An update that solves 5 vulnerabilities and has one errata
is now available.
Description:
This update for icingaweb2 to version 2.7.3 fixes the following issues:
icingaweb2 update to 2.7.3:
icingaweb2 update to 2.7.2:
icingaweb2 update to 2.7.1:
icingaweb2 update to 2.7.0:
icingaweb2 update to 2.6.3:
icingaweb2 update to 2.6.2:
You can find issues and features related to this release on our Roadmap.
This bugfix release addresses the following topics:
Fix security issues:
CVE-2018-18246: fixed an CSRF in moduledisable (boo#1119784)
CVE-2018-18247: fixed an XSS via /icingaweb2/navigation/add (boo#1119785)
CVE-2018-18248: fixed an XSS attack is possible via query strings or a
dir parameter (boo#1119801)
CVE-2018-18249: fixed an injection of PHP ini-file directives involves
environment variables as channel to send out information (boo#1119799)
CVE-2018-18250: fixed parameters that can break navigation dashlets
(boo#1119800)
Remove setuid from new upstream spec file for following dirs:
/etc/icingaweb2, /etc/icingaweb/modules, /etc/icingaweb2/modules/setup,
/etc/icingaweb2/modules/translation, /var/log/icingaweb2
icingaweb2 updated to 2.6.1:
icingaweb2 was updated to 2.6.0:
You can find issues and features related to this release on our Roadmap.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.1:
zypper in -t patch openSUSE-2020-67=1
openSUSE Leap 15.0:
zypper in -t patch openSUSE-2020-67=1
openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-67=1
openSUSE Backports SLE-15:
zypper in -t patch openSUSE-2020-67=1
SUSE Package Hub for SUSE Linux Enterprise 12:
zypper in -t patch openSUSE-2020-67=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.1 | noarch | < - openSUSE Leap 15.1 (noarch): | - openSUSE Leap 15.1 (noarch):.noarch.rpm | |
openSUSE Leap | 15.0 | noarch | < - openSUSE Leap 15.0 (noarch): | - openSUSE Leap 15.0 (noarch):.noarch.rpm | |
openSUSE Backports SLE | 15-SP1 | noarch | - opensuse backports sle | < 15-SP1 (noarch): | - openSUSE Backports SLE-15-SP1 (noarch):.noarch.rpm |
openSUSE Backports SLE | 15 | noarch | < openSUSE Backports SLE-15 (noarch): | - openSUSE Backports SLE-15 (noarch):.noarch.rpm | |
SUSE Package Hub for SUSE Linux Enterprise | 12 | noarch | < - SUSE Package Hub for SUSE Linux Enterprise 12 (noarch): | - SUSE Package Hub for SUSE Linux Enterprise 12 (noarch):.noarch.rpm |