Debian GNU/Linux 8 (Jessie) and 9 (Stretch) Extended LTS:
ELA-1273-1 zabbix security update
Debian GNU/Linux 11 (Bullseye) LTS:
[DLA 3994-1] gstreamer1.0 security update
ELA-1273-1 zabbix security update
Package : zabbix
Version : 1:2.2.23+dfsg-0+deb8u9 (jessie), 1:3.0.32+dfsg-0+deb9u8 (stretch)
Related CVEs :
CVE-2024-22117
CVE-2024-36464
CVE-2024-42332
CVE-2024-42333
Several security vulnerabilities have been discovered in zabbix, a network
monitoring solution, potentially among other effects allowing denial of
service, information disclosure, log tampering or buffer over-read.
CVE-2024-22117
When a URL is added to the map element, it is recorded in the database
with sequential IDs. Upon adding a new URL, the system retrieves the
last sysmapelementurlid value and increments it by one. However, an
issue arises when a user manually changes the sysmapelementurlid value
by adding sysmapelementurlid + 1. This action prevents others from
adding URLs to the map element.
CVE-2024-36464
When exporting media types, the password is exported in the YAML in
plain text. This appears to be a best practices type issue and may
have no actual impact. The user would need to have permissions to
access the media types and therefore would be expected to have
access to these passwords.
CVE-2024-42332
The researcher is showing that due to the way the SNMP trap log is
parsed, an attacker can craft an SNMP trap with additional lines of
information and have forged data show in the Zabbix UI. This attack
requires SNMP auth to be off and/or the attacker to know the
community/auth details. The attack requires an SNMP item to be
configured as text on the target host.
CVE-2024-42333
The researcher is showing that it is possible to leak a small amount
of Zabbix Server memory using an out of bounds read in
src/libs/zbxmedia/email.c
[SECURITY] [DLA 3994-1] gstreamer1.0 security update
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3994-1 debian-lts@lists.debian.org
https://www.debian.org/lts/security/ Bastien Roucariès
December 15, 2024 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : gstreamer1.0
Version : 1.18.4-2.1+deb11u1
CVE ID : CVE-2024-47606
An integer overflow was found in GStreamer a multimedia framework.
For Debian 11 bullseye, this problem has been fixed in version
1.18.4-2.1+deb11u1.
We recommend that you upgrade your gstreamer1.0 packages.
For the detailed security status of gstreamer1.0 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gstreamer1.0
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
