Zabbix 3.0.17 und 3.4.9 Security und Bugfix Release

Das Open-Source Enterprise Monitoring Tool, Zabbix, wurde vor ein paar Tagen in beiden Zweigen 3.0 und 3.4 aktualisiert. Die Updates beheben einige Fehler und schließen Sicherheitslücken.

Zabbix 3.4.9 Release Notes

• ZBX-14313 fixed trigger level correlation when multiple tags are set
• ZBX-13781 fixed possible crash in the function “web.page.get” of Zabbix Agentd
• ZBX-14337 fixed persistent xss in map navigation tree widget
• ZBX-14336 fixed persistent xss vulnerability in services
• ZBX-12821 fixed multiple javascript memory leaks
• ZBX-13755 fixed proxy lastaccess update on 32-bit Zabbix server
• ZBX-12425 fixed selection of web items in the “Plain text” screen element
• ZBX-13781 fixed CRLF injection in Zabbix Agentd
• ZBX-13766 fixed comparison of two large float numbers in expressions
• ZBX-13481 fixed incorrect parsing of BITS data type in SNMP response
• ZBX-13744 fixed potential shared memory leak when item is removed
• ZBX-13742 fixed parsing of the operator “not” in trigger expression
• ZBX-13535 fixed trigger recovery expression for ‘High error rate’ trigger
• ZBX-13278 fixed trigger expression for ‘Link down’ trigger
• ZBX-12805 increased command line limit for proc.num checks on hp-ux systems
• ZBX-13728 fixed problem duration on trigger page being calculated incorrectly
• ZBX-13660 fixed data types passed to is_ushort() for converting PID, port and process number
• ZBX-12935,ZBX-13539 fixed displaying of floating point values under the “Latest data” page
• ZBX-13579 fixed unnecessary data getting when agent becomes available in the non-collection data period
• ZBX-13685 fixed maintenance entries displayed in list when filter is applied
• ZBX-12756 improved configure script to check iconv library
• ZBX-13667 added notification in zabbix server log about ‘error’ in elasticsearch json response
• ZBX-13683 fixed multiselect items not being sorted by name
• ZBX-13299 fixed autoregistration, discovery and internal notifications not being sent due to uninitialized severity
• ZBX-13607 changed ping script to return success also for timeouts
• ZBX-12967 fixed slide show refresh interval multiplier menu not working
• ZBX-13696 added maximum record limit to old session removal in housekeeper
• ZBX-13642 fixed undefined index in user edit form
• ZBX-13668 fixed dynamic widget searching for item key in item prototypes
• ZBX-13500 fixed fractional values in triggers being misinterpreted without a leading 0
• ZBX-13561 fixed incorrectly displayed pie graph when first item has no data
• ZBX-13517 fixed undefined index in pie charts
• ZBX-13499 fixed checkbox selector in problems table
• ZBX-13598 fixed crash when Zabbix process cannot connect to preprocessing service
• ZBX-13625 fixed blinking in the problem widget
• ZBX-13560 fixed acknowledge notifications being visible in the event popup
• ZBX-13298 fixed missing graph after faulty graph edit form submission

Zabbix 3.0.17 Release Notes

• ZBX-13781 fixed possible crash in the function “web.page.get” of Zabbix Agentd
• ZBX-14336 fixed persistent xss vulnerability in services
• ZBX-12425 fixed selection of web items in the “Plain text” screen element
• ZBX-13781 fixed CRLF injection in Zabbix Agentd
• ZBX-13766 fixed comparison of two large float numbers in expressions
• ZBX-13481 fixed incorrect parsing of BITS data type in SNMP response
• ZBX-13742 fixed parsing of the operator “not” in trigger expression
• ZBX-13680 fixed action not being cloned due to existing operation id being submitted
• ZBX-13660 fixed data types passed to is_ushort() for converting PID, port and process number
• ZBX-12935,ZBX-13539 fixed displaying of floating point values under the “Latest data” page
• ZBX-13500 fixed fractional values in triggers being misinterpreted without a leading 0
• ZBX-13561 fixed incorrectly displayed pie graph when first item has no data

JARVIS

Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.