Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -2 articles for you...
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisoryhigh severitygentoo

Gentoo: GLSA-202007-31 High Severity: Icinga Root Privilege Escalation

Icinga installs files with insecure permissions allowing root privilege escalation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202007-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Icinga: Root privilege escalation Date: July 27, 2020 Bugs: #638186 ID: 202007-31 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Icinga installs files with insecure permissions allowing root privilege escalation. Background ========= Icinga is an open source computer system and network monitoring application. It was originally created as a fork of the Nagios system monitoring application in 2009. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/icinga < 1.14.2 Vulnerable! ------------------------------------------------------------------- NOTE: Certain packages are still vulnerable. Users should migrate to another package if one is available or wait for the existing packages to be marked stable by their architecture maintainers. Description ========== It was discovered that Icinga's installed files have insecure permissions, possibly allowing root privilege escalation. Impact ===== A local attacker could escalate privileges to root. Workaround ========= There is no known workaround at this time. Resolution ========= Gentoo has discontinued support for Icinga. We recommend that usersunmerge Icinga: # emerge --unmerge "net-analyzer/icinga" NOTE: The Gentoo developer(s) maintaining Icinga havediscontinued support at this time. It may be possible that a new Gentoo developer will update Icinga at a later date. The natural replacement is Icinga 2 (net-analyzer/icinga2). References ========= [ 1 ] CVE-2017-16882 https://nvd.nist.gov/vuln/detail/CVE-2017-16882 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202007-31 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2020 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Icinga configuration files show vulnerable access rights that could allow privilege escalation; it is recommended that Gentoo users remove Icinga from their systems.. root Privilege Escalation, Icinga Security Issue, Gentoo Advisory, Insecure Permissions. . LinuxSecurity.com Team

Calendar 2 Jul 26, 2020 Gentoo
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorymoderateXSS

SUSE: 2018:3620-1 Moderate: Icinga Symlink And XSS Issues

An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for icinga ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:3620-1 Rating: moderate References: #1011630 #1018047 #952777 Cross-References: CVE-2015-8010 CVE-2016-10089 CVE-2016-8641 Affected Products: SUSE Manager Tools 12 SUSE Enterprise Storage 4 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for icinga fixes the following issues: Security issues fixed: - CVE-2015-8010: Fixed XSS in the icinga classic UI (boo#952777) - CVE-2016-8641 / CVE-2016-10089: fixed a possible symlink attack for files/dirs created by root (boo#1011630 and boo#1018047) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Tools 12: zypper in -t patch SUSE-SLE-Manager-Tools-12-2018-2580=1 - SUSE Enterprise Storage 4: zypper in -t patch SUSE-Storage-4-2018-2580=1 Package List: - SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64): icinga-1.13.3-12.3.1 icinga-debuginfo-1.13.3-12.3.1 icinga-debugsource-1.13.3-12.3.1 icinga-devel-1.13.3-12.3.1 icinga-doc-1.13.3-12.3.1 icinga-idoutils-1.13.3-12.3.1 icinga-idoutils-mysql-1.13.3-12.3.1 icinga-idoutils-oracle-1.13.3-12.3.1 icinga-idoutils-pgsql-1.13.3-12.3.1 icinga-plugins-downtimes-1.13.3-12.3.1 icinga-plugins-eventhandlers-1.13.3-12.3.1 icinga-www-1.13.3-12.3.1 icinga-www-config-1.13.3-12.3.1 monitoring-tools-1.13.3-12.3.1 - SUSE Enterprise Storage 4 (aarch64 x86_64): icinga-1.13.3-12.3.1 icinga-debuginfo-1.13.3-12.3.1 icinga-debugsource-1.13.3-12.3.1 References: https://www.suse.com/security/cve/CVE-2015-8010.html https://www.suse.com/security/cve/CVE-2016-10089.html https://www.suse.com/security/cve/CVE-2016-8641.html https://bugzilla.suse.com/1011630 https://bugzilla.suse.com/1018047 https://bugzilla.suse.com/952777 _______________________________________________ sle-security-updates mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. http://lists.suse.com/mailman/listinfo/sle-security-updates . SUSE has announced a security update for Icinga that resolves various vulnerabilities found within the software. Refer to the official documentation for comprehensive patch guidance.. SUSE Security Update, icinga, symlink attacks, XSS, patch instructions. . LinuxSecurity.com Team

