icinga-1.13.3-2.4 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10182 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z icinga-1.13.3-2.4 on GA media These are all security issues fixed in the icinga-1.13.3-2.4 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10182 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10182 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2012-6096/ SUSE CVE CVE-2012-6096 page https://www.suse.com/security/cve/CVE-2013-7107/ SUSE CVE CVE-2013-7107 page https://www.suse.com/security/cve/CVE-2013-7108/ SUSE CVE CVE-2013-7108 page https://www.suse.com/security/cve/CVE-2014-2386/ SUSE CVE CVE-2014-2386 page openSUSE Tumbleweed icinga-1.13.3-2.4 icinga-devel-1.13.3-2.4 icinga-doc-1.13.3-2.4 icinga-idoutils-1.13.3-2.4 icinga-idoutils-mysql-1.13.3-2.4 icinga-idoutils-oracle-1.13.3-2.4 icinga-idoutils-pgsql-1.13.3-2.4 icinga-plugins-downtimes-1.13.3-2.4 icinga-plugins-eventhandlers-1.13.3-2.4 icinga-www-1.13.3-2.4 icinga-www-config-1.13.3-2.4 monitoring-tools-1.13.3-2.4 icinga-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-devel-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-doc-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-idoutils-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-idoutils-mysql-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-idoutils-oracle-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-idoutils-pgsql-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-plugins-downtimes-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-plugins-eventhandlers-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-www-1.13.3-2.4 as a component of openSUSE Tumbleweed icinga-www-config-1.13.3-2.4 as a component of openSUSE Tumbleweed monitoring-tools-1.13.3-2.4 as a component of openSUSE Tumbleweed Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow remote attackers to execute arbitrary code via a long (1) host_name variable (host parameter) or (2) svc_description variable. CVE-2012-6096 openSUSE Tumbleweed:icinga-1.13.3-2.4 openSUSE Tumbleweed:icinga-devel-1.13.3-2.4 openSUSE Tumbleweed:icinga-doc-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-mysql-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-oracle-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-pgsql-1.13.3-2.4 openSUSE Tumbleweed:icinga-plugins-downtimes-1.13.3-2.4 openSUSE Tumbleweed:icinga-plugins-eventhandlers-1.13.3-2.4 openSUSE Tumbleweed:icinga-www-1.13.3-2.4 openSUSE Tumbleweed:icinga-www-config-1.13.3-2.4 openSUSE Tumbleweed:monitoring-tools-1.13.3-2.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2012-6096.html CVE-2012-6096 https://bugzilla.suse.com/797237 SUSE Bug 797237 Cross-site request forgery (CSRF) vulnerability in cmd.cgi in Icinga 1.8.5, 1.9.4, 1.10.2, and earlier allows remote attackers to hijack the authentication of users for unspecified commands via unspecified vectors, as demonstrated by bypassing authentication requirements for CVE-2013-7106. CVE-2013-7107 openSUSE Tumbleweed:icinga-1.13.3-2.4 openSUSE Tumbleweed:icinga-devel-1.13.3-2.4 openSUSE Tumbleweed:icinga-doc-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-mysql-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-oracle-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-pgsql-1.13.3-2.4 openSUSE Tumbleweed:icinga-plugins-downtimes-1.13.3-2.4 openSUSE Tumbleweed:icinga-plugins-eventhandlers-1.13.3-2.4 openSUSE Tumbleweed:icinga-www-1.13.3-2.4 openSUSE Tumbleweed:icinga-www-config-1.13.3-2.4 openSUSE Tumbleweed:monitoring-tools-1.13.3-2.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-7107.html CVE-2013-7107 https://bugzilla.suse.com/859424 SUSE Bug 859424 Multiple off-by-one errors in Nagios Core 3.5.1, 4.0.2, and earlier, and Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to obtain sensitive information from process memory or cause a denial of service (crash) via a long string in the last key value in the variable list to the process_cgivars function in (1) avail.c, (2) cmd.c, (3) config.c, (4) extinfo.c, (5) histogram.c, (6) notifications.c, (7) outages.c, (8) status.c, (9) statusmap.c, (10) summary.c, and (11) trends.c in cgi/, which triggers a heap-based buffer over-read. CVE-2013-7108 openSUSE Tumbleweed:icinga-1.13.3-2.4 openSUSE Tumbleweed:icinga-devel-1.13.3-2.4 openSUSE Tumbleweed:icinga-doc-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-mysql-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-oracle-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-pgsql-1.13.3-2.4 openSUSE Tumbleweed:icinga-plugins-downtimes-1.13.3-2.4 openSUSE Tumbleweed:icinga-plugins-eventhandlers-1.13.3-2.4 openSUSE Tumbleweed:icinga-www-1.13.3-2.4 openSUSE Tumbleweed:icinga-www-config-1.13.3-2.4 openSUSE Tumbleweed:monitoring-tools-1.13.3-2.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2013-7108.html CVE-2013-7108 https://bugzilla.suse.com/856837 SUSE Bug 856837 Multiple off-by-one errors in Icinga, possibly 1.10.2 and earlier, allow remote attackers to cause a denial of service (crash) via unspecified vectors to the (1) display_nav_table, (2) print_export_link, (3) page_num_selector, or (4) page_limit_selector function in cgi/cgiutils.c or (5) status_page_num_selector function in cgi/status.c, which triggers a stack-based buffer overflow. CVE-2014-2386 openSUSE Tumbleweed:icinga-1.13.3-2.4 openSUSE Tumbleweed:icinga-devel-1.13.3-2.4 openSUSE Tumbleweed:icinga-doc-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-mysql-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-oracle-1.13.3-2.4 openSUSE Tumbleweed:icinga-idoutils-pgsql-1.13.3-2.4 openSUSE Tumbleweed:icinga-plugins-downtimes-1.13.3-2.4 openSUSE Tumbleweed:icinga-plugins-eventhandlers-1.13.3-2.4 openSUSE Tumbleweed:icinga-www-1.13.3-2.4 openSUSE Tumbleweed:icinga-www-config-1.13.3-2.4 openSUSE Tumbleweed:monitoring-tools-1.13.3-2.4 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-2386.html CVE-2014-2386 https://bugzilla.suse.com/868426 SUSE Bug 868426