Bug #14913
closed
[Security] Zabbix packages need updating bec. of recent critical security CVEs
100%
Description
Several critical CVEs in Zabbix got recently reported. They are already addressed/fixed by Zabbix, but not yet available as updated package in pfSense.
https://www.zabbix.com/security_advisories
Mainly:
CVE-2023-32721
CVE-2023-32722
CVE-2023-32724
Updated by Kris Phillips 5 months ago
- Status changed from New to Confirmed
- Priority changed from Normal to Very High
- Affected Plus Version changed from 23.01 to 23.09
Confirmed that the version in Plus 23.09, 23.09.1, and 2.7.X are all the vulnerable 6.4.5 version.
Freshports has updated packages for zabbix-agent64 and zabbix-proxy64 of version 6.4.8. These should be easy to port in.
Marking as Confirmed and moving importance to Very High.
Updated by Kris Phillips 5 months ago
There are also updated versions of zabbix-agent6, zabbix-proxy6, zabbix-agent5, zabbix-proxy5, zabbix-agent4, zabbix-proxy4 available as well that fix all of these vulnerabilities.
Updated by Brad Davis 5 months ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
- Plus Target Version set to 23.09.1
Done in 23.09.1 and 2.7.2
Updated by Kris Phillips 3 months ago
- Status changed from Feedback to Resolved
Confirmed the patched packages are available in 23.09.1 and 24.03 of Plus.