Calendar 2 Nov 05, 2018 SuSE
Banner 2 1028x280 1708121730 1 1771599631
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorymoderateXSS

openSUSE Leap 42.3 openSUSE-SU-2018:3258-1 moderate: icinga security update

An update that fixes four vulnerabilities is now available.. openSUSE Security Update: Security update for icinga ______________________________________________________________________________ Announcement ID: openSUSE-SU-2018:3258-1 Rating: moderate References: #1011630 #1018047 #952777 #961115 Cross-References: CVE-2015-8010 CVE-2016-0726 CVE-2016-10089 CVE-2016-8641 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for icinga fixes the following issues: Update to 1.14.0 - CVE-2015-8010: Fixed XSS in the icinga classic UI (boo#952777) - CVE-2016-8641 / CVE-2016-10089: fixed a possible symlink attack for files/dirs created by root (boo#1011630 and boo#1018047) - CVE-2016-0726: removed the pre-configured administrative account with fixed password for the WebUI - (boo#961115) Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2018-1206=1 Package List: - openSUSE Leap 42.3 (x86_64): icinga-1.14.0-8.3.2 icinga-debuginfo-1.14.0-8.3.2 icinga-debugsource-1.14.0-8.3.2 icinga-devel-1.14.0-8.3.2 icinga-doc-1.14.0-8.3.2 icinga-idoutils-1.14.0-8.3.2 icinga-idoutils-debuginfo-1.14.0-8.3.2 icinga-idoutils-mysql-1.14.0-8.3.2 icinga-idoutils-oracle-1.14.0-8.3.2 icinga-idoutils-pgsql-1.14.0-8.3.2 icinga-plugins-downtimes-1.14.0-8.3.2 icinga-plugins-eventhandlers-1.14.0-8.3.2 icinga-www-1.14.0-8.3.2 icinga-www-config-1.14.0-8.3.2 icinga-www-debuginfo-1.14.0-8.3.2 monitoring-tools-1.14.0-8.3.2 monitoring-tools-debuginfo-1.14.0-8.3.2 References: https://www.suse.com/security/cve/CVE-2015-8010.html https://www.suse.com/security/cve/CVE-2016-0726.html https://www.suse.com/security/cve/CVE-2016-10089.html https://www.suse.com/security/cve/CVE-2016-8641.html https://bugzilla.suse.com/1011630 https://bugzilla.suse.com/1018047 https://bugzilla.suse.com/952777 https://bugzilla.suse.com/961115 -- . A fresh update has been released for icinga on openSUSE Leap 42.3, resolving various concerns and improving protection protocols.. openSUSE Update,Icinga Security Patch,Software Fixes. . LinuxSecurity.com Team

Calendar 2 Oct 19, 2018 OpenSUSE
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisoryprivilege escalationcross site scripting

openSUSE: 2017:0146-1 Important: Icinga XSS And Privilege Escalation

An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available. An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for icinga ______________________________________________________________________________ Announcement ID: openSUSE-SU-2017:0146-1 Rating: important References: #1014637 #952777 Cross-References: CVE-2015-8010 CVE-2016-9566 Affected Products: openSUSE Leap 42.2 openSUSE Leap 42.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for icinga includes various upstream fixes and the following security security fixes: - icinga was updated to version 1.14.0 - the classic-UI was vulnerable to a cross site scripting attack (CVE-2015-8010, boo#952777) - A user with nagios privileges could have gained root privileges by placing a symbolic link at the logfile location (CVE-2016-9566, boo#1014637) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE Leap 42.2: zypper in -t patch openSUSE-2017-100=1 - openSUSE Leap 42.1: zypper in -t patch openSUSE-2017-100=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE Leap 42.2 (x86_64): icinga-1.14.0-4.1 icinga-debuginfo-1.14.0-4.1 icinga-debugsource-1.14.0-4.1 icinga-devel-1.14.0-4.1 icinga-doc-1.14.0-4.1 icinga-idoutils-1.14.0-4.1 icinga-idoutils-debuginfo-1.14.0-4.1 icinga-idoutils-mysql-1.14.0-4.1 icinga-idoutils-oracle-1.14.0-4.1 icinga-idoutils-pgsql-1.14.0-4.1 icinga-plugins-downtimes-1.14.0-4.1 icinga-plugins-eventhandlers-1.14.0-4.1 icinga-www-1.14.0-4.1 icinga-www-config-1.14.0-4.1 icinga-www-debuginfo-1.14.0-4.1 monitoring-tools-1.14.0-4.1 monitoring-tools-debuginfo-1.14.0-4.1 - openSUSE Leap 42.1 (i586 x86_64): icinga-1.14.0-3.1 icinga-debuginfo-1.14.0-3.1 icinga-debugsource-1.14.0-3.1 icinga-devel-1.14.0-3.1 icinga-doc-1.14.0-3.1 icinga-idoutils-1.14.0-3.1 icinga-idoutils-debuginfo-1.14.0-3.1 icinga-idoutils-mysql-1.14.0-3.1 icinga-idoutils-oracle-1.14.0-3.1 icinga-idoutils-pgsql-1.14.0-3.1 icinga-plugins-downtimes-1.14.0-3.1 icinga-plugins-eventhandlers-1.14.0-3.1 icinga-www-1.14.0-3.1 icinga-www-config-1.14.0-3.1 icinga-www-debuginfo-1.14.0-3.1 monitoring-tools-1.14.0-3.1 monitoring-tools-debuginfo-1.14.0-3.1 References: https://www.suse.com/security/cve/CVE-2015-8010.html https://www.suse.com/security/cve/CVE-2016-9566.html https://bugzilla.suse.com/1014637 https://bugzilla.suse.com/952777 . An essential update for openSUSE icinga addresses vulnerabilities in cross site scripting and privilege escalation, enhancing security for more reliable operation.. openSUSE Security, icinga update, privilege escalation, Cross Site Scripting, security patches. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Jan 16, 2017 Important OpenSUSE
Banner 2 1028x280 1708121730 1 1771599631
91
Ls Advisories Gentoo Esm H240
Price Tag 1security advisorygentooprivilege escalation

Gentoo: GLSA-201612-51 Normal: Icinga Privilege Escalation Threat

A vulnerability in Icinga could lead to privilege escalation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201612-51 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: Icinga: Privilege escalation Date: December 31, 2016 Bugs: #603534 ID: 201612-51 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability in Icinga could lead to privilege escalation. Background ========= Icinga is an open source computer system and network monitoring application. It was originally created as a fork of the Nagios system monitoring application in 2009. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-analyzer/icinga < 1.13.4 > = 1.13.4 Description ========== Icinga daemon was found to perform unsafe operations when handling the log file. Impact ===== A local attacker, who either is already Icinga's system user or belongs to Icinga's group, could potentially escalate privileges. Workaround ========= There is no known workaround at this time. Resolution ========= All Icinga users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =net-analyzer/icinga-1.13.4" References ========= [ 1 ] CVE-2016-9566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-9566 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201612-51 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuringthe confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2016 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . Gentoo GLSA 202204-17 alerts users about a vulnerability in Nagios allowing unauthorized access. Ensure you update to protect your system from potential threats.. Icinga Privilege Escalation,Gentoo Security Advisory,System Monitoring Vulnerability. . LinuxSecurity.com Team

Calendar 2 Dec 31, 2016 Gentoo
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorydenial of servicedebian

Debian: DSA-2956-1 Critical Icinga Risks: Code Execution and DoS

Multiple security issues have been found in the Icinga host and network monitoring system (buffer overflows, cross-site request forgery, off-by ones) which could result in the execution of arbitrary code, denial of service or session hijacking. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2956-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Moritz Muehlenhoff June 11, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icinga CVE ID : CVE-2013-7106 CVE-2013-7107 CVE-2013-7108 CVE-2014-1878 CVE-2014-2386 Multiple security issues have been found in the Icinga host and network monitoring system (buffer overflows, cross-site request forgery, off-by ones) which could result in the execution of arbitrary code, denial of service or session hijacking. For the stable distribution (wheezy), these problems have been fixed in version 1.7.1-7. For the testing distribution (jessie), these problems have been fixed in version 1.11.0-1. For the unstable distribution (sid), these problems have been fixed in version 1.11.0-1. We recommend that you upgrade your icinga packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Vulnerabilities in Icinga compromise reliability; patches released for Ubuntu. Stay ahead in your infrastructure supervision.. Icinga Security Update, Debian DSA-2956-1, Network Monitoring Issues. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Jun 11, 2014 Critical Debian
Banner 2 1028x280 1708121730 1 1771599631
87
Ls Advisories Debian Esm H240
Price Tag 1security advisorybuffer overflowdebian

Debian: DSA-2653-1 Critical: Icinga Buffer Overflow Remote Threat

It was discovered that Icinga, a host and network monitoring system, contains several buffer overflows in the history.cgi CGI program. For the stable distribution (squeeze), this problem has been fixed in . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2653-1 This email address is being protected from spambots. You need JavaScript enabled to view it. http://www.debian.org/security/ Florian Weimer March 26, 2013 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : icinga Vulnerability : buffer overflow Problem type : remote Debian-specific: no CVE ID : CVE-2012-6096 Debian Bug : 697931 It was discovered that Icinga, a host and network monitoring system, contains several buffer overflows in the history.cgi CGI program. For the stable distribution (squeeze), this problem has been fixed in version 1.0.2-2+squeeze1. For the testing distribution (wheezy), this problem has been fixed in version 1.7.1-5. For the unstable distribution (sid), this problem has been fixed in version 1.7.1-5. We recommend that you upgrade your icinga packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. . Boost Icinga to rectify memory overflow issues found in the history.cgi application, ensuring improved security on Debian platforms.. Icinga, Network Monitoring, Debian Update, Buffer Overflow Fix. . Severity: Critical. LinuxSecurity.com Team

Calendar 2 Mar 26, 2013 Critical Debian
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here