openSUSE Security Update: Security update for zabbix
______________________________________________________________________________
Announcement ID: openSUSE-SU-2024:0384-1
Rating: moderate
References: #1229198 #1229204
Cross-References: CVE-2024-22114 CVE-2024-36461
CVSS scores:
CVE-2024-22114 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2024-36461 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
Affected Products:
openSUSE Backports SLE-15-SP6
______________________________________________________________________________
An update that fixes two vulnerabilities is now available.
Description:
This update for zabbix fixes the following issues:
Zabbix was updated to 6.0.33:
- this version fixes CVE-2024-36461 and CVE-2024-22114
- New Features and Improvements
+ ZBXNEXT-9000 Changed query table for ASM disk group metrics in Oracle
Database plugin and Oracle by ODBC template Agent Templates
+ ZBXNEXT-9217 Added AWS Lambda by HTTP template Templates
+ ZBXNEXT-9293 Updated max supported MySQL version to 9.0 Proxy Server
+ ZBXNEXT-8657 Updated Zabbix health templates with new visualization
Templates
+ ZBXNEXT-9143 Added index on auditlog recordsetid Server
+ ZBXNEXT-9081 Added Small Computer System Interface (SCSI) device type
support to Zabbix agent 2 Smart plugin Agent
+ ZBXNEXT-6445 Added recovery expression for fuzzytime triggers in Linux
and Windows templates, removed fuzzytime triggers from active agent
templates Templates
+ ZBXNEXT-9201 Updated max supported MySQL version to 8.4 Proxy Server
+ ZBXNEXT-9225 Updated max supported TimescaleDB version to 2.15 Server
+ ZBXNEXT-9226 Updated max supported MariaDB version to 11.4 Proxy Server
+ ZBXNEXT-8868 Added discovery and template for Azure VM Scale Sets
Templates
- Bug Fixes
+ BX-24947 Fixed PHP runtime errors while processing frontend
notifications Frontend
+ ZBX-24824 Improved loadable plugin connection broker Agent
+ ZBX-24583 Fixed inability to export/import web scenario with digest
authentication API
+ ZBX-23905 Fixed double scroll in script dialogs Frontend
+ ZBX-18767 Fixed word breaks in flexible text input fields and trigger
expressions Frontend
+ ZBX-24909 Fixed resolving of macro functions in the "Item value"
widget Frontend
+ ZBX-24859 Fixed JavaScript in S3 buckets discovery rule Templates
+ ZBX-24617 Fixed hardcoded region in AWS by HTTP template Templates
+ ZBX-24524 Fixed "New values per second" statistic to include dependent
items in calculation Proxy Server
+ ZBX-24821 Made 'execute_on' value being recorded in audit only for
shell scripts Server
+ ZBX-23312 Fixed discovery edit form being saved incorrectly after
dcheck update Frontend
+ ZBX-24773 Fixed duplicate item preprocessing in Kubernetes Kubelet by
HTTP template Templates
+ ZBX-24514 Fixed standalone Zabbix server and Zabbix proxy not stopping
when database is read-only Proxy Server
+ ZBX-23936 Fixed state and styling of readonly fields Frontend
+ ZBX-24520 Fixed an issue with incorrect translations used in several
frontend places Frontend
+ ZBX-21815 Fixed issue with undefined offset for media type when it was
deleted before saving the user Frontend
+ ZBX-24108 Fixed error in dashboard if Map widget contains map element
that user doesn't have access to Frontend
+ ZBX-24569 Fixed old and added new items to Azure Virtual Machine
template Templates
+ ZBX-24537 Fixed tags subfilter in Latest data kiosk mode Frontend
+ ZBX-24167 Fixed template linkage when item prototype collision is
found Server
+ ZBX-23770 Improved monitoring user permissions documentation for
Zabbix agent 2 Oracle plugin and Oracle by ODBC template Documentation
+ ZBX-24565 Removed redundant kernel header include, fixed musl
compatibility issues (thanks to Alpine Linux maintainers for spotting
this)
+ ZBX-24610 Fixed interface field appearance for discovered items
without interface set Frontend
+ ZBX-24562 Fixed incorrect problem order in Problems by severity
widget's hintbox Frontend
+ ZBX-23751 Fixed inability to pass an action filter condition without
an "operator" property, implying a default value of "Equal" API
+ ZBX-21429 Prevented ability to disable all UI element access via
role.update API API
+ ZBX-19271 Fixed inconsistent tag row rendering in different edit forms
Frontend
+ ZBX-24539 Fixed incorrect threshold in trigger expression of Check
Point Next Generation Firewall by SNMP template Templates
+ ZBX-24667 Fixed vm.memory.size[pused] item on Solaris Agent
+ ZBX-23781 Added storage volumes check in HPE iLO by HTTP template
Templates
+ ZBX-24391 Fixed Zabbix agent to return net.tcp.socket.count result
without error if IPv6 is disabled Agent
+ ZBX-24235 Fixed value misalignment in Item value widget Frontend
