Debian Package Tracker
Register | Log in
Subscribe

zabbix

Choose email to subscribe with

general
  • source: zabbix (main)
  • version: 1:5.0.7+dfsg-1
  • maintainer: Dmitry Smirnov (DMD)
  • uploaders: Christoph Haas [DMD]
  • arch: all any
  • std-ver: 4.5.0
  • VCS: Git (Browse, QA)
versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]
[pool directory]
  • o-o-stable: 1:2.2.7+dfsg-2+deb8u3
  • o-o-sec: 1:2.2.23+dfsg-0+deb8u1
  • oldstable: 1:3.0.7+dfsg-3
  • old-sec: 1:3.0.31+dfsg-0+deb9u1
  • old-bpo: 1:4.0.3+dfsg-2~bpo9+1
  • stable: 1:4.0.4+dfsg-1
  • stable-bpo: 1:5.0.7+dfsg-1~bpo10+1
  • testing: 1:5.0.7+dfsg-1
  • unstable: 1:5.0.7+dfsg-1
versioned links
  • 1:2.2.7+dfsg-2+deb8u3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:2.2.23+dfsg-0+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:3.0.7+dfsg-3: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:3.0.31+dfsg-0+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:4.0.3+dfsg-2~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:4.0.4+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:5.0.5+dfsg-1~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:5.0.7+dfsg-1~bpo10+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
  • 1:5.0.7+dfsg-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
binaries
  • zabbix-agent (3 bugs: 0, 1, 2, 0)
  • zabbix-frontend-php (3 bugs: 0, 2, 1, 0)
  • zabbix-java-gateway
  • zabbix-proxy-mysql (1 bugs: 0, 0, 1, 0)
  • zabbix-proxy-pgsql
  • zabbix-proxy-sqlite3
  • zabbix-server-mysql (2 bugs: 0, 0, 2, 0)
  • zabbix-server-pgsql
action needed
5 security issues in stretch high
There are 5 open security issues in stretch.
1 important issue:
  • CVE-2020-27834:
4 issues skipped by the security teams:
  • CVE-2013-7484: Zabbix before 5.0 represents passwords in the users table with unsalted MD5.
  • CVE-2017-2826: An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.
  • CVE-2019-15132: Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.
  • CVE-2019-17382: An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
Please fix them.
Created: 2018-04-13 Last update: 2021-01-12 08:04
4 security issues in sid high
There are 4 open security issues in sid.
4 important issues:
  • CVE-2017-2826: An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.
  • CVE-2019-15132: Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.
  • CVE-2019-17382: An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
  • CVE-2020-27834:
Please fix them.
Created: 2018-04-19 Last update: 2021-01-12 08:04
6 security issues in buster high
There are 6 open security issues in buster.
1 important issue:
  • CVE-2020-27834:
5 issues skipped by the security teams:
  • CVE-2013-7484: Zabbix before 5.0 represents passwords in the users table with unsalted MD5.
  • CVE-2017-2826: An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.
  • CVE-2019-15132: Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.
  • CVE-2019-17382: An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
  • CVE-2020-15803: Zabbix before 3.0.32rc1, 4.x before 4.0.22rc1, 4.1.x through 4.4.x before 4.4.10rc1, and 5.x before 5.0.2rc1 allows stored XSS in the URL Widget.
Please fix them.
Created: 2018-04-19 Last update: 2021-01-12 08:04
4 security issues in bullseye high
There are 4 open security issues in bullseye.
4 important issues:
  • CVE-2017-2826: An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy, resulting in information disclosure. An attacker can make requests from an active Zabbix proxy to trigger this vulnerability.
  • CVE-2019-15132: Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.
  • CVE-2019-17382: An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
  • CVE-2020-27834:
Please fix them.
Created: 2019-07-07 Last update: 2021-01-12 08:04
lintian reports 4 warnings high
Lintian reports 4 warnings about this package. You should make the package lintian clean getting rid of them.
Created: 2020-08-22 Last update: 2020-10-22 04:35
Does not build reproducibly during testing normal
A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!
