Bug #14913
closed
[Security] Zabbix packages need updating bec. of recent critical security CVEs
100%
Description
Several critical CVEs in Zabbix got recently reported. They are already addressed/fixed by Zabbix, but not yet available as updated package in pfSense.
https://www.zabbix.com/security_advisories
Mainly:
CVE-2023-32721
CVE-2023-32722
CVE-2023-32724
Updated by Kris Phillips 12 months ago
- Status changed from New to Confirmed
- Priority changed from Normal to Very High
- Affected Plus Version changed from 23.01 to 23.09
Confirmed that the version in Plus 23.09, 23.09.1, and 2.7.X are all the vulnerable 6.4.5 version.
Freshports has updated packages for zabbix-agent64 and zabbix-proxy64 of version 6.4.8. These should be easy to port in.
Marking as Confirmed and moving importance to Very High.
Updated by Kris Phillips 12 months ago
There are also updated versions of zabbix-agent6, zabbix-proxy6, zabbix-agent5, zabbix-proxy5, zabbix-agent4, zabbix-proxy4 available as well that fix all of these vulnerabilities.
Updated by Brad Davis 12 months ago
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
- Plus Target Version set to 23.09.1
Done in 23.09.1 and 2.7.2
Updated by Kris Phillips 10 months ago
- Status changed from Feedback to Resolved
Confirmed the patched packages are available in 23.09.1 and 24.03 of Plus.