summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb
Commit message (Collapse)AuthorAgeFilesLines
* zabbix: fix CVE-2023-32726 and CVE-2023-32727Yogita Urade2024-02-071-0/+3
| | | | | | | | | | | | | | | | | | | | | | CVE-2023-32726: The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server. CVE-2023-32727: An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server. Refernces: https://nvd.nist.gov/vuln/detail/CVE-2023-32726 https://security-tracker.debian.org/tracker/CVE-2023-32726 https://nvd.nist.gov/vuln/detail/CVE-2023-32727 https://security-tracker.debian.org/tracker/CVE-2023-32727 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* zabbix: fix CVE-2023-29450Urade, Yogita2023-08-031-0/+1
| | | | | | | | | | | | | JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. Reference: https://support.zabbix.com/browse/ZBX-22588 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* zabbix: fix CVE-2023-29449Urade, Yogitag2023-08-031-0/+1
| | | | | | | | | | | | | | | | | JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access. References: https://support.zabbix.com/browse/ZBX-22589 Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* zabbix: fix CVE-2023-29451Changqing Li2023-04-281-0/+1
| | | | | | | Refer: https://support.zabbix.com/browse/ZBX-22587 Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* zabbix: fix CVE-2022-43515,CVE-2022-46768Changqing Li2023-01-121-0/+2
| | | | | Signed-off-by: Changqing Li <changqing.li@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
* zabbix: upgrade 5.2.6 -> 5.4.12Changqing Li2022-07-181-0/+79
This upgrade CVE fix: CVE-2022-24349 CVE-2022-24917 CVE-2022-24918 CVE-2022-24919 Signed-off-by: Changqing Li <changqing.li@windriver.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-08-07 23:34:20 +0000