File _patchinfo of Package patchinfo.8906

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.8906

<patchinfo incident="8906">
  <issue tracker="bnc" id="1011630">VUL-0: CVE-2016-8641: icinga,nagios: Unsafe ownership change leading to privilege escalation</issue>
  <issue tracker="bnc" id="961115">VUL-1: CVE-2016-0726: icinga: Configured administrative account with fixed password and no IP restriction as default</issue>
  <issue tracker="bnc" id="1018047">VUL-1: CVE-2016-10089: nagios,icinga: root privilege escalation (hardlink)</issue>
  <issue tracker="bnc" id="952777">VUL-0: CVE-2015-8010: icinga: XSS in Icinga Classic-UI</issue>
  <issue tracker="cve" id="2016-10089"/>
  <issue tracker="cve" id="2016-8641"/>
  <issue tracker="cve" id="2016-0726"/>
  <issue tracker="cve" id="2015-8010"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>lrupp</packager>
  <description>This update for icinga fixes the following issues:

Update to 1.14.0

- CVE-2015-8010: Fixed XSS in the icinga classic UI (boo#952777)
- CVE-2016-8641 / CVE-2016-10089: fixed a possible symlink attack for files/dirs created by root (boo#1011630 and boo#1018047)
- CVE-2016-0726: removed the pre-configured administrative account with fixed password for the WebUI - (boo#961115)

</description>
  <summary>Security update for icinga</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.8906

Places