icinga2-2.14.3-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14493-1 Final 1 1 2024-11-14T00:00:00Z current 2024-11-14T00:00:00Z 2024-11-14T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z icinga2-2.14.3-1.1 on GA media These are all security issues fixed in the icinga2-2.14.3-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14493 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRICGA55WXXGHCSKSOD24SNS4LQXWB65/ E-Mail link for openSUSE-SU-2024:14493-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-49369/ SUSE CVE CVE-2024-49369 page openSUSE Tumbleweed icinga2-2.14.3-1.1 icinga2-bin-2.14.3-1.1 icinga2-common-2.14.3-1.1 icinga2-doc-2.14.3-1.1 icinga2-ido-mysql-2.14.3-1.1 icinga2-ido-pgsql-2.14.3-1.1 nano-icinga2-2.14.3-1.1 vim-icinga2-2.14.3-1.1 icinga2-2.14.3-1.1 as a component of openSUSE Tumbleweed icinga2-bin-2.14.3-1.1 as a component of openSUSE Tumbleweed icinga2-common-2.14.3-1.1 as a component of openSUSE Tumbleweed icinga2-doc-2.14.3-1.1 as a component of openSUSE Tumbleweed icinga2-ido-mysql-2.14.3-1.1 as a component of openSUSE Tumbleweed icinga2-ido-pgsql-2.14.3-1.1 as a component of openSUSE Tumbleweed nano-icinga2-2.14.3-1.1 as a component of openSUSE Tumbleweed vim-icinga2-2.14.3-1.1 as a component of openSUSE Tumbleweed Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted cluster nodes as well as any API users that use TLS client certificates for authentication (ApiUser objects with the client_cn attribute set). This vulnerability has been fixed in v2.14.3, v2.13.10, v2.12.11, and v2.11.12. CVE-2024-49369 openSUSE Tumbleweed:icinga2-2.14.3-1.1 openSUSE Tumbleweed:icinga2-bin-2.14.3-1.1 openSUSE Tumbleweed:icinga2-common-2.14.3-1.1 openSUSE Tumbleweed:icinga2-doc-2.14.3-1.1 openSUSE Tumbleweed:icinga2-ido-mysql-2.14.3-1.1 openSUSE Tumbleweed:icinga2-ido-pgsql-2.14.3-1.1 openSUSE Tumbleweed:nano-icinga2-2.14.3-1.1 openSUSE Tumbleweed:vim-icinga2-2.14.3-1.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BRICGA55WXXGHCSKSOD24SNS4LQXWB65/ https://www.suse.com/security/cve/CVE-2024-49369.html CVE-2024-49369 https://bugzilla.suse.com/1233310 SUSE Bug 1233310