icinga2-2.15.1-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15644-1 Final 1 1 2025-10-17T00:00:00Z current 2025-10-17T00:00:00Z 2025-10-17T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z icinga2-2.15.1-1.1 on GA media These are all security issues fixed in the icinga2-2.15.1-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15644 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-61907/ SUSE CVE CVE-2025-61907 page https://www.suse.com/security/cve/CVE-2025-61908/ SUSE CVE CVE-2025-61908 page https://www.suse.com/security/cve/CVE-2025-61909/ SUSE CVE CVE-2025-61909 page openSUSE Tumbleweed icinga2-2.15.1-1.1 icinga2-bin-2.15.1-1.1 icinga2-common-2.15.1-1.1 icinga2-doc-2.15.1-1.1 icinga2-ido-mysql-2.15.1-1.1 icinga2-ido-pgsql-2.15.1-1.1 nano-icinga2-2.15.1-1.1 vim-icinga2-2.15.1-1.1 icinga2-2.15.1-1.1 as a component of openSUSE Tumbleweed icinga2-bin-2.15.1-1.1 as a component of openSUSE Tumbleweed icinga2-common-2.15.1-1.1 as a component of openSUSE Tumbleweed icinga2-doc-2.15.1-1.1 as a component of openSUSE Tumbleweed icinga2-ido-mysql-2.15.1-1.1 as a component of openSUSE Tumbleweed icinga2-ido-pgsql-2.15.1-1.1 as a component of openSUSE Tumbleweed nano-icinga2-2.15.1-1.1 as a component of openSUSE Tumbleweed vim-icinga2-2.15.1-1.1 as a component of openSUSE Tumbleweed Icinga 2 is an open source monitoring system. In Icinga 2 versions 2.4 through 2.15.0, filter expressions provided to the various /v1/objects endpoints could access variables or objects that would otherwise be inaccessible for the user. This allows authenticated API users to learn information that should be hidden from them, including global variables not permitted by the variables permission and objects not permitted by the corresponding objects/query permissions. The vulnerability is fixed in versions 2.15.1, 2.14.7, and 2.13.13. CVE-2025-61907 openSUSE Tumbleweed:icinga2-2.15.1-1.1 openSUSE Tumbleweed:icinga2-bin-2.15.1-1.1 openSUSE Tumbleweed:icinga2-common-2.15.1-1.1 openSUSE Tumbleweed:icinga2-doc-2.15.1-1.1 openSUSE Tumbleweed:icinga2-ido-mysql-2.15.1-1.1 openSUSE Tumbleweed:icinga2-ido-pgsql-2.15.1-1.1 openSUSE Tumbleweed:nano-icinga2-2.15.1-1.1 openSUSE Tumbleweed:vim-icinga2-2.15.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-61907.html CVE-2025-61907 https://bugzilla.suse.com/1252261 SUSE Bug 1252261 Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, when creating an invalid reference, such as a reference to null, dereferencing results in a segmentation fault. This can be used by any API user with access to an API endpoint that allows specifying a filter expression to crash the Icinga 2 daemon. A fix is included in the following Icinga 2 versions: 2.15.1, 2.14.7, and 2.13.13. CVE-2025-61908 openSUSE Tumbleweed:icinga2-2.15.1-1.1 openSUSE Tumbleweed:icinga2-bin-2.15.1-1.1 openSUSE Tumbleweed:icinga2-common-2.15.1-1.1 openSUSE Tumbleweed:icinga2-doc-2.15.1-1.1 openSUSE Tumbleweed:icinga2-ido-mysql-2.15.1-1.1 openSUSE Tumbleweed:icinga2-ido-pgsql-2.15.1-1.1 openSUSE Tumbleweed:nano-icinga2-2.15.1-1.1 openSUSE Tumbleweed:vim-icinga2-2.15.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-61908.html CVE-2025-61908 https://bugzilla.suse.com/1252263 SUSE Bug 1252263 Icinga 2 is an open source monitoring system. From 2.10.0 to before 2.15.1, 2.14.7, and 2.13.13, the safe-reload script (also used during systemctl reload icinga2) and logrotate configuration shipped with Icinga 2 read the PID of the main Icinga 2 process from a PID file writable by the daemon user, but send the signal as the root user. This can allow the Icinga user to send signals to processes it would otherwise not permitted to. A fix is included in the following Icinga 2 versions: 2.15.1, 2.14.7, and 2.13.13. CVE-2025-61909 openSUSE Tumbleweed:icinga2-2.15.1-1.1 openSUSE Tumbleweed:icinga2-bin-2.15.1-1.1 openSUSE Tumbleweed:icinga2-common-2.15.1-1.1 openSUSE Tumbleweed:icinga2-doc-2.15.1-1.1 openSUSE Tumbleweed:icinga2-ido-mysql-2.15.1-1.1 openSUSE Tumbleweed:icinga2-ido-pgsql-2.15.1-1.1 openSUSE Tumbleweed:nano-icinga2-2.15.1-1.1 openSUSE Tumbleweed:vim-icinga2-2.15.1-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-61909.html CVE-2025-61909 https://bugzilla.suse.com/1252262 SUSE Bug 1252262