Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-19186

Zabbix binaries are staticaly linked with vulnerable OpenSSL versions

    XMLWordPrintable

    Details

    • Sprint:
      Sprint 74 (Mar 2021), Sprint 75 (Apr 2021)

      Description

      A number of packages on https://www.zabbix.com/download_agents contain Zabbix binaries statically linked to OpenSSL 1.1.1*.
      CVE-2021-3449 describes a high severity vulnerability in all OpenSSL 1.1.1. There is also CVE-2021-3450.
      Zabbix packages and binaries should be recompiled and released with the fixed OpenSSL 1.1.1k.

        Attachments

          Activity

            People

            Assignee:
            zabbix.dev Zabbix Development Team
            Reporter:
            andris Andris Mednis
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: