Alerts This Week
Warning Icon 1 905
Alerts This Week
Warning Icon 1 905

openSUSE: icinga-php-library icingaweb2 Moderate XSS Risk 2025:0473-1

opensuse
Calendar Grey December 18, 2025
Dist Opensuse Esm H88
Identify and resolve security issues with icinga-php-library and icingaweb2 on openSUSE, rated moderate.
An update that fixes four vulnerabilities is now available.

Description

This update for icinga-php-library, icingaweb2 fixes the following issues:

Changes in icingaweb2:

- Update to 2.12.6

- Search box shows many magnifying glasses for some community themes

#5395

- Authentication hooks are not called with external backends #5415

- Improve Minimal layout #5386

- Update to 2.12.5

* PHP 8.4 Support We're again a little behind schedule, but now we

support PHP 8.4! This means that installations on Ubuntu 25.04 and

Fedora 42+ can now install Icinga Web without worrying about PHP

related incompatibilities. Icinga packages will be available in the

next few days.

* Good Things Take Time There's only a single (notable) recent issue

that is fixed with this release. All the others are a bit older.

- External URLs set up as dashlets are not embedded the same as

navigation items #5346

* But the team sat together a few weeks ago and fixed a bug here and

there....

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate XSS OpenSUSE icingaweb2 icinga-php-library

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2025-473=1

Package List

- openSUSE Backports SLE-15-SP7 (noarch):

icinga-php-library-0.17.0-bp157.2.3.1

icingacli-2.12.6-bp157.2.3.1

icingaweb2-2.12.6-bp157.2.3.1

icingaweb2-common-2.12.6-bp157.2.3.1

icingaweb2-php-fpm-2.12.6-bp157.2.3.1

php-icinga-2.12.6-bp157.2.3.1

References

https://www.suse.com/security/cve/CVE-2025-27404.html

https://www.suse.com/security/cve/CVE-2025-27405.html

https://www.suse.com/security/cve/CVE-2025-27609.html

https://www.suse.com/security/cve/CVE-2025-30164.html

Announcement ID: openSUSE-SU-2025:0473-1
Rating: moderate
Affected Products: openSUSE Backports SLE-15-SP7

Topics%20covered

Topics Covered

security advisory moderate XSS OpenSUSE icingaweb2 icinga-php-library

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here