openSUSE-SU-2022:0097-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2022:0097-1.json
JSON Data
https://api.test.osv.dev/v1/vulns/openSUSE-SU-2022:0097-1
Related
Published
2022-03-31T08:41:15Z
Modified
2022-03-31T08:41:15Z
Summary
Security update for icingaweb2
Details

This update for icingaweb2 fixes the following issues:

icingaweb2 was updated to 2.8.6

This is a security release.

  • Security Fixes

  • CVE-2022-24715: SSH resources allow arbitrary code execution for authenticated users (GHSA-v9mv-h52f-7g63 boo#1196911)

  • CVE-2022-24714: Unwanted disclosure of hosts and related data, linked to decommissioned services (GHSA-qcmg-vr56-x9wf boo#1196913)
References

Affected packages

SUSE:Package Hub 15 SP3 / icingaweb2

Package

Name
icingaweb2
Purl
pkg:rpm/suse/icingaweb2&distro=SUSE%20Package%20Hub%2015%20SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.6-bp153.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "icingaweb2-common": "2.8.6-bp153.2.3.1",
            "icingaweb2-vendor-HTMLPurifier": "2.8.6-bp153.2.3.1",
            "php-Icinga": "2.8.6-bp153.2.3.1",
            "icingacli": "2.8.6-bp153.2.3.1",
            "icingaweb2-vendor-JShrink": "2.8.6-bp153.2.3.1",
            "icingaweb2-vendor-lessphp": "2.8.6-bp153.2.3.1",
            "icingaweb2-vendor-Parsedown": "2.8.6-bp153.2.3.1",
            "icingaweb2": "2.8.6-bp153.2.3.1",
            "icingaweb2-vendor-dompdf": "2.8.6-bp153.2.3.1",
            "icingaweb2-vendor-zf1": "2.8.6-bp153.2.3.1"
        }
    ]
}

openSUSE:Leap 15.3 / icingaweb2

Package

Name
icingaweb2
Purl
pkg:rpm/opensuse/icingaweb2&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.8.6-bp153.2.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "icingaweb2-common": "2.8.6-bp153.2.3.1",
            "icingaweb2-vendor-HTMLPurifier": "2.8.6-bp153.2.3.1",
            "php-Icinga": "2.8.6-bp153.2.3.1",
            "icingacli": "2.8.6-bp153.2.3.1",
            "icingaweb2-vendor-JShrink": "2.8.6-bp153.2.3.1",
            "icingaweb2-vendor-lessphp": "2.8.6-bp153.2.3.1",
            "icingaweb2-vendor-Parsedown": "2.8.6-bp153.2.3.1",
            "icingaweb2": "2.8.6-bp153.2.3.1",
            "icingaweb2-vendor-dompdf": "2.8.6-bp153.2.3.1",
            "icingaweb2-vendor-zf1": "2.8.6-bp153.2.3.1"
        }
    ]
}