Created: 2018-09-11 Last update: 2021-01-20 22:39
Depends on packages which need a new maintainer normal
The packages that zabbix depends on which need a new maintainer are:
  • dh-linktree (#980413)
    • Build-Depends: dh-linktree
  • prototypejs (#863697)
    • Build-Depends: libjs-prototype
  • sudo (#976244)
    • Suggests: sudo sudo
Created: 2019-11-22 Last update: 2021-01-20 21:47
Build log checks report 1 warning low
Build log checks report 1 warning
Created: 2020-10-31 Last update: 2020-10-31 22:36
Standards version of the package is outdated. wishlist
The package should be updated to follow the last version of Debian Policy (Standards-Version 4.5.1 instead of 4.5.0).
Created: 2020-11-17 Last update: 2021-01-07 10:10
news
[rss feed]
  • [2021-01-12] Accepted zabbix 1:5.0.7+dfsg-1~bpo10+1 (source) into buster-backports (Dmitry Smirnov)
  • [2021-01-12] zabbix 1:5.0.7+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2021-01-07] Accepted zabbix 1:5.0.7+dfsg-1 (source) into unstable (Dmitry Smirnov)
  • [2020-11-23] Accepted zabbix 1:5.0.5+dfsg-1~bpo10+1 (source) into buster-backports (Dmitry Smirnov)
  • [2020-11-21] Accepted zabbix 1:3.0.31+dfsg-0+deb9u1 (source) into oldstable (Sylvain Beucler)
  • [2020-11-05] zabbix 1:5.0.5+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-10-31] Accepted zabbix 1:5.0.5+dfsg-1 (source) into unstable (Dmitry Smirnov)
  • [2020-10-06] Accepted zabbix 1:5.0.4+dfsg-1~bpo10+1 (source) into buster-backports (Dmitry Smirnov)
  • [2020-10-06] zabbix 1:5.0.4+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-10-01] Accepted zabbix 1:5.0.4+dfsg-1 (source) into unstable (Dmitry Smirnov)
  • [2020-08-07] Accepted zabbix 1:5.0.2+dfsg-1~bpo10+1 (source) into buster-backports (Dmitry Smirnov)
  • [2020-08-03] Accepted zabbix 1:3.0.7+dfsg-3+deb9u1 (source amd64 all) into oldstable (Chris Lamb)
  • [2020-07-29] zabbix 1:5.0.2+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-07-24] Accepted zabbix 1:5.0.2+dfsg-1 (source) into unstable (Dmitry Smirnov)
  • [2020-06-02] Accepted zabbix 1:5.0.1+dfsg-1~bpo10+1 (source) into buster-backports (Dmitry Smirnov)
  • [2020-06-01] zabbix 1:5.0.1+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-05-26] Accepted zabbix 1:5.0.1+dfsg-1 (source) into unstable (Dmitry Smirnov)
  • [2020-05-19] zabbix 1:5.0.0+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-05-19] Accepted zabbix 1:5.0.0+dfsg-1~bpo10+1 (source) into buster-backports (Dmitry Smirnov)
  • [2020-05-14] Accepted zabbix 1:5.0.0+dfsg-1 (source) into unstable (Dmitry Smirnov)
  • [2020-04-11] zabbix 1:4.0.19+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-04-06] Accepted zabbix 1:4.0.19+dfsg-1 (source) into unstable (Dmitry Smirnov)
  • [2020-03-04] zabbix 1:4.0.18+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-03-04] Accepted zabbix 1:4.0.18+dfsg-1~bpo10+1 (source) into buster-backports (Dmitry Smirnov)
  • [2020-02-28] Accepted zabbix 1:4.0.18+dfsg-1 (source) into unstable (Dmitry Smirnov)
  • [2020-02-09] zabbix 1:4.0.17+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2020-02-04] Accepted zabbix 1:4.0.17+dfsg-1 (source) into unstable (Dmitry Smirnov)
  • [2019-12-29] Accepted zabbix 1:4.0.16+dfsg-1~bpo10+1 (source) into buster-backports (Dmitry Smirnov)
  • [2019-12-29] zabbix 1:4.0.16+dfsg-1 MIGRATED to testing (Debian testing watch)
  • [2019-12-24] Accepted zabbix 1:4.0.16+dfsg-1 (source) into unstable (Dmitry Smirnov)
  • 1
  • 2
bugs [bug history graph]
  • all: 12
  • RC: 0
  • I&N: 4
  • M&W: 8
  • F&P: 0
  • patch: 0
links
  • homepage
  • lintian (0, 4)
  • buildd: logs, checks, clang, reproducibility, cross
  • popcon
  • browse source code
  • edit tags
  • other distros
  • security tracker
  • l10n (-, 60)
ubuntu Ubuntu logo [Information about Ubuntu for Debian Developers]
  • version: 1:5.0.5+dfsg-1
  • 70 bugs (1 patch)

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers
Report problems to the tracker.debian.org pseudo-package in the Debian BTS.
Documentation — Bugs — Git Repository — Contributing