 1:2.2.2+dfsg-1ubuntu1+esm5 In general, a standard system update will make all the necessary changes.
References
https://ubuntu.com/security/notices/USN-6751-1
CVE-2022-35229, CVE-2022-35230
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Topics Covered
Package Information
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!