| Package | zabbix |
|---|---|
| Version | 2.2.23+dfsg-0+deb8u7 (jessie), 1:3.0.32+dfsg-0+deb9u6 (stretch) |
| Related CVEs | CVE-2023-32721 CVE-2023-32726 |
Several security vulnerabilities have been discovered in zabbix, a network monitoring solution, potentially allowing an attacker to perform a stored XSS, Server-Side Request Forgery (SSRF), exposure of sensitive information, a system crash, or arbitrary code execution.
CVE-2023-32721
A stored XSS has been found in the Zabbix web application in the
Maps element if a URL field is set with spaces before URL.
CVE-2023-32726
Possible buffer overread from reading DNS responses.
For Debian 8 jessie, these problems have been fixed in version 2.2.23+dfsg-0+deb8u7.
For Debian 9 stretch, these problems have been fixed in version 1:3.0.32+dfsg-0+deb9u6.
We recommend that you upgrade your zabbix packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.