[SECURITY] [DSA 2956-1] icinga security update

2014-06-1114:34:20

lists.debian.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.046 Low

EPSS

Percentile

92.4%

JSON

Debian Security Advisory DSA-2956-1 [email protected]
http://www.debian.org/security/ Moritz Muehlenhoff
June 11, 2014 http://www.debian.org/security/faq

Package : icinga
CVE ID : CVE-2013-7106 CVE-2013-7107 CVE-2013-7108 CVE-2014-1878
CVE-2014-2386

Multiple security issues have been found in the Icinga host and network
monitoring system (buffer overflows, cross-site request forgery, off-by
ones) which could result in the execution of arbitrary code, denial of
service or session hijacking.

For the stable distribution (wheezy), these problems have been fixed in
version 1.7.1-7.

For the testing distribution (jessie), these problems have been fixed in
version 1.11.0-1.

For the unstable distribution (sid), these problems have been fixed in
version 1.11.0-1.

We recommend that you upgrade your icinga packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian7ia64icinga-dbg< 1.7.1-7icinga-dbg_1.7.1-7_ia64.deb
Debian7armhficinga-core< 1.7.1-7icinga-core_1.7.1-7_armhf.deb
Debian6i386icinga-idoutils< 1.0.2-2+squeeze2icinga-idoutils_1.0.2-2+squeeze2_i386.deb
Debian7s390xicinga-cgi< 1.7.1-7icinga-cgi_1.7.1-7_s390x.deb
Debian7kfreebsd-i386icinga-cgi< 1.7.1-7icinga-cgi_1.7.1-7_kfreebsd-i386.deb
Debian7allicinga-doc< 1.7.1-7icinga-doc_1.7.1-7_all.deb
Debian7mipsicinga-core< 1.7.1-7icinga-core_1.7.1-7_mips.deb
Debian7sparcicinga-dbg< 1.7.1-7icinga-dbg_1.7.1-7_sparc.deb
Debian7mipselicinga-cgi< 1.7.1-7icinga-cgi_1.7.1-7_mipsel.deb
Debian7allicinga< 1.7.1-7icinga_1.7.1-7_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	7	ia64	icinga-dbg	< 1.7.1-7	icinga-dbg_1.7.1-7_ia64.deb
Debian	7	armhf	icinga-core	< 1.7.1-7	icinga-core_1.7.1-7_armhf.deb
Debian	6	i386	icinga-idoutils	< 1.0.2-2+squeeze2	icinga-idoutils_1.0.2-2+squeeze2_i386.deb
Debian	7	s390x	icinga-cgi	< 1.7.1-7	icinga-cgi_1.7.1-7_s390x.deb
Debian	7	kfreebsd-i386	icinga-cgi	< 1.7.1-7	icinga-cgi_1.7.1-7_kfreebsd-i386.deb
Debian	7	all	icinga-doc	< 1.7.1-7	icinga-doc_1.7.1-7_all.deb
Debian	7	mips	icinga-core	< 1.7.1-7	icinga-core_1.7.1-7_mips.deb
Debian	7	sparc	icinga-dbg	< 1.7.1-7	icinga-dbg_1.7.1-7_sparc.deb
Debian	7	mipsel	icinga-cgi	< 1.7.1-7	icinga-cgi_1.7.1-7_mipsel.deb
Debian	7	all	icinga	< 1.7.1-7	icinga_1.7.1-7_all.deb