openSUSE Local Security Checks : openSUSE Security Advisory (openSUSE-SU-2024:0384-1)

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.1.18.1.2024.0384.1

Category: openSUSE Local Security Checks

Title: openSUSE Security Advisory (openSUSE-SU-2024:0384-1)

Summary: The remote host is missing an update for the 'zabbix' package(s) announced via the openSUSE-SU-2024:0384-1 advisory.

Description: Summary:
The remote host is missing an update for the 'zabbix' package(s) announced via the openSUSE-SU-2024:0384-1 advisory.

Vulnerability Insight:
This update for zabbix fixes the following issues:

Zabbix was updated to 6.0.33:

- this version fixes CVE-2024-36461 and CVE-2024-22114
- New Features and Improvements

+ ZBXNEXT-9000 Changed query table for ASM disk group metrics in Oracle Database plugin and
Oracle by ODBC template Agent Templates
+ ZBXNEXT-9217 Added AWS Lambda by HTTP template Templates
+ ZBXNEXT-9293 Updated max supported MySQL version to 9.0 Proxy Server
+ ZBXNEXT-8657 Updated Zabbix health templates with new visualization Templates
+ ZBXNEXT-9143 Added index on auditlog recordsetid Server
+ ZBXNEXT-9081 Added Small Computer System Interface (SCSI) device type support to Zabbix agent 2 Smart plugin Agent
+ ZBXNEXT-6445 Added recovery expression for fuzzytime triggers in Linux and Windows templates,
removed fuzzytime triggers from active agent templates Templates
+ ZBXNEXT-9201 Updated max supported MySQL version to 8.4 Proxy Server
+ ZBXNEXT-9225 Updated max supported TimescaleDB version to 2.15 Server
+ ZBXNEXT-9226 Updated max supported MariaDB version to 11.4 Proxy Server
+ ZBXNEXT-8868 Added discovery and template for Azure VM Scale Sets Templates

- Bug Fixes

+ BX-24947 Fixed PHP runtime errors while processing frontend notifications Frontend
+ ZBX-24824 Improved loadable plugin connection broker Agent
+ ZBX-24583 Fixed inability to export/import web scenario with digest authentication API
+ ZBX-23905 Fixed double scroll in script dialogs Frontend
+ ZBX-18767 Fixed word breaks in flexible text input fields and trigger expressions Frontend
+ ZBX-24909 Fixed resolving of macro functions in the 'Item value' widget Frontend
+ ZBX-24859 Fixed JavaScript in S3 buckets discovery rule Templates
+ ZBX-24617 Fixed hardcoded region in AWS by HTTP template Templates
+ ZBX-24524 Fixed 'New values per second' statistic to include dependent items in calculation Proxy Server
+ ZBX-24821 Made 'execute_on' value being recorded in audit only for shell scripts Server
+ ZBX-23312 Fixed discovery edit form being saved incorrectly after dcheck update Frontend
+ ZBX-24773 Fixed duplicate item preprocessing in Kubernetes Kubelet by HTTP template Templates
+ ZBX-24514 Fixed standalone Zabbix server and Zabbix proxy not stopping when database is read-only Proxy Server
+ ZBX-23936 Fixed state and styling of readonly fields Frontend
+ ZBX-24520 Fixed an issue with incorrect translations used in several frontend places Frontend
+ ZBX-21815 Fixed issue with undefined offset for media type when it was deleted before saving the user Frontend
+ ZBX-24108 Fixed error in dashboard if Map widget contains map element that user doesn't have access to Frontend
+ ZBX-24569 Fixed old and added new items to Azure Virtual Machine template Templates
+ ZBX-24537 Fixed tags subfilter in Latest data kiosk mode Frontend
+ ZBX-24167 Fixed template linkage when item prototype collision is found Server
+ ... [Please see the references for more information on the vulnerabilities]

Affected Software/OS:
'zabbix' package(s) on openSUSE Leap 15.6.