+ ZBX-24352 Fixed custom severity name usage in Geomap widget Frontend
+ ZBX-24665 Fixed potential problem with deprecated GCE Integrity
feature Templates
+ ZBX-20993 Fixed Zabbix agent 2 MQTT plugin clientID to be generated by
strict requirements Agent
+ ZBX-23426 Added dependent item with JavaScript preprocessing for edges
SD-WAN in VMWare SD-WAN VeloCloud by HTTP template Templates
+ ZBX-24566 Fixed crash when expression macro is used in unsupported
location Server
+ ZBX-24450 Fixed issue where graph could differ for data gathered from
PostgreSQL and other databases Frontend
+ ZBX-24513 Fixed real-time export of rarely updated trends Server
+ ZBX-24163 Fixed submap addition in Map navigation tree widget to not
append same submaps repeatedly Frontend
+ ZBX-23398 Fixed trigger expression constructor incorrectly showing '<'
and '>' operators Frontend
+ ZBX-23584 Fixed error message being displayed when updating host after
changing item status Frontend
+ ZBX-24635 Fixed datastore triggers in VMware templates Templates
Update to 6.0.31:
- New Features and Improvements
+ ZBXNEXT-9140 Added support for custom compartments in Oracle Cloud by
HTTP templates Templates
+ ZBXNEXT-9034 Added Jira Data Center by JMX template Templates
+ ZBXNEXT-8682 Introduced a length limit of 512KB for item test values
that server returns to Zabbix frontend Frontend Server
+ ZBXNEXT-8248 Added database filter macros to MySQL templates Templates
+ ZBXNEXT-6698 Removed absolute threshold and timeleft from OS template
triggers of filesystem space Templates
+ ZBXNEXT-7930 Added user macro support for username and password fields
in email media type Server
+ ZBXCTR-22 Refactored JavaScript filter functions for Kubernetes
templates Templates
+ ZBXNEXT-9098 Added AWS ELB Network Load Balancer by HTTP template
Templates
+ ZBXNEXT-6864 Replaced {HOST.CONN} with user macros in templates
Templates
+ ZBXNEXT-9117 Updated max supported MariaDB version to 11.3 Proxy Server
+ ZBXNEXT-9026 Added Go compiler version to Zabbix agent 2 version
output Agent
+ ZBXNEXT-8786 Changed 'odbc.discovery' keys to 'odbc.get' in MySQL by
ODBC and Oracle by ODBC templates Templates
+ ZBXNEXT-8536 Added cbdhsvc service to macros in Windows agent
templates Templates
+ ZBXNEXT-8861 Made changes and added more metrics to the FortiGate by
SNMP template Templates
+ ZBXNEXT-8240 Added a new set of templates for integration with Oracle
Cloud Infrastructure Templates
- Bug Fixes
+ ZBX-24483 Improved memory usage in Zabbix server/proxy trappers and in
proxy pollers when sending large configuration Proxy Server
+ ZBX-23073 Fixed URL widget resizing and dragging Frontend
+ ZBX-24574 Fixed HA node flipping between standby and active states
Server
+ ZBX-24119 Fixed possible blocking of alert manager when it
periodically pings database Server
+ ZBX-7998 Added VMware service username, password and URL check for
empty values Proxy Server
+ ZBX-24402 Reduced main process connections to database during startup
Proxy Server
+ ZBX-24369 Fixed filter behavior in monitoring pages after deleting
filter parameters Frontend
+ ZBX-24484 Fixed Geomap widget console error when dragging map in
widget edit mode Frontend
+ ZBX-23337 Improved supported version documentation for Oracle Database
plugin and both templates Documentation
+ ZBX-24180 Fixed inability to import existing host or template when its
dependent item prototype, which is used in trigger prototypes or graph
prototypes, would have a different master item API
+ ZBX-20871 Fixed inability to use LLD macro functions in Prometheus
pattern and labels used in item prototype preprocessing API
+ ZBX-24527 Fixed unnecessary loading text being displayed in hintbox
preloader Frontend
+ ZBX-24362 Fixed wrong Zabbix agent 2 loadable plugin process handling
catching all child process exits Agent
+ ZBX-24470 Fixed scale of VMware vmware.vm.memory.size.compressed key
Proxy Server
+ ZBX-24415 Added triggers for datastores in VMware templates Templates
+ ZBX-18094 Fixed multiple pie graph issues related to calculation of
item angles Frontend
+ ZBX-20766 Fixed confusing port binding error message Agent Proxy Server
+ ZBX-24481 Fixed inability to unset value map from existing item or
item prototype by passing a version without valuemap parameter into
configuration.import API
+ ZBX-24531 Fixed compile time data not being set for agent2 Agent
+ ZBX-24453 Implemented socket file cleanup when shutting down, added
blocking of signals during important stages of startup Proxy Server
+ ZBX-24152 Fixed host form submission with Enter button if the form is
opened in a popup and focus is in a flexible text area field Frontend
