icinga2-2.14.6-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15180-1 Final 1 1 2025-05-30T00:00:00Z current 2025-05-30T00:00:00Z 2025-05-30T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z icinga2-2.14.6-1.1 on GA media These are all security issues fixed in the icinga2-2.14.6-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15180 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PMOYZI6ZEZAH5LWUMEKA4PQC52MM7SME/ E-Mail link for openSUSE-SU-2025:15180-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-48057/ SUSE CVE CVE-2025-48057 page openSUSE Tumbleweed icinga2-2.14.6-1.1 icinga2-bin-2.14.6-1.1 icinga2-common-2.14.6-1.1 icinga2-doc-2.14.6-1.1 icinga2-ido-mysql-2.14.6-1.1 icinga2-ido-pgsql-2.14.6-1.1 nano-icinga2-2.14.6-1.1 vim-icinga2-2.14.6-1.1 icinga2-2.14.6-1.1 as a component of openSUSE Tumbleweed icinga2-bin-2.14.6-1.1 as a component of openSUSE Tumbleweed icinga2-common-2.14.6-1.1 as a component of openSUSE Tumbleweed icinga2-doc-2.14.6-1.1 as a component of openSUSE Tumbleweed icinga2-ido-mysql-2.14.6-1.1 as a component of openSUSE Tumbleweed icinga2-ido-pgsql-2.14.6-1.1 as a component of openSUSE Tumbleweed nano-icinga2-2.14.6-1.1 as a component of openSUSE Tumbleweed vim-icinga2-2.14.6-1.1 as a component of openSUSE Tumbleweed Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can be used to impersonate trusted nodes. This only occurs when Icinga 2 is built with OpenSSL older than version 1.1.0. This issue has been patched in versions 2.12.12, 2.13.12, and 2.14.6. CVE-2025-48057 openSUSE Tumbleweed:icinga2-2.14.6-1.1 openSUSE Tumbleweed:icinga2-bin-2.14.6-1.1 openSUSE Tumbleweed:icinga2-common-2.14.6-1.1 openSUSE Tumbleweed:icinga2-doc-2.14.6-1.1 openSUSE Tumbleweed:icinga2-ido-mysql-2.14.6-1.1 openSUSE Tumbleweed:icinga2-ido-pgsql-2.14.6-1.1 openSUSE Tumbleweed:nano-icinga2-2.14.6-1.1 openSUSE Tumbleweed:vim-icinga2-2.14.6-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PMOYZI6ZEZAH5LWUMEKA4PQC52MM7SME/ https://www.suse.com/security/cve/CVE-2025-48057.html CVE-2025-48057 https://bugzilla.suse.com/1243747 SUSE Bug 1243747