Your message dated Wed, 29 Jan 2025 09:10:37 +0000
with message-id <e1td45l-006jcg...@fasolo.debian.org>
and subject line Bug#1090030: fixed in zabbix 1:7.0.9+dfsg-1
has caused the Debian Bug report #1090030,
regarding zabbix: CVE-2024-36464
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1090030: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090030
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: zabbix
X-Debbugs-CC: t...@security.debian.org
Severity: grave
Tags: security
Hi,
The following vulnerabilities were published for zabbix.
CVE-2024-36464[0]:
| When exporting media types, the password is exported in the YAML in
| plain text. This appears to be a best practices type issue and may
| have no actual impact. The user would need to have permissions to
| access the media types and therefore would be expected to have
| access to these passwords.
https://support.zabbix.com/browse/ZBX-25630
CVE-2024-36467[1]:
| An authenticated user with API access (e.g.: user with default User
| role), more specifically a user with access to the user.update API
| endpoint is enough to be able to add themselves to any group (e.g.:
| Zabbix Administrators), except to groups that are disabled or having
| restricted GUI access.
https://support.zabbix.com/browse/ZBX-25614
CVE-2024-36468[2]:
| The reported vulnerability is a stack buffer overflow in the
| zbx_snmp_cache_handle_engineid function within the Zabbix
| server/proxy code. This issue occurs when copying data from
| session->securityEngineID to local_record.engineid without proper
| bounds checking.
https://support.zabbix.com/browse/ZBX-25621
CVE-2024-42326[3]:
| There was discovered a use after free bug in browser.c in the
| es_browser_get_variant function
https://support.zabbix.com/browse/ZBX-25622
CVE-2024-42327[4]:
| A non-admin user account on the Zabbix frontend with the default
| User role, or with any other role that gives API access can exploit
| this vulnerability. An SQLi exists in the CUser class in the
| addRelatedObjects function, this function is being called from the
| CUser.get function which is available for every user who has API
| access.
https://support.zabbix.com/browse/ZBX-25623
CVE-2024-42328[5]:
| When the webdriver for the Browser object downloads data from a HTTP
| server, the data pointer is set to NULL and is allocated only in
| curl_write_cb when receiving data. If the server's response is an
| empty document, then wd->data in the code below will remain NULL and
| an attempt to read from it will result in a crash.
https://support.zabbix.com/browse/ZBX-25624
CVE-2024-42329[6]:
| The webdriver for the Browser object expects an error object to be
| initialized when the webdriver_session_query function fails. But
| this function can fail for various reasons without an error
| description and then the wd->error will be NULL and trying to read
| from it will result in a crash.
https://support.zabbix.com/browse/ZBX-25625
CVE-2024-42330[7]:
| The HttpRequest object allows to get the HTTP headers from the
| server's response after sending the request. The problem is that the
| returned strings are created directly from the data returned by the
| server and are not correctly encoded for JavaScript. This allows to
| create internal strings that can be used to access hidden properties
| of objects.
https://support.zabbix.com/browse/ZBX-25626
CVE-2024-42331[8]:
| In the src/libs/zbxembed/browser.c file, the es_browser_ctor method
| retrieves a heap pointer from the Duktape JavaScript engine. This
| heap pointer is subsequently utilized by the browser_push_error
| method in the src/libs/zbxembed/browser_error.c file. A use-after-
| free bug can occur at this stage if the wd->browser heap pointer is
| freed by garbage collection.
https://support.zabbix.com/browse/ZBX-25627
CVE-2024-42332[9]:
| The researcher is showing that due to the way the SNMP trap log is
| parsed, an attacker can craft an SNMP trap with additional lines of
| information and have forged data show in the Zabbix UI. This attack
| requires SNMP auth to be off and/or the attacker to know the
| community/auth details. The attack requires an SNMP item to be
| configured as text on the target host.
