diff --git a/fix-CVE-2022-35230.patch b/fix-CVE-2022-35230.patch new file mode 100644 index 0000000000000000000000000000000000000000..a041940309043b7d2d6dad74137fc07342533c97 --- /dev/null +++ b/fix-CVE-2022-35230.patch @@ -0,0 +1,88 @@ +From 2c7e4c114d85c440590af03ad1ed0a18adedc757 Mon Sep 17 00:00:00 2001 +From: Roberts Lataria +Date: Tue, 24 May 2022 16:16:13 +0300 +Subject: [PATCH] ..F....... [DEV-2181] fixed xss in graph +Reference:https://github.com/zabbix/zabbix/commit/2c7e4c114d85c440590af03ad1ed0a18adedc757 + +--- + ui/graphs.php | 39 +++++++++++++------ + ui/include/views/configuration.graph.edit.php | 4 ++ + 2 files changed, 31 insertions(+), 12 deletions(-) + +diff --git a/ui/graphs.php b/ui/graphs.php +index 79bb195..36344d0 100644 +--- a/ui/graphs.php ++++ b/ui/graphs.php +@@ -96,8 +96,22 @@ if (isset($_REQUEST['yaxismax']) && zbx_empty($_REQUEST['yaxismax'])) { + check_fields($fields); + + $gitems = []; +-foreach (getRequest('items', []) as $gitem) { +- $gitems[] = json_decode($gitem, true); ++foreach (getRequest('items', []) as $item) { ++ $gitem = json_decode($item, true); ++ ++ if (array_key_exists('itemid', $gitem)) { ++ $gitem['itemid'] = bcadd($gitem['itemid'], 0, 0); ++ } ++ ++ if (array_key_exists('type', $gitem)) { ++ $gitem['type'] = (int) $gitem['type']; ++ } ++ ++ if (array_key_exists('drawtype', $gitem)) { ++ $gitem['drawtype'] = (int) $gitem['drawtype']; ++ } ++ ++ $gitems[] = $gitem; + } + + $_REQUEST['items'] = $gitems; +@@ -619,18 +633,19 @@ elseif (isset($_REQUEST['form'])) { + 'preservekeys' => true + ]); + +- foreach ($data['items'] as &$item) { +- $host = reset($items[$item['itemid']]['hosts']); ++ if ($items) { ++ foreach ($data['items'] as &$item) { ++ $host = reset($items[$item['itemid']]['hosts']); + +- $item['host'] = $host['name']; +- $item['hostid'] = $items[$item['itemid']]['hostid']; +- $item['name'] = $items[$item['itemid']]['name']; +- $item['key_'] = $items[$item['itemid']]['key_']; +- $item['flags'] = $items[$item['itemid']]['flags']; ++ $item['host'] = $host['name']; ++ $item['hostid'] = $items[$item['itemid']]['hostid']; ++ $item['name'] = $items[$item['itemid']]['name']; ++ $item['key_'] = $items[$item['itemid']]['key_']; ++ $item['flags'] = $items[$item['itemid']]['flags']; ++ } ++ unset($item); ++ $data['items'] = CMacrosResolverHelper::resolveItemNames($data['items']); + } +- unset($item); +- +- $data['items'] = CMacrosResolverHelper::resolveItemNames($data['items']); + } + + $data['items'] = array_values($data['items']); +diff --git a/ui/include/views/configuration.graph.edit.php b/ui/include/views/configuration.graph.edit.php +index 73eda44..9a71857 100644 +--- a/ui/include/views/configuration.graph.edit.php ++++ b/ui/include/views/configuration.graph.edit.php +@@ -433,6 +433,10 @@ $items_table->addRow( + ); + + foreach ($this->data['items'] as $n => $item) { ++ if (!$item['itemid']) { ++ continue; ++ } ++ + $name = $item['host'].NAME_DELIMITER.$item['name_expanded']; + + if (zbx_empty($item['drawtype'])) { +-- +2.27.0 + diff --git a/zabbix.spec b/zabbix.spec index ae7dc4a21089c72bd6238ae5cdf92f27bbafa704..80da4b347b8dc406b5db19aef7bc443a187d44bf 100644 --- a/zabbix.spec +++ b/zabbix.spec @@ -1,6 +1,6 @@ Name: zabbix Version: 5.2.6 -Release: 5 +Release: 6 Summary: The Enterprise-class open source monitoring solution License: GPLv2+ URL: http://www.zabbix.com/ @@ -29,6 +29,7 @@ Source23: gomodules-for-x86.tar.gz Patch0: config.patch Patch1: fping3-sourceip-option.patch Patch2: fix-x86-failed-offline.patch +Patch3: fix-CVE-2022-35230.patch Buildroot: %{_tmppath}/zabbix-%{version}-%{release}-root-%(%{__id_u} -n) @@ -316,6 +317,7 @@ Zabbix java gateway %prep %setup0 -q -n %{name}-%{version}%{?alphatag} +%patch3 -p1 if ping -c 3 -w 20 8.8.8.8; then echo "Internet ok" @@ -1115,6 +1117,9 @@ fi %changelog +* Mon Aug 12 2024 baiguo - 5.2.6-6 +- fix CVE-2022-35230 + * Sat Oct 28 2023 beta - 5.2.6-5 - solve installation conflicts between zabbix-proxy-sqlite3 and zabbix-proxy-mysql