Zabbix Apache/MySQLvulnerability mitigation?

theseandavis

Junior Member

Joined: Jul 2023

Posts: 1
#1

Zabbix Apache/MySQLvulnerability mitigation?

07-07-2023, 19:21

Hi there,

First post here. We notice that the official Zabbix repositories do not offer Zabbix 6.4.4 with an Apache version greater than 2.4.37 . This version has a number of vulnerabilities (eg https://cve.report/CVE-2023-25690 with CVSS score of 9.8) and as we allow our front-end to be public-facing we want to patch this. Is it supported to run newer versions of Apache and mysql beyond those in the official repo? If not, when are these vulnerabilities going to be addressed?
Tags: None
Atsushi

Senior Member

Joined: Aug 2013

Posts: 2028
#2

10-07-2023, 07:18

There are no packages for Apache HTTP Server or MySQL in Zabbix official repository. Find out where the repository you are using is located and contact the organization or company that maintains that repository.
For example, if you are using RHEL, it seems that a package corresponding to CVE-2023-25690 has been released.

cve-details

https://access.redhat.com/security/cve/cve-2023-25690
Comment

Ad Widget