Bug #14913
closed
[Security] Zabbix packages need updating bec. of recent critical security CVEs
Added by Carsten Lohrmann about 1 year ago.
Updated 10 months ago.
Plus Target Version:
23.09.1
Affected Plus Version:
23.09
Affected Architecture:
All
Description
Several critical CVEs in Zabbix got recently reported. They are already addressed/fixed by Zabbix, but not yet available as updated package in pfSense.
https://www.zabbix.com/security_advisories
Mainly:
CVE-2023-32721
CVE-2023-32722
CVE-2023-32724
- Status changed from New to Confirmed
- Priority changed from Normal to Very High
- Affected Plus Version changed from 23.01 to 23.09
Confirmed that the version in Plus 23.09, 23.09.1, and 2.7.X are all the vulnerable 6.4.5 version.
Freshports has updated packages for zabbix-agent64 and zabbix-proxy64 of version 6.4.8. These should be easy to port in.
Marking as Confirmed and moving importance to Very High.
There are also updated versions of zabbix-agent6, zabbix-proxy6, zabbix-agent5, zabbix-proxy5, zabbix-agent4, zabbix-proxy4 available as well that fix all of these vulnerabilities.
- Status changed from Confirmed to Feedback
- % Done changed from 0 to 100
- Plus Target Version set to 23.09.1
Done in 23.09.1 and 2.7.2
- Status changed from Feedback to Resolved
Confirmed the patched packages are available in 23.09.1 and 24.03 of Plus.
Also available in: Atom
PDF
Updated by 
Updated by