Описание
Security update for icinga
This update for icinga includes various upstream fixes and the following security security fixes:
- icinga was updated to version 1.14.0
- the classic-UI was vulnerable to a cross site scripting attack (CVE-2015-8010, boo#952777)
- A user with nagios privileges could have gained root privileges by placing a symbolic link at the logfile location (CVE-2016-9566, boo#1014637)
Список пакетов
openSUSE Leap 42.1
icinga-1.14.0-4.1
icinga-devel-1.14.0-4.1
icinga-doc-1.14.0-4.1
icinga-idoutils-1.14.0-4.1
icinga-idoutils-mysql-1.14.0-4.1
icinga-idoutils-oracle-1.14.0-4.1
icinga-idoutils-pgsql-1.14.0-4.1
icinga-plugins-downtimes-1.14.0-4.1
icinga-plugins-eventhandlers-1.14.0-4.1
icinga-www-1.14.0-4.1
icinga-www-config-1.14.0-4.1
monitoring-tools-1.14.0-4.1
openSUSE Leap 42.2
icinga-1.14.0-4.1
icinga-devel-1.14.0-4.1
icinga-doc-1.14.0-4.1
icinga-idoutils-1.14.0-4.1
icinga-idoutils-mysql-1.14.0-4.1
icinga-idoutils-oracle-1.14.0-4.1
icinga-idoutils-pgsql-1.14.0-4.1
icinga-plugins-downtimes-1.14.0-4.1
icinga-plugins-eventhandlers-1.14.0-4.1
icinga-www-1.14.0-4.1
icinga-www-config-1.14.0-4.1
monitoring-tools-1.14.0-4.1
Ссылки
- E-Mail link for openSUSE-SU-2017:0146-1
- SUSE Security Ratings
Описание
Cross-site scripting (XSS) vulnerability in the Classic-UI with the CSV export link and pagination feature in Icinga before 1.14 allows remote attackers to inject arbitrary web script or HTML via the query string to cgi-bin/status.cgi.
Затронутые продукты
openSUSE Leap 42.1:icinga-1.14.0-4.1
openSUSE Leap 42.1:icinga-devel-1.14.0-4.1
openSUSE Leap 42.1:icinga-doc-1.14.0-4.1
openSUSE Leap 42.1:icinga-idoutils-1.14.0-4.1
Ссылки
- CVE-2015-8010
- SUSE Bug 952777
Описание
base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.
Затронутые продукты
openSUSE Leap 42.1:icinga-1.14.0-4.1
openSUSE Leap 42.1:icinga-devel-1.14.0-4.1
openSUSE Leap 42.1:icinga-doc-1.14.0-4.1
openSUSE Leap 42.1:icinga-idoutils-1.14.0-4.1
Ссылки
- CVE-2016-9566
- SUSE Bug 1014637