Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [SECURITY] [DSA 4747-1] icingaweb2 security update

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [SECURITY] [DSA 4747-1] icingaweb2 security update


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: Moritz Muehlenhoff <jmm AT debian.org>
  • To: debian-security-announce AT lists.debian.org
  • Subject: [IT-SecNots] [SECURITY] [DSA 4747-1] icingaweb2 security update
  • Date: Sun, 23 Aug 2020 20:47:16 +0000
  • List-archive: https://lists.debian.org/msgid-search/20200823204716.GA4474 AT seger.debian.org
  • List-id: <debian-security-announce.lists.debian.org>
  • List-url: <http://lists.debian.org/debian-security-announce/>
  • Old-dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debian.org; s=smtpauto.seger; h=Content-Type:MIME-Version:Message-ID:Subject:To:From: Date:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:Content-Description: In-Reply-To:References; bh=L1kqFUdDEfUii7I+iVxHCfc17KRMCFW95H3yT+GKErQ=; b=Xc UkAG78UWMwct1FEoUTRDmaHi8C/lO/VPrpKaECaJHNeH8f2GO9ZUAY+cLNTitcWfSp9GrxhakwOJ7 6Mxmqln/C+wcZsVvcV29vM9gwcNSwNs7Vlc1gwrjbX2zjZ7CIEcbaqVG1nHVjn/ICRQRpK1/1hH37 bJmfqyst3+Qsvj+QQmIQaYGu3C8Z+U1XHwuAMEOg/PTdCe5TkEv/+d7+Y+TMnVuTPK1mR9TOaVpKy /OR0jZ6qsFPZV8kM5AQb+tCP29aLqAXOv/v+4Z7M5N/UVyCJsdB6CI6Vl7tOl851qG1XnDSUTLP1+ nB5KcdEi72j8cJrVcV1zfqF33D+ts/Lg==;
  • Old-return-path: <jmm AT seger.debian.org>
  • Priority: urgent
  • Resent-date: Sun, 23 Aug 2020 20:47:36 +0000 (UTC)
  • Resent-from: debian-security-announce AT lists.debian.org
  • Resent-message-id: <dXw2HCMcUXO.A.M8H.oXtQfB@bendel>
  • Resent-sender: debian-security-announce-request AT lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4747-1 security AT debian.org
https://www.debian.org/security/ Moritz Muehlenhoff
August 23, 2020 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : icingaweb2
CVE ID : CVE-2020-24368
Debian Bug : 968833

A directory traversal vulnerability was discovered in Icinga Web 2, a
web interface for Icinga, which could result in the disclosure of files
readable by the process.

For the stable distribution (buster), this problem has been fixed in
version 2.6.2-3+deb10u1.

We recommend that you upgrade your icingaweb2 packages.

For the detailed security status of icingaweb2 please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/icingaweb2

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce AT lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl9C1UcACgkQEMKTtsN8
TjZnVBAAnM34kwbiYmSwXha/LnZNJ/k6ceQeTmPmE2IBZy/SJnmsCtEzucKG2p/d
3YPVvocIbGqOW0VJWOe8Kdo+51hVoAYaoCj8fYyf9XFEzUTQHTAkwqKm/DHcTGAH
crzm965nLdmAkEG/BPbxLPPoLGkKiRPQU6VFgP2cNyKtUZ9oRKNabyU/+/GVR/gr
MFmGsAkg3itObuOareDhzQkg7hEGlZbLIOsg10xtCWiGRM4Aw1e6C8HQZ1DlCRXB
w+/196pK0XgkI343EFhFxuuezWm1548p8ABhveGWfgRuPhubYDiw3j2eiulxsqAy
HAbgorldISLCb3q4HJWgWOx6VmvSmGJkisyECYzLqDdDwzcQ+/+allT+GaQ+mGEG
PxMq6AVHk9trum3EU6tvvIHs+auhB45rERsL6Rhw09gdt7YlHcKR7R9jaxtMcVIm
E5rLG32bCay7ynT7z6JP7FzW0DpNMW2fXDPA/x8J+c1rmd0tqke/OYkQ4hiw6muJ
jGoZAHHzj3KcUWIYPins6y7DPwlAFi7I2rnvotxvS9fiXC2Zp4ojq7JHCySgCBSL
nTktCap6XyY5uWowffsXRtLT1pd9uwfGot5fXEMI3Vq5mHzEW4Sw919wYKdOqyyj
n1nR7bFoMLeUvk0B/wN+3nSK97LdOjA6tF5KnQ8zf7WFqzuU8CU=
=M0DY
-----END PGP SIGNATURE-----


  • [IT-SecNots] [SECURITY] [DSA 4747-1] icingaweb2 security update, Moritz Muehlenhoff, 23.08.2020

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang