Описание
Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a filter expression to crash the Icinga 2 daemon. A fix is included in the following Icinga 2 versions: 2.15.1, 2.14.7, and 2.13.13.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| icinga2 | fixed | 2.15.1-1 | package | |
| icinga2 | no-dsa | trixie | package | |
| icinga2 | no-dsa | bookworm | package | |
| icinga2 | postponed | bullseye | package |
Примечания
https://github.com/Icinga/icinga2/security/advisories/GHSA-v9jg-xqhj-f43g
https://github.com/Icinga/icinga2/commit/0dadce2b972f1d8d9f9b11f3a4eb9604b79cacb2 (v2.15.1)
https://github.com/Icinga/icinga2/commit/0d737e263a2244be07da85e5c5d6d914888255d4 (v2.14.7)
https://github.com/Icinga/icinga2/commit/b7549d09f64b05edb57d568a94e0df45d3b7cfd3 (v2.13.13)
https://icinga.com/blog/releasing-icinga-2-v2-15-1-2-14-7-and-2-13-13-and-icinga-db-web-v1-2-3-and-1-1-4/
Связанные уязвимости
Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a filter expression to crash the Icinga 2 daemon. A fix is included in the following Icinga 2 versions: 2.15.1, 2.14.7, and 2.13.13.
Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a filter expression to crash the Icinga 2 daemon. A fix is included in the following Icinga 2 versions: 2.15.1, 2.14.7, and 2.13.13.