Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-19186

Zabbix binaries are staticaly linked with vulnerable OpenSSL versions

    XMLWordPrintable

Details

    • Sprint 74 (Mar 2021), Sprint 75 (Apr 2021)

    Description

      A number of packages on https://www.zabbix.com/download_agents contain Zabbix binaries statically linked to OpenSSL 1.1.1*.
      CVE-2021-3449 describes a high severity vulnerability in all OpenSSL 1.1.1. There is also CVE-2021-3450.
      Zabbix packages and binaries should be recompiled and released with the fixed OpenSSL 1.1.1k.

      Attachments

        Activity

          People

            zabbix.dev Zabbix Development Team
            andris Andris Mednis
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: