zabbix鍏憡澶氫釜瀹夊叏婕忔礊锛屾秹鍙婂涓増鏈紙闄勪慨澶嶆柟妗堬級鏈€鍏堝嚭鐜板湪涔愮淮瀹樼綉銆侟/p> ]]> 鏃ュ墠锛寊abbix瀹樻柟鍏憡鍙戠幇浜?涓畨鍏ㄦ紡娲烇紝娑夊強澶氫釜鐗堟湰锛屾紡娲炰唬鍙峰涓嬶細

1. 楂樺嵄婕忔礊锛欬a href="https://support.zabbix.com/browse/ZBX-23854">CVE-2023-32725锛孅/li>
2. 涓€鑸紡娲烇細CVE-2023-32727锛孅/li>

鎹簡瑙ｏ紝楂樺嵄婕忔礊CVE-2023-32725鐨凜VSS璇勫垎楂樿揪9.6鍒嗐€侰VE-2023-32725婕忔礊鍑虹幇鍦ㄤ华琛ㄦ澘涓紝褰撶敤鎴蜂娇鐢ㄥ甫鏈 URL 灏忛儴浠剁殑浠〃鏉跨殑Scheduled reports鏃讹紝灏嗕細閫犳垚zbx_session cookie 娉勬紡銆傚叿浣撴潵璇达紝鍦ㄩ厤缃垨鐢熸垚Scheduled reports鏃讹紝URL 灏忛儴浠朵腑閰嶇疆鐨勭綉绔欏皢鏀跺埌浼氳瘽 cookie銆傛敾鍑昏€呭彲浠ヤ娇鐢╟ookie鍐掑厖鍒涘缓鎶ュ憡鐨剒abbix鐢ㄦ埛锛屽苟鍦▃abbix鍓嶇涓互璇ョ敤鎴风殑鏉冮檺鍚戣嚜宸辨巿鏉冦€侟/p>

CVE-2023-32725婕忔礊鎵€娑夊強鍒扮殑鐩稿叧鐗堟湰鍖呮嫭锛欬/p>

    6.0.0 – 6.0.21

    6.4.0 – 6.4.6

聽聽聽聽7.0.0alpha1 – 7.0.0alpha3

涓瓑婕忔礊CVE-2023-32727鏄竴涓猧cmpping() 浠ｇ爜鎵ц婕忔礊锛孋VSS璇勫垎涓?.8鍒嗐€傚叿鏈夐厤缃 zabbix 椤圭洰鏉冮檺鐨勬敾鍑昏€呭彲浠ヤ娇鐢ㄥ嚱鏁 icmpping() 浠ュ強鍑芥暟鍖呭惈鐨勬伓鎰忓懡浠ゅ湪褰撳墠 zabbix 鏈嶅姟鍣ㄤ笂鎵ц浠绘剰浠ｇ爜銆侟/p>

CVE-2023-32727婕忔礊娑夊強鍒扮殑鐩稿叧鐗堟湰鍖呮嫭锛欬/p>

    4.0.0 – 4.0.49

    5.0.0 – 5.0.38

    6.0.0 – 6.0.22

    6.4.0 – 6.4.7

聽聽聽聽7.0.0alpha0 – 7.0.0alpha6

鎴嚦鐩墠锛寊abbix瀹樻柟鏈彂甯冮拡瀵逛互涓婁袱椤规紡娲炵殑琛ヤ竵锛屼絾鍙互閫氳繃鐗堟湰鍗囩骇鐨勬柟寮忎慨澶嶆紡娲炪€備互涓嬪皢浠嬬粛璇︾粏淇鏂规锛屽寘鎷紪璇戝崌绾т笌鍏嶇紪璇戞浛鎹㈠崌绾ф柟寮忋€侟/p>

1.瑙ｅ喅鏂规

1.1. 鏂规璇存槑

璇ユ搷浣滄柟妗堥€傜敤浜庯紝閫氳繃鍗囩骇骞冲彴zabbix娆¤鐗堟湰锛屼慨澶嶅綋鍓嶇増鏈腑瀛樺湪鐨勫凡鐭ユ紡娲濣/p>

1.2. 鏂规閫傜敤

楂樺嵄婕忔礊CVE-2023-32725

涓€鑸紡娲濣a href="https://support.zabbix.com/browse/ZBX-23857">CVE-2023-32727

浠ヤ腑绛夋紡娲濩VE-2023-32727涓轰緥锛屽奖鍝嶇増鏈強淇鐗堟湰鍒嗗埆濡備笅锛孅/p>

濡傚綋鍓嶅钩鍙拌繍琛岀増鏈负5.0.9锛屽垯闇€瑕佸崌绾ц嚦娆¤鐗堟湰5.0.39+锛汓/p>

濡傚綋鍓嶅钩鍙拌繍琛岀増鏈负6.0.20锛屽垯闇€瑕佸崌绾ц嚦娆¤鐗堟湰6.0.23rc1+銆侟/p>

1.3. 鏂规鎿嶄綔

鍏蜂綋婕忔礊妫€鏌ュ強淇鏂规鎿嶄綔锛屽弬鑰?銆?銆?绔犺妭銆侟/p>

濡備笅鏂规涓紝缂栬瘧鍗囩骇鎿嶄綔鏄互zabbix鐗堟湰5.0.9鐜涓轰緥锛屽厤缂栬瘧鏇挎崲鍗囩骇鎿嶄綔鏄互zabbix鐗堟湰6.0.20鐜涓轰緥銆侟/p>

2.鏌ョ湅褰撳墠server鐗堟湰

/itops/zabbix/sbin/zabbix_server -V

# 杩斿洖缁撴灉濡備笅

zabbix_server (zabbix) 5.0.9

Revision 4d07aaafe2 22 February 2021, compilation time: Mar 18 2021 23:50:53

Copyright (C) 2021 zabbix SIA

License GPLv2+: GNU GPL version 2 or later .

This is free software: you are free to change and redistribute it according to the license. There is NO WARRANTY, to the extent permitted by law.

This product includes software developed by the OpenSSL Project

for use in the OpenSSL Toolkit (http://www.openssl.org/).

Compiled with OpenSSL 1.0.2k-fips  26 Jan 2017

Running with OpenSSL 1.0.2k-fips  26 Jan 2017

鏍规嵁杩斿洖淇℃伅鍙垽鏂綋鍓嶇増鏈?.0.9锛屽湪婕忔礊褰卞搷鑼冨洿鐗堟湰鍐呫€侟/p>

3.閲嶆柊缂栬瘧鏂扮増鏈瑂erver锛堝閮ㄧ讲涓哄厤缂栬瘧鏂瑰紡锛屽垯鐩存帴鍙傝€冪4绔犺妭瑙ｅ帇鍗崇敤zabbix_server鐗堟湰鏇挎崲鏂瑰紡锛堻/h3>

3.1. 鑾峰彇涔嬪墠缂栬瘧鍙傛暟

缈绘煡涔嬪墠鐨勭紪璇戣矾寰勶紝浠ュ綋鍓嶇幆澧?.0.9涓轰緥锛屽叏鐩榝ind 鐩綍 zabbix-5.0.9

find / -name zabbix-5.0.9

# 杩斿洖缁撴灉濡備笅

/root/packages/LWSetup/packages/zabbix-5.0.9

# 杩涘叆鐩綍涓嬫煡鐪媍onfig.log鏂囦欢

cd /root/packages/LWSetup/packages/zabbix-5.0.9

grep ‘/configure’ config.log# 杩斿洖缁撴灉濡備笅#  $ ./configure –prefix=/itops/zabbix –enable-server –enable-agent –with-postgresql=/itops/postgresql/bin/pg_config –with-net-snmp –with-libcurl –with-libxml2 –with-unixodbc –with-openipmi –enable-ipv6 –enable-java –with-openssl –with-ssh2 –with-iconv –with-iconv-include –with-iconv-lib –with-libpcre –with-libpcre-include –with-libpcre-lib –with-libevent –with-libevent-include –with-zlib –with-zlib-include –with-zlib-lib –with-libpthread –with-libpthread-include –with-libpthread-lib –with-libevent-lib –with-ldap# Configured with: ../configure –prefix=/usr –mandir=/usr/share/man –infodir=/usr/share/info –with-bugurl=http://bugzilla.redhat.com/bugzilla –enable-bootstrap –enable-shared –enable-threads=posix –enable-checking=release –with-system-zlib –enable-__cxa_atexit –disable-libunwind-exceptions –enable-gnu-unique-object –enable-linker-build-id –with-linker-hash-style=gnu –enable-languages=c,c++,objc,obj-c++,java,fortran,ada,go,lto –enable-plugin –enable-initfini-array –disable-libgcj –with-isl=/builddir/build/BUILD/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/isl-install –with-cloog=/builddir/build/BUILD/gcc-4.8.5-20150702/obj-x86_64-redhat-linux/cloog-install –enable-gnu-indirect-function –with-tune=generic –with-arch_32=x86-64 –build=x86_64-redhat-linux

鍙互鑾峰彇鍒扮紪璇戝弬鏁颁负锛?/configure –prefix=/itops/zabbix –enable-server –enable-agent –with-postgresql=/itops/postgresql/bin/pg_config –with-net-snmp –with-libcurl –with-libxml2 –with-unixodbc –with-openipmi –enable-ipv6 –enable-java –with-openssl –with-ssh2 –with-iconv –with-iconv-include –with-iconv-lib –with-libpcre –with-libpcre-include –with-libpcre-lib –with-libevent –with-libevent-include –with-zlib –with-zlib-include –with-zlib-lib –with-libpthread –with-libpthread-include –with-libpthread-lib –with-libevent-lib –with-ldap

3.2. 鑾峰彇缂栬瘧鍖匋/h4>

鐢辨紡娲炲叕鍛婃儏鍐靛彲鐭ワ紝闇€瑕佸崌绾у埌鍝簺鐗堟湰鎵嶈兘閬垮厤婕忔礊椋庨櫓锛屽彲浠嶞a>zabbix瀹樼綉鑾峰彇缂栬瘧鍖呫€傚涓嬫搷浣滀互5.0.40鐗堟湰zabbix涓轰緥

3.3. 鎵ц缂栬瘧鎿嶄綔

cp -rp /itops/zabbix/ /itops/zabbix-5.0.9/

tar xf zabbix-5.0.40.tar.gz

cd zabbix-5.0.40

./configure –prefix=/itops/zabbix –enable-server –enable-agent –with-postgresql=/itops/postgresql/bin/pg_config –with-net-snmp –with-libcurl –with-libxml2 –with-unixodbc –with-openipmi –enable-ipv6 –enable-java –with-openssl –with-ssh2 –with-iconv –with-iconv-include –with-iconv-lib –with-libpcre –with-libpcre-include –with-libpcre-lib –with-libevent –with-libevent-include –with-zlib –with-zlib-include –with-zlib-lib –with-libpthread –with-libpthread-include –with-libpthread-lib –with-libevent-lib –with-ldap

make install

# 缂栬瘧鎴愬姛杩斿洖濡備笅

make[2]: Leaving directory `/root/packages/LWSetup/packages/zabbix-5.0.40/database/sqlite3′

make[2]: Entering directory `/root/packages/LWSetup/packages/zabbix-5.0.40/database’

make[3]: Entering directory `/root/packages/LWSetup/packages/zabbix-5.0.40/database’

make[3]: Nothing to be done for `install-exec-am’.

make[3]: Nothing to be done for `install-data-am’.

make[3]: Leaving directory `/root/packages/LWSetup/packages/zabbix-5.0.40/database’

make[2]: Leaving directory `/root/packages/LWSetup/packages/zabbix-5.0.40/database’

make[1]: Leaving directory `/root/packages/LWSetup/packages/zabbix-5.0.40/database’

Making install in man

make[1]: Entering directory `/root/packages/LWSetup/packages/zabbix-5.0.40/man’

make[2]: Entering directory `/root/packages/LWSetup/packages/zabbix-5.0.40/man’

make[2]: Nothing to be done for `install-exec-am’.

 /usr/bin/mkdir -p ‘/itops/zabbix/share/man/man1’

 /usr/bin/install -c -m 644 ‘zabbix_get.man’ ‘/itops/zabbix/share/man/man1/zabbix_get.1’

 /usr/bin/install -c -m 644 ‘zabbix_sender.man’ ‘/itops/zabbix/share/man/man1/zabbix_sender.1’

 /usr/bin/mkdir -p ‘/itops/zabbix/share/man/man8’

 /usr/bin/install -c -m 644 ‘zabbix_agentd.man’ ‘/itops/zabbix/share/man/man8/zabbix_agentd.8’

 /usr/bin/install -c -m 644 ‘zabbix_server.man’ ‘/itops/zabbix/share/man/man8/zabbix_server.8’

make[2]: Leaving directory `/root/packages/LWSetup/packages/zabbix-5.0.40/man’

make[1]: Leaving directory `/root/packages/LWSetup/packages/zabbix-5.0.40/man’

Making install in misc

make[1]: Entering directory `/root/packages/LWSetup/packages/zabbix-5.0.40/misc’

make[2]: Entering directory `/root/packages/LWSetup/packages/zabbix-5.0.40/misc’

make[2]: Nothing to be done for `install-exec-am’.

make[2]: Nothing to be done for `install-data-am’.

make[2]: Leaving directory `/root/packages/LWSetup/packages/zabbix-5.0.40/misc’

make[1]: Leaving directory `/root/packages/LWSetup/packages/zabbix-5.0.40/misc’

make[1]: Entering directory `/root/packages/LWSetup/packages/zabbix-5.0.40′

make[2]: Entering directory `/root/packages/LWSetup/packages/zabbix-5.0.40′

make[2]: Nothing to be done for `install-exec-am’.

make[2]: Nothing to be done for `install-data-am’.

make[2]: Leaving directory `/root/packages/LWSetup/packages/zabbix-5.0.40′

make[1]: Leaving directory `/root/packages/LWSetup/packages/zabbix-5.0.40′

configure 缂栬瘧鍙傛暟鎶ラ敊

鎶ラ敊锛歝onfigure: error: Invalid Net-SNMP directory – unable to find net-snmp-config

澶勭悊锛歽um install -y net-snmp-devel

3.4. 鎵ц鏈嶅姟閲嶅惎鎿嶄綔

service zabbix_server restart

service zabbix_agentd restart

3.5. proxy閲嶆柊缂栬瘧鎿嶄綔

涓婅堪婕忔礊鏈秹鍙妏roxy閮ㄥ垎锛屽彲涓嶄簣鍗囩骇鎿嶄綔锛屼富瑕佺増鏈竴鑷村嵆鍙紝娆¤鐗堟湰鏈夊樊寮備笉褰卞搷銆侟/p>

濡傛湁鍗囩骇蹇呰锛屽弬鑰僺erver缂栬瘧鎿嶄綔锛屽熀鏈竴鑷滁/p>

3.6. 鍥炴粴鎿嶄綔

mv /itops/zabbix/ /itops/zabbix-5.0.40

mv /itops/zabbix-5.0.9/ /itops/zabbix/

service zabbix_server restart

4.鍏嶇紪璇戝畨瑁呮浛鎹㈡柊鐗坰erver

4.1. 鑾峰彇鍏嶇紪璇戝寘

浣跨敤涔愮淮绀惧尯鍙戝竷鐨勫厤缂栬瘧tar.xz鍖呰繘琛岃В鍘嬫浛鎹↑/p>

4.2. 鎵ц鏇挎崲鎿嶄綔

路 涓婁紶鏂拌В鍘嬪嵆鐢ㄥ寘鑷硈erver鏈嶅姟鍣?/p>

浠庨檮浠朵腑涓嬭浇绋嬪簭鍖呭強lib鍖匋/p>

    zabbix-server

    zabbix-lib

娉ㄦ剰锛氳鍖呬粎鏀寔centos/redhat7.4-7.9鐜

路 澶囦唤鍘焥erver鐩綍

cp -rp /itops/zabbix/ /itops/bakzbx-6.0.20

mv /usr/lib/itops/zabbix /usr/lib/itops/libzbx-6.0.20

路 瑙ｅ帇鏂囦欢

tar xf zabbix-6.0.25.tar.xz -C /tmp

tar xf zabbix-lib.tar.xz -C /usr/lib/itops

路 鏇挎崲鍘熷惎鍔ㄦ枃浠跺強渚濊禆搴掽/p>

mv -f /tmp/zabbix/sbin/zabbix_server /itops/zabbix/sbin/zabbix_server

mv -f /tmp/zabbix/sbin/zabbix_agentd /itops/zabbix/sbin/zabbix_agentd

chmod +x /itops/zabbix/sbin/zabbix*

chown itops: /itops/zabbix/sbin/zabbix*

chown -R itops: /usr/lib/itops/zabbix

4.3. 鎵ц鏈嶅姟閲嶅惎鎿嶄綔

service zabbix_server restart

service zabbix_agentd restart

4.4. 鍥炴粴鎿嶄綔

service zabbix_server stop

mv /itops/zabbix/ /itops/zabbix-6.0.25

mv /itops/bakzbx-6.0.20 /itops/zabbix/

mv /usr/lib/itops/zabbix /usr/lib/itops/libzbx-6.0.25

mv /usr/lib/itops/zabbix-6.0.20 /usr/lib/itops/zabbix

service zabbix_server start

鑷虫锛屾紡娲炰慨澶嶅畬鎴愩€侟/p>

浠ヤ笂婕忔礊淇鏂规鐢变箰缁寸ぞ鍖烘彁渚涖€備箰缁寸ぞ鍖烘槸鍥藉唴杈冨ぇ鐨勪笓涓氳繍缁寸洃鎺ф妧鏈氦娴佸钩鍙帮紝鑷村姏浜庝负骞垮ぇ杩愮淮浜哄憳鎻愪緵杩愮淮鎶€鏈氦娴佷簰鍔╃┖闂达紝鏇村zabbix鎶€鏈煡璇嗘杩庡姞鍏?a href="https://forum.lwops.cn/">涔愮淮绀惧尯銆傛澶栵紝鏇村zabbix閮ㄧ讲闂銆亃abbix寮€鍙戦棶棰樼瓑涔烖a href="https://forum.lwops.cn/questions">娆㈣繋鍒颁箰缁寸ぞ鍖虹暀瑷€銆侟/p>

zabbix鍏憡澶氫釜瀹夊叏婕忔礊锛屾秹鍙婂涓増鏈紙闄勪慨澶嶆柟妗堬級鏈€鍏堝嚭鐜板湪涔愮淮瀹樼綉銆侟/p> ]]>