https://support.zabbix.com/browse/ZBX-25628
CVE-2024-42333[10]:
| The researcher is showing that it is possible to leak a small amount
| of Zabbix Server memory using an out of bounds read in
| src/libs/zbxmedia/email.c
https://support.zabbix.com/browse/ZBX-25629
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-36464
https://www.cve.org/CVERecord?id=CVE-2024-36464
[1] https://security-tracker.debian.org/tracker/CVE-2024-36467
https://www.cve.org/CVERecord?id=CVE-2024-36467
[2] https://security-tracker.debian.org/tracker/CVE-2024-36468
https://www.cve.org/CVERecord?id=CVE-2024-36468
[3] https://security-tracker.debian.org/tracker/CVE-2024-42326
https://www.cve.org/CVERecord?id=CVE-2024-42326
[4] https://security-tracker.debian.org/tracker/CVE-2024-42327
https://www.cve.org/CVERecord?id=CVE-2024-42327
[5] https://security-tracker.debian.org/tracker/CVE-2024-42328
https://www.cve.org/CVERecord?id=CVE-2024-42328
[6] https://security-tracker.debian.org/tracker/CVE-2024-42329
https://www.cve.org/CVERecord?id=CVE-2024-42329
[7] https://security-tracker.debian.org/tracker/CVE-2024-42330
https://www.cve.org/CVERecord?id=CVE-2024-42330
[8] https://security-tracker.debian.org/tracker/CVE-2024-42331
https://www.cve.org/CVERecord?id=CVE-2024-42331
[9] https://security-tracker.debian.org/tracker/CVE-2024-42332
https://www.cve.org/CVERecord?id=CVE-2024-42332
[10] https://security-tracker.debian.org/tracker/CVE-2024-42333
https://www.cve.org/CVERecord?id=CVE-2024-42333
Please adjust the affected versions in the BTS as needed.
--- End Message ---
--- Begin Message ---
Source: zabbix
Source-Version: 1:7.0.9+dfsg-1
Done: Dmitry Smirnov <only...@debian.org>
We believe that the bug you reported is fixed in the latest version of
zabbix, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1090...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dmitry Smirnov <only...@debian.org> (supplier of updated zabbix package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 29 Jan 2025 18:58:13 +1100
Source: zabbix
Architecture: source
Version: 1:7.0.9+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Dmitry Smirnov <only...@debian.org>
Changed-By: Dmitry Smirnov <only...@debian.org>
Closes: 1090030 1093277
Changes:
zabbix (1:7.0.9+dfsg-1) unstable; urgency=medium
.
[ Tobias Frost ]
* Annotate changelog entries for 1:7.0.0+dfsg-1, 1:7.0.1+dfsg-1,
1:7.0.5+dfsg-1 and 1:7.0.3+dfsg-1 with CVE information.
* New patch for CVE-2024-36464 (Closes: #1090030).
.
[ Dmitry Smirnov ]
* New upstream release.
* Updated agent2 config to set PID file location (Closes: #1093277).
Thanks, Daniel Scharon.
