Tobias Frost pushed to branch master at Debian Security Tracker / security-tracker
Commits: 7ea0c417 by Tobias Frost at 2024-09-15T14:28:14+02:00 CVE-2024-36462/zabbix - vulnerable feature introduced with 7.0.0 "Browser Monitoring" was a new feature in 7.0.0 [1] hat means bookworm and older is not affected. Introduced with commit https://github.com/zabbix/zabbix/commit/036f3e14be3 first seen in tag 7.0.0rc1 Upstream Ticket: https://support.zabbix.com/browse/ZBXNEXT-9150 The problem ticket for this CVE is https://support.zabbix.com/browse/ZBX-25019 The changelog entry, identified by the handle ZBX-25019 for this reads: ........S. [ZBX-25019] introduced limits to WebDriver performance data collection (dgoloscapov) Looking at the git log, this gets us to the dev ticket: ........S. [DEV-3757] introduced limits to WebDriver performance data collection which has been merged with upstream commit 36663df8e81f073b049fba2c595a4bb7c6adea68 [2]. [1] https://www.zabbix.com/documentation/7.0/en/manual/introduction/whatsnew700#browser-items [2] https://github.com/zabbix/zabbix/commit/36663df8e81f073b049fba2c595a4bb7c6adea68 - - - - - 1 changed file: - data/CVE/list Changes: ===================================== data/CVE/list ===================================== @@ -8201,7 +8201,11 @@ CVE-2024-37826 (A NULL pointer dereference in vercot Serva v4.6.0 allows attacke NOT-FOR-US: vercot Serva CVE-2024-36462 (Uncontrolled resource consumption refers to a software vulnerability w ...) - zabbix 1:7.0.1+dfsg-1 (bug #1078553) + [bookworm] - zabbix <not-affected> (feature not present) + [bullseye] - zabbix <not-affected> (feature not present) NOTE: https://support.zabbix.com/browse/ZBX-25019 + NOTE: fix: https://github.com/zabbix/zabbix/commit/36663df8e81f073b049fba2c595a4bb7c6adea68a (7.0.x) + NOTE: WebDriver (Browser monitoring) feature introduced in https://github.com/zabbix/zabbix/commit/036f3e14be3, first seen in 7.0.0rc1 CVE-2024-36461 (Within Zabbix, users have the ability to directly modify memory pointe ...) - zabbix 1:7.0.1+dfsg-1 (bug #1078553) NOTE: https://support.zabbix.com/browse/ZBX-25018 View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ea0c417b4e1b2b9f342a630184dfc6e6112a892 -- View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/7ea0c417b4e1b2b9f342a630184dfc6e6112a892 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ debian-security-tracker-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
