Security update for icinga2 SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:0371-1 Final 1 1 2024-11-21T14:37:13Z current 2024-11-21T14:37:13Z 2024-11-21T14:37:13Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for icinga2 This update for icinga2 fixes the following issues: Update to 2.13.10: - CVE-2024-49369: Fix TLS certificate validation bypass (bsc#1233310). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-2024-371 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WZZJE5TDFJPSAOPLZPWW67EYXT7Z5WA4/ E-Mail link for openSUSE-SU-2024:0371-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1233310 SUSE Bug 1233310 https://www.suse.com/security/cve/CVE-2024-49369/ SUSE CVE CVE-2024-49369 page SUSE Package Hub 15 SP5 openSUSE Leap 15.5 icinga2-2.13.10-bp155.3.3.1 icinga2-bin-2.13.10-bp155.3.3.1 icinga2-common-2.13.10-bp155.3.3.1 icinga2-doc-2.13.10-bp155.3.3.1 icinga2-ido-mysql-2.13.10-bp155.3.3.1 icinga2-ido-pgsql-2.13.10-bp155.3.3.1 nano-icinga2-2.13.10-bp155.3.3.1 vim-icinga2-2.13.10-bp155.3.3.1 icinga2-2.13.10-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 icinga2-bin-2.13.10-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 icinga2-common-2.13.10-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 icinga2-doc-2.13.10-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 icinga2-ido-mysql-2.13.10-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 icinga2-ido-pgsql-2.13.10-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 nano-icinga2-2.13.10-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 vim-icinga2-2.13.10-bp155.3.3.1 as a component of SUSE Package Hub 15 SP5 icinga2-2.13.10-bp155.3.3.1 as a component of openSUSE Leap 15.5 icinga2-bin-2.13.10-bp155.3.3.1 as a component of openSUSE Leap 15.5 icinga2-common-2.13.10-bp155.3.3.1 as a component of openSUSE Leap 15.5 icinga2-doc-2.13.10-bp155.3.3.1 as a component of openSUSE Leap 15.5 icinga2-ido-mysql-2.13.10-bp155.3.3.1 as a component of openSUSE Leap 15.5 icinga2-ido-pgsql-2.13.10-bp155.3.3.1 as a component of openSUSE Leap 15.5 nano-icinga2-2.13.10-bp155.3.3.1 as a component of openSUSE Leap 15.5 vim-icinga2-2.13.10-bp155.3.3.1 as a component of openSUSE Leap 15.5 Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12. CVE-2024-49369 SUSE Package Hub 15 SP5:icinga2-2.13.10-bp155.3.3.1 SUSE Package Hub 15 SP5:icinga2-bin-2.13.10-bp155.3.3.1 SUSE Package Hub 15 SP5:icinga2-common-2.13.10-bp155.3.3.1 SUSE Package Hub 15 SP5:icinga2-doc-2.13.10-bp155.3.3.1 SUSE Package Hub 15 SP5:icinga2-ido-mysql-2.13.10-bp155.3.3.1 SUSE Package Hub 15 SP5:icinga2-ido-pgsql-2.13.10-bp155.3.3.1 SUSE Package Hub 15 SP5:nano-icinga2-2.13.10-bp155.3.3.1 SUSE Package Hub 15 SP5:vim-icinga2-2.13.10-bp155.3.3.1 openSUSE Leap 15.5:icinga2-2.13.10-bp155.3.3.1 openSUSE Leap 15.5:icinga2-bin-2.13.10-bp155.3.3.1 openSUSE Leap 15.5:icinga2-common-2.13.10-bp155.3.3.1 openSUSE Leap 15.5:icinga2-doc-2.13.10-bp155.3.3.1 openSUSE Leap 15.5:icinga2-ido-mysql-2.13.10-bp155.3.3.1 openSUSE Leap 15.5:icinga2-ido-pgsql-2.13.10-bp155.3.3.1 openSUSE Leap 15.5:nano-icinga2-2.13.10-bp155.3.3.1 openSUSE Leap 15.5:vim-icinga2-2.13.10-bp155.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/WZZJE5TDFJPSAOPLZPWW67EYXT7Z5WA4/ https://www.suse.com/security/cve/CVE-2024-49369.html CVE-2024-49369 https://bugzilla.suse.com/1233310 SUSE Bug 1233310