Security update for icinga
This update for icinga includes various upstream fixes and the following
security security fixes:
- icinga was updated to version 1.14.0
- the classic-UI was vulnerable to a cross site scripting attack
(CVE-2015-8010, boo#952777)
- A user with nagios privileges could have gained root privileges by
placing a symbolic link at the logfile location (CVE-2016-9566,
boo#1014637)
-
Submitted by
Tim Hardeck (thardeck)
Fixed bugs
bnc#1014637
VUL-0: CVE-2016-9566: nagios,icinga: Privilege escalation issue
bnc#952777
VUL-0: CVE-2015-8010: icinga: XSS in Icinga Classic-UI
