Security update for zabbix SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:0483-1 Final 1 1 2026-02-12T16:34:19Z current 2026-02-12T16:34:19Z 2026-02-12T16:34:19Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for zabbix This update for zabbix fixes the following issues: - CVE-2024-36469: Introduced clamping for mitigation of timing attacks. (bsc#1240676) - CVE-2024-42325: Restricted access to user fields using user.get API method for users of User and Admin type, and restricted access to alert entities using alert.get API method for users of User and Admin types. (bsc#1240678) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2026-483,SUSE-SLE-SERVER-12-SP5-LTSS-EXTENDED-SECURITY-2026-483 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-20260483-1/ Link for SUSE-SU-2026:0483-1 https://lists.suse.com/pipermail/sle-security-updates/2026-February/024148.html E-Mail link for SUSE-SU-2026:0483-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1240676 SUSE Bug 1240676 https://bugzilla.suse.com/1240678 SUSE Bug 1240678 https://www.suse.com/security/cve/CVE-2024-36469/ SUSE CVE CVE-2024-36469 page https://www.suse.com/security/cve/CVE-2024-42325/ SUSE CVE CVE-2024-42325 page SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 zabbix-agent-4.0.12-4.45.1 zabbix-java-gateway-4.0.12-4.45.1 zabbix-phpfrontend-4.0.12-4.45.1 zabbix-proxy-4.0.12-4.45.1 zabbix-proxy-mysql-4.0.12-4.45.1 zabbix-proxy-postgresql-4.0.12-4.45.1 zabbix-proxy-sqlite-4.0.12-4.45.1 zabbix-server-4.0.12-4.45.1 zabbix-server-mysql-4.0.12-4.45.1 zabbix-server-postgresql-4.0.12-4.45.1 zabbix-agent-4.0.12-4.45.1 as a component of SUSE Linux Enterprise Server LTSS Extended Security 12 SP5 Execution time for an unsuccessful login differs when using a non-existing username compared to using an existing one. CVE-2024-36469 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:zabbix-agent-4.0.12-4.45.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260483-1/ https://www.suse.com/security/cve/CVE-2024-36469.html CVE-2024-36469 https://bugzilla.suse.com/1240676 SUSE Bug 1240676 Zabbix API user.get returns all users that share common group with the calling user. This includes media and other information, such as login attempts, etc. CVE-2024-42325 SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:zabbix-agent-4.0.12-4.45.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-20260483-1/ https://www.suse.com/security/cve/CVE-2024-42325.html CVE-2024-42325 https://bugzilla.suse.com/1240678 SUSE Bug 1240678