linux/meta-openembedded.git/meta-oe/recipes-connectivity/zabbix, branch kirkstone

zabbix: patch CVE-2025-49643

2025-12-25T09:17:02+00:00

The actual patch was identified by checking the file that was modified in the tag 6.0.42, and also by looking at the Jira item referenced by it: the patch references DEV-4466, the same ID that is referenced in the Jira ticket[1] referenced by the NVD report (look in the "All Activity" tab). [1]: https://support.zabbix.com/browse/ZBX-27284 Signed-off-by: Gyorgy Sarvari

zabbix: update SRC_URI

2025-11-17T08:08:19+00:00

The downloaded artifact was moved to a new folder. Signed-off-by: Gyorgy Sarvari

zabbix: fix CVE-2023-32726 and CVE-2023-32727

2024-02-07T23:41:41+00:00

CVE-2023-32726: The vulnerability is caused by improper check for check if RDLENGTH does not overflow the buffer in response from DNS server. CVE-2023-32727: An attacker who has the privilege to configure Zabbix items can use function icmpping() with additional malicious command inside it to execute arbitrary code on the current Zabbix server. Refernces: https://nvd.nist.gov/vuln/detail/CVE-2023-32726 https://security-tracker.debian.org/tracker/CVE-2023-32726 https://nvd.nist.gov/vuln/detail/CVE-2023-32727 https://security-tracker.debian.org/tracker/CVE-2023-32727 Signed-off-by: Yogita Urade Signed-off-by: Armin Kuster

zabbix: fix CVE-2023-29450

2023-08-03T20:50:52+00:00

JavaScript pre-processing can be used by the attacker to gain access to the file system (read-only access on behalf of user "zabbix") on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data. Reference: https://support.zabbix.com/browse/ZBX-22588 Signed-off-by: Yogita Urade Signed-off-by: Armin Kuster

zabbix: fix CVE-2023-29449

2023-08-03T20:50:52+00:00

JavaScript preprocessing, webhooks and global scripts can cause uncontrolled CPU, memory, and disk I/O utilization. Preprocessing/webhook/global script configuration and testing are only available to Administrative roles (Admin and Superadmin). Administrative privileges should be typically granted to users who need to perform tasks that require more control over the system. The security risk is limited because not all users have this level of access. References: https://support.zabbix.com/browse/ZBX-22589 Signed-off-by: Yogita Urade Signed-off-by: Armin Kuster

zabbix: fix CVE-2023-29451

2023-04-28T11:21:36+00:00

Refer: https://support.zabbix.com/browse/ZBX-22587 Signed-off-by: Changqing Li Signed-off-by: Armin Kuster

zabbix: fix CVE-2022-43515,CVE-2022-46768

2023-01-12T16:05:55+00:00

Signed-off-by: Changqing Li Signed-off-by: Armin Kuster

zabbix: upgrade 5.2.6 -> 5.4.12

2022-07-18T13:43:50+00:00

This upgrade CVE fix: CVE-2022-24349 CVE-2022-24917 CVE-2022-24918 CVE-2022-24919 Signed-off-by: Changqing Li

recipes: Update LICENSE variable to use SPDX license identifiers

2022-03-05T01:41:45+00:00

Signed-off-by: Khem Raj

Convert to new override syntax

2021-08-03T17:21:25+00:00

This is the result of automated script (0.9.1) conversion: oe-core/scripts/contrib/convert-overrides.py . converting the metadata to use ":" as the override character instead of "_". Signed-off-by: Martin Jansa