Alerts This Week
Warning Icon 1 905
Alerts This Week
Warning Icon 1 905

openSUSE: icinga2 Important TLS Bypass CVE-2024-49369 Advisory 2025:0457-1

opensuse
Calendar Grey December 4, 2025
Dist Opensuse Esm H88
Update resolves important issue with icinga2 related to TLS certificate validation bypass. Immediate action required.
An update that solves one vulnerability and has one errata is now available.

Description

This update for icinga2 fixes the following issues:

- Update to 2.14.5

* Bug Fixes

- Don't close anonymous connections before sending the response for a

certificate request #10337

- Performance data: Don't discard min/max values even if crit/warn

thresholds aren\u2019t given #10339

- Fix a failing test case on systems time_t is only 32 bits #10343

* Documentation

- Document the -X option for the mail-host-notification and

mail-service-notification commands #10335

- Include Nagios in the migration docs #10324

- Remove RHEL 7 from installation instructions #10334

- Add instructions for installing build dependencies on Windows Server

#10336

- Update to 2.14.4

* Crash Fixes

- Invalid DateTime#format() arguments in config and console on Windows

Server 2016 and older. #10112

- Downtime scheduling at runtime with non-existent trigger. #10049

- Object...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory security update important OpenSUSE tls bypass icinga2

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2025-457=1

Package List

- openSUSE Backports SLE-15-SP7 (aarch64 i586 x86_64):

icinga2-2.14.5-bp157.3.3.1

icinga2-bin-2.14.5-bp157.3.3.1

icinga2-common-2.14.5-bp157.3.3.1

icinga2-doc-2.14.5-bp157.3.3.1

icinga2-ido-mysql-2.14.5-bp157.3.3.1

icinga2-ido-pgsql-2.14.5-bp157.3.3.1

nano-icinga2-2.14.5-bp157.3.3.1

vim-icinga2-2.14.5-bp157.3.3.1

References

https://www.suse.com/security/cve/CVE-2024-49369.html

https://bugzilla.suse.com/1084909

https://bugzilla.suse.com/1233310

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2025:0457-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP7 le.

Topics%20covered

Topics Covered

security advisory security update important OpenSUSE tls bypass icinga2

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here