-
Defect (Security)
-
Resolution: Fixed
-
Trivial
-
None
-
None
-
Sprint 74 (Mar 2021), Sprint 75 (Apr 2021)
A number of packages on https://www.zabbix.com/download_agents contain Zabbix binaries statically linked to OpenSSL 1.1.1*.
CVE-2021-3449 describes a high severity vulnerability in all OpenSSL 1.1.1. There is also CVE-2021-3450.
Zabbix packages and binaries should be recompiled and released with the fixed OpenSSL 1.1.1k.