From: Changqing Li <[email protected]> Signed-off-by: Changqing Li <[email protected]> --- .../zabbix/zabbix/CVE-2022-43515.patch | 37 +++++++++++++ .../zabbix/zabbix/CVE-2022-46768.patch | 53 +++++++++++++++++++ .../zabbix/zabbix_5.4.12.bb | 2 + 3 files changed, 92 insertions(+) create mode 100644 meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch create mode 100644 meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch
diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch new file mode 100644 index 0000000000..6028520923 --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-43515.patch @@ -0,0 +1,37 @@ +From 6b5dfdb31aa503bb0358784c632ff3a04e7a8ff4 Mon Sep 17 00:00:00 2001 +From: Changqing Li <[email protected]> +Date: Wed, 4 Jan 2023 13:51:03 +0800 +Subject: [PATCH] [DEV-2301] fixed spoofing X-Forwarded-For request header + allows to access Frontend in maintenace mode + +Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/50668e9d64af32cdc67a45082c556699ff86565e] +CVE: CVE-2022-43515 + +Signed-off-by: Changqing Li <[email protected]> +--- + ui/include/classes/user/CWebUser.php | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/ui/include/classes/user/CWebUser.php b/ui/include/classes/user/CWebUser.php +index e6e651e..bfacce7 100644 +--- a/ui/include/classes/user/CWebUser.php ++++ b/ui/include/classes/user/CWebUser.php +@@ -231,13 +231,11 @@ class CWebUser { + } + + /** +- * Get user ip address. ++ * Get user IP address. + * + * @return string + */ + public static function getIp(): string { +- return (array_key_exists('HTTP_X_FORWARDED_FOR', $_SERVER) && $_SERVER['HTTP_X_FORWARDED_FOR'] !== '') +- ? $_SERVER['HTTP_X_FORWARDED_FOR'] +- : $_SERVER['REMOTE_ADDR']; ++ return $_SERVER['REMOTE_ADDR']; + } + } +-- +2.25.1 + diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch new file mode 100644 index 0000000000..debd0aaa8e --- /dev/null +++ b/meta-oe/recipes-connectivity/zabbix/zabbix/CVE-2022-46768.patch @@ -0,0 +1,53 @@ +From 7373f92c80eb89941428468cd6b9d5c8879a7f93 Mon Sep 17 00:00:00 2001 +From: Changqing Li <[email protected]> +Date: Wed, 4 Jan 2023 14:23:34 +0800 +Subject: [PATCH] [DEV-2283] added validation of the scheduled report + generation URL to zabbix-web-service + +Upstream-Status: Backport [https://git.zabbix.com/projects/ZBX/repos/zabbix/commits/fdb03971867] +CVE: CVE-2022-46768 + +Signed-off-by: Changqing Li <[email protected]> +--- + .../zabbix_web_service/pdf_report_creator.go | 18 ++++++++++++++++++ + 1 file changed, 18 insertions(+) + +diff --git a/src/go/cmd/zabbix_web_service/pdf_report_creator.go b/src/go/cmd/zabbix_web_service/pdf_report_creator.go +index 391b58b..8452a3d 100644 +--- a/src/go/cmd/zabbix_web_service/pdf_report_creator.go ++++ b/src/go/cmd/zabbix_web_service/pdf_report_creator.go +@@ -29,6 +29,7 @@ import ( + "net/http" + "net/url" + "strconv" ++ "strings" + "time" + + "github.com/chromedp/cdproto/emulation" +@@ -123,6 +124,23 @@ func (h *handler) report(w http.ResponseWriter, r *http.Request) { + return + } + ++ if u.Scheme != "http" && u.Scheme != "https" { ++ logAndWriteError(w, fmt.Sprintf("Unexpected URL scheme: \"%s\"", u.Scheme), http.StatusBadRequest) ++ return ++ } ++ ++ if !strings.HasSuffix(u.Path, "/zabbix.php") { ++ logAndWriteError(w, fmt.Sprintf("Unexpected URL path: \"%s\"", u.Path), http.StatusBadRequest) ++ return ++ } ++ ++ queryParams := u.Query() ++ ++ if queryParams.Get("action") != "dashboard.print" { ++ logAndWriteError(w, fmt.Sprintf("Unexpected URL action: \"%s\"", queryParams.Get("action")), http.StatusBadRequest) ++ return ++ } ++ + log.Tracef( + "making chrome headless request with parameters url: %s, width: %s, height: %s for report request from %s", + u.String(), req.Parameters["width"], req.Parameters["height"], r.RemoteAddr) +-- +2.25.1 + diff --git a/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb b/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb index f5d89d6c3d..d72d3b1122 100644 --- a/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb +++ b/meta-oe/recipes-connectivity/zabbix/zabbix_5.4.12.bb @@ -26,6 +26,8 @@ PACKAGE_ARCH = "${MACHINE_ARCH}" SRC_URI = "https://cdn.zabbix.com/zabbix/sources/stable/5.4/${BPN}-${PV}.tar.gz \ file://0001-Fix-configure.ac.patch \ file://zabbix-agent.service \ + file://CVE-2022-43515.patch \ + file://CVE-2022-46768.patch \ " SRC_URI[md5sum] = "f295fd2df86143d72f6ff26e47d9e39e" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#100406): https://lists.openembedded.org/g/openembedded-devel/message/100406 Mute This Topic: https://lists.openembedded.org/mt/96063942/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
