Moritz Muehlenhoff pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
70bfb6c0 by Moritz Muehlenhoff at 2026-02-05T20:16:13+01:00
zabbix triage
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -46938,6 +46938,8 @@ CVE-2025-27236 (A regular Zabbix user can search other
users in their user group
NOTE: Fixed in: 6.0.41, 7.0.17, 7.2.11, 7.4.1
CVE-2025-27231 (The LDAP 'Bind password' value cannot be read after saving,
but a Supe ...)
- zabbix 1:7.0.22+dfsg-1 (bug #1117448)
+ [trixie] - zabbix <ignored> (The WEB UI is only supported for access by
trusted users, no security updates issued for it, #1124558)
+ [bookworm] - zabbix <ignored> (The WEB UI is only supported for access
by trusted users, no security updates issued for it, #1124558)
NOTE: https://support.zabbix.com/browse/ZBX-27062
NOTE: Fixed by:
https://github.com/zabbix/zabbix/commit/32ec2f59007abd5f4bae9b5c7a7f056e8d128776
(6.0.41rc1)
NOTE: Fixed by:
https://github.com/zabbix/zabbix/commit/4579a2432cab92b0ef61f0047c2446b9f77df342
(7.0.18rc1)
@@ -55924,6 +55926,7 @@ CVE-2025-43787 (A Stored cross-site scripting
vulnerability in the Liferay Porta
NOT-FOR-US: Liferay
CVE-2025-27240 (A Zabbix adminitrator can inject arbitrary SQL during the
autoremoval ...)
- zabbix 1:7.0.5+dfsg-1
+ [bookworm] - zabbix <ignored> (The WEB UI is only supported for access
by trusted users, no security updates issued for it, #1124558)
[bullseye] - zabbix <not-affected> (Vulnerable code not present)
NOTE: https://support.zabbix.com/browse/ZBX-26986
NOTE: Internal issue DEV-3902
@@ -55932,6 +55935,7 @@ CVE-2025-27240 (A Zabbix adminitrator can inject
arbitrary SQL during the autore
NOTE: Fixed in 6.0.34, 6.4.19, 7.0.4
CVE-2025-27238 (Due to a bug in Zabbix API, the hostprototype.get method lists
all hos ...)
- zabbix 1:7.0.22+dfsg-1 (bug #1117448)
+ [trixie] - zabbix <no-dsa> (Minor issue)
[bookworm] - zabbix <not-affected> (Vulnerable code not present)
[bullseye] - zabbix <not-affected> (Vulnerable code not present)
NOTE: https://support.zabbix.com/browse/ZBX-26988
@@ -55957,6 +55961,8 @@ CVE-2025-27234 (Zabbix Agent 2 smartctl plugin does not
properly sanitize smart.
NOTE: Fixed by [8/8]:
https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/d18935be5fadca6c85ce0a715ce85e757d1dc80b
(5.0.47rc1)
CVE-2025-27233 (Zabbix Agent 2 smartctl plugin does not properly sanitize
smart.disk.g ...)
- zabbix 1:7.0.22+dfsg-1 (bug #1117448)
+ [trixie] - zabbix <no-dsa> (Minor issue)
+ [bookworm] - zabbix <no-dsa> (Minor issue)
[bullseye] - zabbix <not-affected> (Vulnerable code not present,
CVE-2025-27234 specific for the 5.0.x codebase)
NOTE: https://support.zabbix.com/browse/ZBX-26987
NOTE: Internal issue DEV-4211 (relates to CVE-2025-27234 for 5.0.x
codebase)
@@ -107281,6 +107287,7 @@ CVE-2025-0415 (A remote attacker with web
administrator privileges can exploit t
CVE-2024-45700 (Zabbix server is vulnerable to a DoS vulnerability due to
uncontrolled ...)
{DLA-4131-1}
- zabbix 1:7.0.10+dfsg-1
+ [bookworm] - zabbix <no-dsa> (Minor issue)
NOTE: https://support.zabbix.com/browse/ZBX-26253
NOTE: Fixed by (merge commit):
https://github.com/zabbix/zabbix/commit/c0757920b12922eaafca2abe7318446b5c5fefaa
(7.0.10rc1)
NOTE: Fixed by (merge commit):
https://github.com/zabbix/zabbix/commit/f3d13f079d9e8764b407876f50fde2f06088ea0d
(6.0.39rc1)
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70bfb6c0595053d86ef38cbb68cee5090dca2e17
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/70bfb6c0595053d86ef38cbb68cee5090dca2e17
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