Solution:
Please install the updated package(s).

CVSS Score:
9.0

CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2024-22114
Common Vulnerability Exposure (CVE) ID: CVE-2024-36461

Copyright Copyright (C) 2025 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.1.18.1.2024.0384.1
Category:	openSUSE Local Security Checks
Title:	openSUSE Security Advisory (openSUSE-SU-2024:0384-1)
Summary:	The remote host is missing an update for the 'zabbix' package(s) announced via the openSUSE-SU-2024:0384-1 advisory.
Description:	Summary: The remote host is missing an update for the 'zabbix' package(s) announced via the openSUSE-SU-2024:0384-1 advisory. Vulnerability Insight: This update for zabbix fixes the following issues: Zabbix was updated to 6.0.33: - this version fixes CVE-2024-36461 and CVE-2024-22114 - New Features and Improvements + ZBXNEXT-9000 Changed query table for ASM disk group metrics in Oracle Database plugin and Oracle by ODBC template Agent Templates + ZBXNEXT-9217 Added AWS Lambda by HTTP template Templates + ZBXNEXT-9293 Updated max supported MySQL version to 9.0 Proxy Server + ZBXNEXT-8657 Updated Zabbix health templates with new visualization Templates + ZBXNEXT-9143 Added index on auditlog recordsetid Server + ZBXNEXT-9081 Added Small Computer System Interface (SCSI) device type support to Zabbix agent 2 Smart plugin Agent + ZBXNEXT-6445 Added recovery expression for fuzzytime triggers in Linux and Windows templates, removed fuzzytime triggers from active agent templates Templates + ZBXNEXT-9201 Updated max supported MySQL version to 8.4 Proxy Server + ZBXNEXT-9225 Updated max supported TimescaleDB version to 2.15 Server + ZBXNEXT-9226 Updated max supported MariaDB version to 11.4 Proxy Server + ZBXNEXT-8868 Added discovery and template for Azure VM Scale Sets Templates - Bug Fixes + BX-24947 Fixed PHP runtime errors while processing frontend notifications Frontend + ZBX-24824 Improved loadable plugin connection broker Agent + ZBX-24583 Fixed inability to export/import web scenario with digest authentication API + ZBX-23905 Fixed double scroll in script dialogs Frontend + ZBX-18767 Fixed word breaks in flexible text input fields and trigger expressions Frontend + ZBX-24909 Fixed resolving of macro functions in the 'Item value' widget Frontend + ZBX-24859 Fixed JavaScript in S3 buckets discovery rule Templates + ZBX-24617 Fixed hardcoded region in AWS by HTTP template Templates + ZBX-24524 Fixed 'New values per second' statistic to include dependent items in calculation Proxy Server + ZBX-24821 Made 'execute_on' value being recorded in audit only for shell scripts Server + ZBX-23312 Fixed discovery edit form being saved incorrectly after dcheck update Frontend + ZBX-24773 Fixed duplicate item preprocessing in Kubernetes Kubelet by HTTP template Templates + ZBX-24514 Fixed standalone Zabbix server and Zabbix proxy not stopping when database is read-only Proxy Server + ZBX-23936 Fixed state and styling of readonly fields Frontend + ZBX-24520 Fixed an issue with incorrect translations used in several frontend places Frontend + ZBX-21815 Fixed issue with undefined offset for media type when it was deleted before saving the user Frontend + ZBX-24108 Fixed error in dashboard if Map widget contains map element that user doesn't have access to Frontend + ZBX-24569 Fixed old and added new items to Azure Virtual Machine template Templates + ZBX-24537 Fixed tags subfilter in Latest data kiosk mode Frontend + ZBX-24167 Fixed template linkage when item prototype collision is found Server + ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'zabbix' package(s) on openSUSE Leap 15.6. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2024-22114 Common Vulnerability Exposure (CVE) ID: CVE-2024-36461
Copyright	Copyright (C) 2025 Greenbone AG