Overview Repositories Revisions Requests Users Attributes Meta
Security update for icinga

This update for icinga fixes the following issues:

Update to 1.14.0

- CVE-2015-8010: Fixed XSS in the icinga classic UI (boo#952777)
- CVE-2016-8641 / CVE-2016-10089: fixed a possible symlink attack for files/dirs created by root (boo#1011630 and boo#1018047)
- CVE-2016-0726: removed the pre-configured administrative account with fixed password for the WebUI - (boo#961115)

Fixed bugs
bnc#1011630
VUL-0: CVE-2016-8641: icinga,nagios: Unsafe ownership change leading to privilege escalation
bnc#961115
VUL-1: CVE-2016-0726: icinga: Configured administrative account with fixed password and no IP restriction as default
bnc#1018047
VUL-1: CVE-2016-10089: nagios,icinga: root privilege escalation (hardlink)
bnc#952777
VUL-0: CVE-2015-8010: icinga: XSS in Icinga Classic-UI
CVE-2016-10089
CVE-2016-8641
CVE-2016-0726
CVE-2015-8010
Selected Binaries
openSUSE Build Service is sponsored by
Places