Packages
- zabbix - Open-source monitoring software tool for diverse IT components
Details
Fu Chuang discovered that Zabbix did not properly parse IPs. A remote
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
(CVE-2020-11800)
It was discovered that Zabbix incorrectly handled certain requests. A
remote attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2017-2824, CVE-2017-2825)
It was discovered that Zabbix incorrectly handled certain XML files. A
remote attacker could possibly use this issue to read arbitrary files or
potentially execute arbitrary code. This issue only affected
Ubuntu 14.04 ESM. (CVE-2014-3005)
It was discovered that Zabbix incorrectly handled certain inputs. A...
Fu Chuang discovered that Zabbix did not properly parse IPs. A remote
attacker could possibly use this issue to execute arbitrary code. This
issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 ESM.
(CVE-2020-11800)
It was discovered that Zabbix incorrectly handled certain requests. A
remote attacker could possibly use this issue to execute arbitrary code.
This issue only affected Ubuntu 14.04 ESM and Ubuntu 16.04 ESM.
(CVE-2017-2824, CVE-2017-2825)
It was discovered that Zabbix incorrectly handled certain XML files. A
remote attacker could possibly use this issue to read arbitrary files or
potentially execute arbitrary code. This issue only affected
Ubuntu 14.04 ESM. (CVE-2014-3005)
It was discovered that Zabbix incorrectly handled certain inputs. A remote
attacker could possibly use this issue to execute arbitrary SQL commands.
This issue only affected Ubuntu 14.04 ESM. (CVE-2016-10134, CVE-2016-4338)
It was discovered that Zabbix incorrectly handled the request parameter. A
remote attacker could possibly use this issue to redirect requests to
external links. This issue only affected Ubuntu 14.04 ESM and
Ubuntu 18.04 ESM. (CVE-2016-10742)
It was discovered that Zabbix incorrectly handled failed login attempts. A
remote attacker could possibly use this issue to enumerate users.
(CVE-2019-15132)
It was discovered that Zabbix did not properly validate input. A remote
attacker could exploit this to conduct cross-site scripting (XSS) attacks.
This issue only affected Ubuntu 16.04 ESM, Ubuntu 18.04 ESM and
Ubuntu 20.04 ESM. (CVE-2020-15803)
Update instructions
In general, a standard system update will make all the necessary changes.
Learn more about how to get the fixes.The problem can be corrected by updating your system to the following package versions:
| Ubuntu Release | Package Version | ||
|---|---|---|---|
| 20.04 focal | zabbix-java-gateway – 1:4.0.17+dfsg-1ubuntu0.1~esm1 | ||
| zabbix-frontend-php – 1:4.0.17+dfsg-1ubuntu0.1~esm1 | |||
| zabbix-proxy-mysql – 1:4.0.17+dfsg-1ubuntu0.1~esm1 | |||
| zabbix-server-pgsql – 1:4.0.17+dfsg-1ubuntu0.1~esm1 | |||
| zabbix-server-mysql – 1:4.0.17+dfsg-1ubuntu0.1~esm1 | |||
| zabbix-proxy-pgsql – 1:4.0.17+dfsg-1ubuntu0.1~esm1 | |||
| zabbix-proxy-sqlite3 – 1:4.0.17+dfsg-1ubuntu0.1~esm1 | |||
| zabbix-agent – 1:4.0.17+dfsg-1ubuntu0.1~esm1 | |||
| 18.04 bionic | zabbix-java-gateway – 1:3.0.12+dfsg-1ubuntu0.1~esm3 | ||
| zabbix-frontend-php – 1:3.0.12+dfsg-1ubuntu0.1~esm3 | |||
| zabbix-proxy-mysql – 1:3.0.12+dfsg-1ubuntu0.1~esm3 | |||
| zabbix-server-pgsql – 1:3.0.12+dfsg-1ubuntu0.1~esm3 | |||
| zabbix-server-mysql – 1:3.0.12+dfsg-1ubuntu0.1~esm3 | |||
| zabbix-proxy-pgsql – 1:3.0.12+dfsg-1ubuntu0.1~esm3 | |||
| zabbix-proxy-sqlite3 – 1:3.0.12+dfsg-1ubuntu0.1~esm3 | |||
| zabbix-agent – 1:3.0.12+dfsg-1ubuntu0.1~esm3 | |||
| 16.04 xenial | zabbix-java-gateway – 1:2.4.7+dfsg-2ubuntu2.1+esm3 | ||
| zabbix-frontend-php – 1:2.4.7+dfsg-2ubuntu2.1+esm3 | |||
| zabbix-proxy-mysql – 1:2.4.7+dfsg-2ubuntu2.1+esm3 | |||
| zabbix-server-pgsql – 1:2.4.7+dfsg-2ubuntu2.1+esm3 | |||
| zabbix-server-mysql – 1:2.4.7+dfsg-2ubuntu2.1+esm3 | |||
| zabbix-proxy-pgsql – 1:2.4.7+dfsg-2ubuntu2.1+esm3 | |||
| zabbix-proxy-sqlite3 – 1:2.4.7+dfsg-2ubuntu2.1+esm3 | |||
| zabbix-agent – 1:2.4.7+dfsg-2ubuntu2.1+esm3 | |||
| 14.04 trusty | zabbix-java-gateway – 1:2.2.2+dfsg-1ubuntu1+esm4 | ||
| zabbix-frontend-php – 1:2.2.2+dfsg-1ubuntu1+esm4 | |||
| zabbix-proxy-mysql – 1:2.2.2+dfsg-1ubuntu1+esm4 | |||
| zabbix-server-pgsql – 1:2.2.2+dfsg-1ubuntu1+esm4 | |||
| zabbix-server-mysql – 1:2.2.2+dfsg-1ubuntu1+esm4 | |||
| zabbix-proxy-pgsql – 1:2.2.2+dfsg-1ubuntu1+esm4 | |||
| zabbix-proxy-sqlite3 – 1:2.2.2+dfsg-1ubuntu1+esm4 | |||
| zabbix-agent – 1:2.2.2+dfsg-1ubuntu1+esm4 | |||
Reduce your security exposure
Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.