Security update for icinga2 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02783-1 Final 1 1 2025-08-13T08:53:45Z current 2025-08-13T08:53:45Z 2025-08-13T08:53:45Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for icinga2 This update for icinga2 fixes the following issues: - CVE-2025-48057: A certificate incorrectly treated as valid can allow an attacker to impersonate a trusted node (bsc#1243747). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-2783,SUSE-SLE-Module-HPC-12-2025-2783 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502783-1/ Link for SUSE-SU-2025:02783-1 https://lists.suse.com/pipermail/sle-updates/2025-August/041198.html E-Mail link for SUSE-SU-2025:02783-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1243747 SUSE Bug 1243747 https://www.suse.com/security/cve/CVE-2025-48057/ SUSE CVE CVE-2025-48057 page SUSE Linux Enterprise Module for HPC 12 icinga2-2.8.2-3.11.2 icinga2-bin-2.8.2-3.11.2 icinga2-common-2.8.2-3.11.2 icinga2-doc-2.8.2-3.11.2 icinga2-ido-mysql-2.8.2-3.11.2 icinga2-ido-pgsql-2.8.2-3.11.2 icinga2-libs-2.8.2-3.11.2 nano-icinga2-2.8.2-3.11.2 vim-icinga2-2.8.2-3.11.2 icinga2-2.8.2-3.11.2 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-bin-2.8.2-3.11.2 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-common-2.8.2-3.11.2 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-doc-2.8.2-3.11.2 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-ido-mysql-2.8.2-3.11.2 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-ido-pgsql-2.8.2-3.11.2 as a component of SUSE Linux Enterprise Module for HPC 12 icinga2-libs-2.8.2-3.11.2 as a component of SUSE Linux Enterprise Module for HPC 12 vim-icinga2-2.8.2-3.11.2 as a component of SUSE Linux Enterprise Module for HPC 12 Icinga 2 is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. Prior to versions 2.12.12, 2.13.12, and 2.14.6, the VerifyCertificate() function can be tricked into incorrectly treating certificates as valid. This allows an attacker to send a malicious certificate request that is then treated as a renewal of an already existing certificate, resulting in the attacker obtaining a valid certificate that can be used to impersonate trusted nodes. This only occurs when Icinga 2 is built with OpenSSL older than version 1.1.0. This issue has been patched in versions 2.12.12, 2.13.12, and 2.14.6. CVE-2025-48057 SUSE Linux Enterprise Module for HPC 12:icinga2-2.8.2-3.11.2 SUSE Linux Enterprise Module for HPC 12:icinga2-bin-2.8.2-3.11.2 SUSE Linux Enterprise Module for HPC 12:icinga2-common-2.8.2-3.11.2 SUSE Linux Enterprise Module for HPC 12:icinga2-doc-2.8.2-3.11.2 SUSE Linux Enterprise Module for HPC 12:icinga2-ido-mysql-2.8.2-3.11.2 SUSE Linux Enterprise Module for HPC 12:icinga2-ido-pgsql-2.8.2-3.11.2 SUSE Linux Enterprise Module for HPC 12:icinga2-libs-2.8.2-3.11.2 SUSE Linux Enterprise Module for HPC 12:vim-icinga2-2.8.2-3.11.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502783-1/ https://www.suse.com/security/cve/CVE-2025-48057.html CVE-2025-48057 https://bugzilla.suse.com/1243747 SUSE Bug 1243747