Checksums-Sha1:
8bf26f10a2ff10890273970f964e89bdfe5b2248 4143 zabbix_7.0.9+dfsg-1.dsc
179586eecbba16318ff6c06e8d0e99b7b452ecbe 15020552
zabbix_7.0.9+dfsg.orig-templates.tar.xz
46057e23c4612e0ba2f822fca34c9a110a2faed5 827192
zabbix_7.0.9+dfsg.orig-vendor.tar.xz
f9f9f8e1900acd5682ac0a4bbd8424aa9a42c996 21897812 zabbix_7.0.9+dfsg.orig.tar.xz
dc3436549978dc27e23f556affa2f8c7b5b9050d 143892
zabbix_7.0.9+dfsg-1.debian.tar.xz
946d586cd728df3c8eedb7035e38786905d2cb57 22079
zabbix_7.0.9+dfsg-1_amd64.buildinfo
Checksums-Sha256:
64d0374165ed8a4b58bd61032c1e6b08dce44422d70b9fd1ad398fab2b1bd03b 4143
zabbix_7.0.9+dfsg-1.dsc
7f2e38fde65ee4b7b94e39ef42f45cd24589d46519a4874ec54c2103a749f68b 15020552
zabbix_7.0.9+dfsg.orig-templates.tar.xz
665b2e1f657587dc99e872c52084102bc00aa88ecb13921bfd1d85f3643197b7 827192
zabbix_7.0.9+dfsg.orig-vendor.tar.xz
dc98ac8ab5b1d62e2205eebe7df98dcf257e25762bf956b8f01f9f53e3f34c90 21897812
zabbix_7.0.9+dfsg.orig.tar.xz
a2bcc42ea19c5d3c5a0aae799a261dc6ff9b1c8d78f955e98935e29a645f6ba0 143892
zabbix_7.0.9+dfsg-1.debian.tar.xz
cead3dcbea1cbf453e485e5b5e9821276c87b4d5f32ec8499ab76103e771d09a 22079
zabbix_7.0.9+dfsg-1_amd64.buildinfo
Files:
d84818c4276822a14d9c555ae6c78704 4143 net optional zabbix_7.0.9+dfsg-1.dsc
cba26363f62f5f219ab64c3760fee9c1 15020552 net optional
zabbix_7.0.9+dfsg.orig-templates.tar.xz
f84b982482b647bbeb2cbce854f51dff 827192 net optional
zabbix_7.0.9+dfsg.orig-vendor.tar.xz
44184ca6e7559f784586c218c068435a 21897812 net optional
zabbix_7.0.9+dfsg.orig.tar.xz
e080955671c919baf2c2681226be6aa1 143892 net optional
zabbix_7.0.9+dfsg-1.debian.tar.xz
67256c6ff3e15ae3db3c02e27226cb49 22079 net optional
zabbix_7.0.9+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEULx8+TnSDCcqawZWUra72VOWjRsFAmeZ5ngACgkQUra72VOW
jRsswA//d5fd4d8k8C6hLSzfXz0yKv9pun3RaBLxHtrtcTk+GWVI/FTpVqywfGHi
5rm2uR5sRvkv/Nxj0YllE2nJ8oPwrCpO1kgZDt6geHY8ffjqWRS4uujcAyX3ndF/
GpmBB9gMMSV4h7+XxMJ6IVDpLWvUjTnzA15hg0ek4/lNHzkfPguAdrTb5F/NZpdD
QtAtKRZnZNYUUINVUDemZvEXJr0DenajnGBxfmjBkiJX5pnic7hDMasa2TPPJyDN
21J5taF/to7M4ivkG3QFFIFesJAMcWtN7hhaej3FT+nwd8tFz1jR4g4odKfxyIBJ
77Eof2JWQWz28FxA/Yp5jJ8om7L5zN5AmM/o9t2NssCmHXeETISEy2jVp/MxSX2g
6wSxTGH5KGGZrkAff+kTgek758xtc1JavqrEjAEHthAdeqHfLVVbVK/82dcWcutC
R4t7ur9B6dBpRtUvEYfDJ14Vu2HnxZnPUWARSfF8V9LOcY4SqUy8F8caSC/2aj80
45jC+61d5TElqAMftUkuuXq/N2oT/R25XlSJQ3ktsgPt9smWkAJQjPPqZk0f1uoV
OTGQvG1l+566irOi41MkcHIar3fzrqL9EeC671wUiERBSh2jJv72CGXI4DOh4HoH
9cDqZspDg5nyVRoHx3L1PNrywr69PWa9wG1wcc3amD+j2e+pDIo=
=mgQq
-----END PGP SIGNATURE-----
pgpZoujpD3yvT.pgp
Description: PGP signature
--- End Message ---
