openSUSE-SU-2020:1674-1

Опубликовано: 16 окт. 2020

Источник: suse-cvrf

Описание

Security update for icingaweb2

This update for icingaweb2 fixes the following issues:

icingaweb2 was updated to 2.7.4
- CVE-2020-24368: Fixed a path Traversal which could have allowed an attacker to access arbitrary files which are readable by the process running (boo#1175530).

Список пакетов

SUSE Package Hub 12

icingacli-2.7.4-bp152.2.3.1

icingaweb2-2.7.4-bp152.2.3.1

icingaweb2-common-2.7.4-bp152.2.3.1

icingaweb2-vendor-HTMLPurifier-2.7.4-bp152.2.3.1

icingaweb2-vendor-JShrink-2.7.4-bp152.2.3.1

icingaweb2-vendor-Parsedown-2.7.4-bp152.2.3.1

icingaweb2-vendor-dompdf-2.7.4-bp152.2.3.1

icingaweb2-vendor-lessphp-2.7.4-bp152.2.3.1

icingaweb2-vendor-zf1-2.7.4-bp152.2.3.1

php-Icinga-2.7.4-bp152.2.3.1

SUSE Package Hub 15 SP1

icingacli-2.7.4-bp152.2.3.1

icingaweb2-2.7.4-bp152.2.3.1

icingaweb2-common-2.7.4-bp152.2.3.1

icingaweb2-vendor-HTMLPurifier-2.7.4-bp152.2.3.1

icingaweb2-vendor-JShrink-2.7.4-bp152.2.3.1

icingaweb2-vendor-Parsedown-2.7.4-bp152.2.3.1

icingaweb2-vendor-dompdf-2.7.4-bp152.2.3.1

icingaweb2-vendor-lessphp-2.7.4-bp152.2.3.1

icingaweb2-vendor-zf1-2.7.4-bp152.2.3.1

php-Icinga-2.7.4-bp152.2.3.1

SUSE Package Hub 15 SP2

icingacli-2.7.4-bp152.2.3.1

icingaweb2-2.7.4-bp152.2.3.1

icingaweb2-common-2.7.4-bp152.2.3.1

icingaweb2-vendor-HTMLPurifier-2.7.4-bp152.2.3.1

icingaweb2-vendor-JShrink-2.7.4-bp152.2.3.1

icingaweb2-vendor-Parsedown-2.7.4-bp152.2.3.1

icingaweb2-vendor-dompdf-2.7.4-bp152.2.3.1

icingaweb2-vendor-lessphp-2.7.4-bp152.2.3.1

icingaweb2-vendor-zf1-2.7.4-bp152.2.3.1

php-Icinga-2.7.4-bp152.2.3.1

openSUSE Leap 15.1

icingacli-2.7.4-bp152.2.3.1

icingaweb2-2.7.4-bp152.2.3.1

icingaweb2-common-2.7.4-bp152.2.3.1

icingaweb2-vendor-HTMLPurifier-2.7.4-bp152.2.3.1

icingaweb2-vendor-JShrink-2.7.4-bp152.2.3.1

icingaweb2-vendor-Parsedown-2.7.4-bp152.2.3.1

icingaweb2-vendor-dompdf-2.7.4-bp152.2.3.1

icingaweb2-vendor-lessphp-2.7.4-bp152.2.3.1

icingaweb2-vendor-zf1-2.7.4-bp152.2.3.1

php-Icinga-2.7.4-bp152.2.3.1

openSUSE Leap 15.2

icingacli-2.7.4-bp152.2.3.1

icingaweb2-2.7.4-bp152.2.3.1

icingaweb2-common-2.7.4-bp152.2.3.1

icingaweb2-vendor-HTMLPurifier-2.7.4-bp152.2.3.1

icingaweb2-vendor-JShrink-2.7.4-bp152.2.3.1

icingaweb2-vendor-Parsedown-2.7.4-bp152.2.3.1

icingaweb2-vendor-dompdf-2.7.4-bp152.2.3.1

icingaweb2-vendor-lessphp-2.7.4-bp152.2.3.1

icingaweb2-vendor-zf1-2.7.4-bp152.2.3.1

php-Icinga-2.7.4-bp152.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MNPC46I6BKD5LUID7LW6EIGUPFD6N2U2/
E-Mail link for openSUSE-SU-2020:1674-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1175530
SUSE Bug 1175530
https://www.suse.com/security/cve/CVE-2020-24368/
SUSE CVE CVE-2020-24368 page

Описание

Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2.

Затронутые продукты

SUSE Package Hub 12:icingacli-2.7.4-bp152.2.3.1

SUSE Package Hub 12:icingaweb2-2.7.4-bp152.2.3.1

SUSE Package Hub 12:icingaweb2-common-2.7.4-bp152.2.3.1

SUSE Package Hub 12:icingaweb2-vendor-HTMLPurifier-2.7.4-bp152.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-24368.html
CVE-2020-24368
https://bugzilla.suse.com/1175530
SUSE Bug 1175530

openSUSE-SU-2020:1674-1

Описание

Список пакетов

SUSE Package Hub 12

SUSE Package Hub 15 SP1

SUSE Package Hub 15 SP2

openSUSE Leap 15.1

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2020-24368

Описание

Затронутые продукты

Ссылки