– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\nGentoo Linux Security Advisory GLSA 202208-05
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
\nhttps:\/\/security.gentoo.org\/
\n– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/p>\n
Severity: High
\nTitle: Icinga Web 2: Multiple Vulnerabilities
\nDate: August 04, 2022
\nBugs: #738024, #834802
\nID: 202208-05<\/p>\n
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –<\/p>\n
Synopsis
\n=======
\nMultiple vulnerabilities have been found in Icinga Web 2, the worst of
\nwhich could result in remote code execution.<\/p>\n
Background
\n=========
\nIcinga Web 2 is a frontend for icinga2.<\/p>\n
Affected packages
\n================
\n——————————————————————-
\nPackage \/ Vulnerable \/ Unaffected
\n——————————————————————-
\n1 www-apps\/icingaweb2 < 2.9.6 >= 2.9.6<\/p>\n
Description
\n==========
\nMultiple vulnerabilities have been discovered in Icinga Web 2. Please
\nreview the CVE identifiers referenced below for details.<\/p>\n
Impact
\n=====
\nPlease review the referenced CVE identifiers for details.<\/p>\n
Workaround
\n=========
\nThere is no known workaround at this time.<\/p>\n
Resolution
\n=========
\nAll Icinga Web 2 users should upgrade to the latest version:<\/p>\n
# emerge –sync
\n# emerge –ask –oneshot –verbose “>=www-apps\/icingaweb2-2.9.6”<\/p>\n
References
\n=========
\n[ 1 ] CVE-2020-24368
\nhttps:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2020-24368
\n[ 2 ] CVE-2022-24714
\nhttps:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-24714
\n[ 3 ] CVE-2022-24715
\nhttps:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-24715
\n[ 4 ] CVE-2022-24716
\nhttps:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-24716<\/p>\n
Availability
\n===========
\nThis GLSA and any updates to it are available for viewing at
\nthe Gentoo Security Website:<\/p>\n
https:\/\/security.gentoo.org\/glsa\/202208-05<\/p>\n
Concerns?
\n========
\nSecurity is a primary focus of Gentoo Linux and ensuring the
\nconfidentiality and security of our users’ machines is of utmost
\nimportance to us. Any security concerns should be addressed to
\nsecurity@gentoo.org or alternatively, you may file a bug at
\nhttps:\/\/bugs.gentoo.org.<\/p>\n
License
\n======
\nCopyright 2022 Gentoo Foundation, Inc; referenced text
\nbelongs to its owner(s).<\/p>\n
The contents of this document are licensed under the
\nCreative Commons – Attribution \/ Share Alike license.<\/p>\n
https:\/\/creativecommons.org\/licenses\/by-sa\/2.5<\/p>\n","protected":false},"excerpt":{"rendered":"
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Gentoo Linux Security Advisory GLSA 202208-05 – – – – – – – – – – – – – …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-28932","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/28932","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=28932"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/28932\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=28932"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=28932"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=28932"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}