+ ZBX-23788 Added SNMP OID ifAlias in Network interfaces discovery
Templates
+ ZBX-24482 Fixed the presence of the http_proxy field in the initial
data Installation
+ ZBX-24210 Improved Zabbix agent 2 loadable plugin capacity code style
Agent
+ ZBX-23951 Fixed issue of incorrect template matching when no UUID
exists in export file API
+ ZBX-23953 Fixed CIDR network mask of VMware HV network interface Proxy
Server
+ ZBX-24195 Fixed host IPMI username and password field max length
Frontend
+ ZBX-24451 Added tags and changed a item in Proxmox template Templates
+ ZBX-23386 Fixed hintbox sizing to fit screen Frontend
+ ZBX-24024 Fixed OIDs for external sensors in APC UPC by SNMP templates
Templates
+ ZBX-21751 Fixed node's loadavg item in Proxmox template Templates
+ ZBX-24315 Fixed linking template to host when some LLD macro paths
already exist Server
+ ZBX-24172 Fixed Zabbix server issue with scheduled intervals on Feb
29th of leap year Server
+ ZBX-23407 Improved performance of retrieving last history values when
primary keys are available API
+ ZBX-24246 Updated descriptions for family of MySQL and Oracle
templates, changed macro in the trigger 'Tablespace utilization is too
high' for family of Oracle templates Templates
+ ZBX-23988 Renamed Agent2 Go module
+ ZBX-24222 Fixed incorrect item OIDs in the FortiGate by SNMP template
Templates
+ ZBX-24393 Updated README in Redis by Zabbix agent 2 template Templates
+ ZBX-24298 Allowed any JNDI service providers back in JMX monitoring
Java gateway
+ ZBX-19990 Separated LLD filter macros in Apache Tomcat by JMX template
Templates
+ ZBX-24364 Added preprocessing steps for LLD rules in RabbitMQ
templates Templates
+ ZBX-24368 Improved PostgreSQL autovacuum's count query Templates
+ ZBX-24282 Fixed Zabbix proxy to report error for not supported items
Proxy Server
+ ZBX-19507 Fixed vmware.eventlog item to recover after event keys are
reset Server
+ ZBX-24241 Fixed Zabbix server issue with random order of host groups
for a host during real-time export Server
+ ZBX-24275 Fixed item prototype JSONPath preprocessing, added missing
volume health metric and triggers in HPE MSA templates Templates
+ ZBX-24316 Fixed username macro in GridGain by JMX template Templates
+ ZBX-23719 Updated plugin-support to add duplicate flag handling Agent
+ ZBX-22429 Fixed typo in Zabbix proxy automake file Installation
+ ZBX-24264 Fixed value cache being filled with values of newly added
items with triggers Server
+ ZBX-24088 Fixed problem filtering in maps with nested maps Frontend
+ ZBX-24206 Fixed line breaks in JavaScript in Cloudflare template
Templates
+ ZBX-24236 Fixed nested transaction error in LLD when connection is
terminated Server
+ ZBX-24134 Added sensor discovery in VMware Hypervisor template
Templates
+ ZBX-23918 Fixed item pattern select popup to display all available
items Frontend
+ ZBX-24190 Fixed items being updated incorrectly when configuring graph
Frontend
+ ZBX-24289 Fixed issue with interface assignment for items copied from
host to host Frontend
+ ZBX-23032 Added triggers for cluster status in VMware templates
Templates
+ ZBX-23948 Added support for TabularData data when parsing an MBean
attribute Java gateway
+ ZBX-23742 Fixed tag filtering logic for tags with one name and
different types of operators API
+ ZBX-24271 Added delay in JavaScript execution for Azure Cost
Management by HTTP template Templates
+ ZBX-24208 Fixed Oracle, MySQL plugin connection cache blocking Agent
+ ZBX-24202 Fixed JavaScript in AWS S3 bucket by HTTP template Templates
+ ZBX-23478 Fixed issue when missing locale error would not be displayed
for user under certain conditions Frontend
+ ZBX-24166 Fixed Zabbix not being able to restart due to RTC and
sockets not being closed before stopping Agent Proxy Server
+ ZBX-23853 Fixed duplicate agent check timestamps when time shifts back
due to system clock synchronization Agent
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP6:
zypper in -t patch openSUSE-2024-384=1
Package List:
- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):
zabbix-agent-6.0.33-bp156.2.3.1
zabbix-proxy-6.0.33-bp156.2.3.1
zabbix-proxy-mysql-6.0.33-bp156.2.3.1
zabbix-proxy-postgresql-6.0.33-bp156.2.3.1
zabbix-proxy-sqlite-6.0.33-bp156.2.3.1
zabbix-server-6.0.33-bp156.2.3.1
zabbix-server-mysql-6.0.33-bp156.2.3.1
zabbix-server-postgresql-6.0.33-bp156.2.3.1
- openSUSE Backports SLE-15-SP6 (noarch):
system-user-zabbix-6.0.33-bp156.2.3.1
zabbix-java-gateway-6.0.33-bp156.2.3.1
zabbix-ui-6.0.33-bp156.2.3.1
References:
https://www.suse.com/security/cve/CVE-2024-22114.html
https://www.suse.com/security/cve/CVE-2024-36461.html
https://bugzilla.suse.com/1229198
https://bugzilla.suse.com/1229204
