{"affected":[{"ecosystem_specific":{"binaries":[{"zabbix-agent":"4.0.47-bp155.3.3.1","zabbix-java-gateway":"4.0.47-bp155.3.3.1","zabbix-phpfrontend":"4.0.47-bp155.3.3.1","zabbix-proxy":"4.0.47-bp155.3.3.1","zabbix-proxy-mysql":"4.0.47-bp155.3.3.1","zabbix-proxy-postgresql":"4.0.47-bp155.3.3.1","zabbix-proxy-sqlite":"4.0.47-bp155.3.3.1","zabbix-server":"4.0.47-bp155.3.3.1","zabbix-server-mysql":"4.0.47-bp155.3.3.1","zabbix-server-postgresql":"4.0.47-bp155.3.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP4","name":"zabbix","purl":"pkg:rpm/suse/zabbix&distro=SUSE%20Package%20Hub%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.47-bp155.3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"zabbix-agent":"4.0.47-bp155.3.3.1","zabbix-java-gateway":"4.0.47-bp155.3.3.1","zabbix-phpfrontend":"4.0.47-bp155.3.3.1","zabbix-proxy":"4.0.47-bp155.3.3.1","zabbix-proxy-mysql":"4.0.47-bp155.3.3.1","zabbix-proxy-postgresql":"4.0.47-bp155.3.3.1","zabbix-proxy-sqlite":"4.0.47-bp155.3.3.1","zabbix-server":"4.0.47-bp155.3.3.1","zabbix-server-mysql":"4.0.47-bp155.3.3.1","zabbix-server-postgresql":"4.0.47-bp155.3.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP5","name":"zabbix","purl":"pkg:rpm/suse/zabbix&distro=SUSE%20Package%20Hub%2015%20SP5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.47-bp155.3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"zabbix-agent":"4.0.47-bp155.3.3.1","zabbix-java-gateway":"4.0.47-bp155.3.3.1","zabbix-phpfrontend":"4.0.47-bp155.3.3.1","zabbix-proxy":"4.0.47-bp155.3.3.1","zabbix-proxy-mysql":"4.0.47-bp155.3.3.1","zabbix-proxy-postgresql":"4.0.47-bp155.3.3.1","zabbix-proxy-sqlite":"4.0.47-bp155.3.3.1","zabbix-server":"4.0.47-bp155.3.3.1","zabbix-server-mysql":"4.0.47-bp155.3.3.1","zabbix-server-postgresql":"4.0.47-bp155.3.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"zabbix","purl":"pkg:rpm/opensuse/zabbix&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.47-bp155.3.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"zabbix-agent":"4.0.47-bp155.3.3.1","zabbix-java-gateway":"4.0.47-bp155.3.3.1","zabbix-phpfrontend":"4.0.47-bp155.3.3.1","zabbix-proxy":"4.0.47-bp155.3.3.1","zabbix-proxy-mysql":"4.0.47-bp155.3.3.1","zabbix-proxy-postgresql":"4.0.47-bp155.3.3.1","zabbix-proxy-sqlite":"4.0.47-bp155.3.3.1","zabbix-server":"4.0.47-bp155.3.3.1","zabbix-server-mysql":"4.0.47-bp155.3.3.1","zabbix-server-postgresql":"4.0.47-bp155.3.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.5","name":"zabbix","purl":"pkg:rpm/opensuse/zabbix&distro=openSUSE%20Leap%2015.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.47-bp155.3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for zabbix fixes the following issues:\n\nUpdated to latest release 4.0.47, this version fixes CVE-2023-29454 (boo#1213338):\n\n- New Features and Improvements\n  + ZBXNEXT-7694 Added 'utf8mb3' character set support for MySQL database\n  + ZBX-20946 Enabled Bulgarian, Chinese (zh_TW), German, Greek, Indonesian,\n    Romanian, Spanish and Vietnamese languages in frontend\n- Bug Fixes\n  + ZBX-22987 Fixed inefficient URL schema validation\n  + ZBX-22688 Fixed AlertScriptPath not allowing links\n  + ZBX-22386 Fixed encoding of HTML entities in the user interface\n  + ZBX-22858 Fixed xss vulnerability in graph item properties\n  + ZBX-22859 Fixed validation of input parameters in action configuration form\n  + ZBX-22622 Fixed alert script path validation\n  + ZBX-22520 Fixed versions of integrations\n  + ZBX-22026 Fixed SNMP agent item going to unsupported state on NULL result\n  + ZBX-22050 Fixed spoofing X-Forwarded-For request header allowing to access\n    Zabbix frontend in maintenance mode\n  + ZBX-21416 Fixed check now not working on calculated items,\n    aggregate checks and some internal items\n  + ZBX-21449 Fixed accessibility attributes\n  + ZBX-21306 Fixed xss in discovery rules\n  + ZBX-21305 Fixed xss in graph\n  + ZBX-20600 Fixed vmware hv.datastore.latency item when multiple\n    datastores with duplicate name\n  + ZBX-20844 Fixed external check becoming unsupported when Zabbix\n    server or Zabbix proxy is stopped\n  + ZBX-19789 Added SourceIP support to ldap simple checks\n  + ZBX-20680 Fixed reflected XSS issues\n  + ZBX-20387 Fixed default language of the setup routine for logged in superadmin users\n  + ZBX-19652 Fixed JavaScript syntax for Internet Explorer 11 compatibility \n","id":"openSUSE-SU-2023:0191-1","modified":"2023-07-24T22:01:47Z","published":"2023-07-24T22:01:47Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KRA5YTSUD2DHLEZ2TCYBAPAMLWIIAZ3X/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1213338"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-29454"}],"related":["CVE-2023-29454"],"summary":"Security update for zabbix","upstream":["CVE-2023-29454"]}