Ad Widget

Collapse

vulnerabilities zabbix

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • Thomas51
    Junior Member
    • Oct 2024
    • 19
    #1

    vulnerabilities zabbix

    Hello,
    I just saw that several security vulnerabilities have been published for Zabbix. I have version 7.0. How can I update it to fix the vulnerabilities?

    Zabbix urges upgrades after SQL injection bug disclosure
    https://www.theregister.com/2024/11/29/zabbix_urges_upgrades_after_critical/
    US agencies blasted 'unforgivable' SQLi flaws earlier this year



    I tested the following commands:
    wget https://repo.zabbix.com/zabbix/7.0/d...bian12_all.deb
    dpkg -i zabbix-release_latest+debian12_all.deb
    apt update
    apt install --only-upgrade zabbix-server-mysql zabbix-frontend-php zabbix-agent
    But it says everything is up to date...

    How can I fix the security vulnerabilities?
    Last edited by Thomas51; 04-12-2024, 11:08.
    Tags: None
    • cyber
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • Dec 2006
      • 4806
      #2
      What minor version of 7 you have ? Article mentions 7.0.0 and upgrade to 7.0.1rc1, but if you have something higher, it should be fixed there already...

        Comment

        • Thomas51
          Junior Member
          • Oct 2024
          • 19
          #3
          I have version 7.0.5, but I've had this version for 2 weeks. What do you think?
          Another article mentions Zabbix versions 7.0.x prior to 7.0.4rc1, and I'm not sure if I'm affected since I'm not on rc1.
          Last edited by Thomas51; 04-12-2024, 12:48.

            Comment

            • cyber
              Senior Member
              Zabbix Certified SpecialistZabbix Certified Professional
              • Dec 2006
              • 4806
              #4
              you have 7.05 which is later than 7.0.4rc1...

                Comment

                • Thomas51
                  #4.1
                  Thomas51 commented
                  04-12-2024, 17:50
                  Editing a comment
                  Thank you, this also concerns the agents, they are in 6.4.?
                • cyber
                  Senior Member
                  Zabbix Certified SpecialistZabbix Certified Professional
                  • Dec 2006
                  • 4806
                  #5
                  Why I need to quote the text that is on the page you linked?
                  Zabbix said three product versions are affected and should be upgraded to the latest available:
                  • 6.0.0…6.0.31
                  • 6.4.0…6.4.16
                  • 7.0.0

                  Upgrading to versions 6.0.32rc1, 6.4.17rc1, and 7.0.1rc1 respectively will protect users from the privilege escalation attacks.
                  Mentioned fixed rc1 versions (release candidate 1) came out already in July
                  Any later version is also safe.... Currently, as of 5th of December 2024 latest vesions are 6.0.36, 6.4.20, 7.0.6, which came out already on 19-20 of November... Before that article was written...

                    Comment

                    Previous template Next
                    Working...