Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

openSUSE: 2021:1089-1 Moderate: Icinga2 API Exposure and Security Fix

opensuse
Calendar Grey July 24, 2021
Dist Opensuse Esm H88
A recent patch for icinga2 on openSUSE improves system integrity and addresses vulnerabilities related to API visibility.
An update that fixes three vulnerabilities is now available

Description

This update for icinga2 fixes the following issues:

icinga2 was updated to 2.12.5:

Version 2.12.5 fixes two security vulnerabilities that may lead to

privilege escalation for authenticated API users. Other improvements

include several bugfixes related to downtimes, downtime notifications, and

more reliable connection handling.

* Security

- Don't expose the PKI ticket salt via the API. This may lead to

privilege escalation for authenticated API users by them being able

to request certificates for other identities (CVE-2021-32739)

- Don't expose IdoMysqlConnection, IdoPgsqlConnection, and

ElasticsearchWriter passwords via the API (CVE-2021-32743)

Depending on your setup, manual intervention beyond installing the new

versions may be required, so please read the more detailed information in

the release blog post carefully.

* Bugfixes

- Don't send downtime end notification if downtime hasn't...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory moderate privilege escalation patch openSUSE icinga2 API exposure

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-1089=1

- openSUSE Backports SLE-15-SP3:

zypper in -t patch openSUSE-2021-1089=1

- openSUSE Backports SLE-15-SP2:

zypper in -t patch openSUSE-2021-1089=1

- openSUSE Backports SLE-15-SP1:

zypper in -t patch openSUSE-2021-1089=1

Package List

- openSUSE Leap 15.2 (x86_64):

icinga2-2.12.5-lp152.3.9.1

icinga2-bin-2.12.5-lp152.3.9.1

icinga2-bin-debuginfo-2.12.5-lp152.3.9.1

icinga2-common-2.12.5-lp152.3.9.1

icinga2-debuginfo-2.12.5-lp152.3.9.1

icinga2-debugsource-2.12.5-lp152.3.9.1

icinga2-doc-2.12.5-lp152.3.9.1

icinga2-ido-mysql-2.12.5-lp152.3.9.1

icinga2-ido-mysql-debuginfo-2.12.5-lp152.3.9.1

icinga2-ido-pgsql-2.12.5-lp152.3.9.1

icinga2-ido-pgsql-debuginfo-2.12.5-lp152.3.9.1

nano-icinga2-2.12.5-lp152.3.9.1

vim-icinga2-2.12.5-lp152.3.9.1

- openSUSE Backports SLE-15-SP3 (aarch64 ppc64le x86_64):

icinga2-2.12.5-bp153.2.5.1

icinga2-bin-2.12.5-bp153.2.5.1

icinga2-bin-debuginfo-2.12.5-bp153.2.5.1

icinga2-common-2.12.5-bp153.2.5.1

icinga2-debuginfo-2.12.5-bp153.2.5.1

icinga2-debugsource-2.12.5-bp153.2.5.1

icinga2-doc-2.12.5-bp153.2.5.1

icinga2-ido-mysql-2.12.5-bp153.2.5.1

icinga2-ido-mysql-debuginfo-2.12.5-bp153.2.5.1

icinga2-ido-pgsql-2.12.5-bp153.2.5.1

icinga2-ido-pgsql-debuginfo-2.12.5-bp153.2.5.1

nano-icinga2-2.12.5-bp153.2.5.1

vim-icinga2-2.12.5-bp153.2....

Read the Full Advisory

References

https://www.suse.com/security/cve/CVE-2020-29663.html

https://www.suse.com/security/cve/CVE-2021-32739.html

https://www.suse.com/security/cve/CVE-2021-32743.html

Announcement ID: openSUSE-SU-2021:1089-1
Rating: moderate
Affected Products: openSUSE Leap 15.2 openSUSE Backports SLE-15-SP3 openSUSE Backports SLE-15-SP2 openSUSE Backports SLE-15-SP1 .

Topics%20covered

Topics Covered

security advisory moderate privilege escalation patch openSUSE icinga2 API exposure

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here