new version 2.8.2-1

author: Julian Brost 2018-03-22 17:04:28 +0100
committer: Julian Brost 2018-03-22 17:04:28 +0100
commit: 97184584a2d6fe8e5bfc5526f87550bd084af4b4 (patch)
tree: 5108202b8a114d75bfd6b53026a8a15bcb286fa0 /icinga2.changelog
parent: a846332c30fd86128aa430e65ad4ba7c492e1229 (diff)
download: aur-97184584a2d6fe8e5bfc5526f87550bd084af4b4.tar.gz
1 files changed, 13 insertions, 0 deletions
diff --git a/icinga2.changelog b/icinga2.changelog
new file mode 100644
index 000000000000..01db0bc094e0
--- /dev/null
+++ b/icinga2.changelog
@@ -0,0 +1,13 @@
+2.8.2-1
+  - New upstream version 2.8.2, including security fixes for:
+    - CVE-2017-16933: chmod on user-writable symlinks, allowing privilege
+      escalation.
+    - CVE-2018-6532: Denial of service by memory exhaustion if the API
+      component is enabled.
+    - CVE-2018-6533: Possible privilege escalation via init.conf.
+    - CVE-2018-6534: Denial of service due to a NULL pointer dereference.
+    - CVE-2018-6535: API lacks a constant-time password comparison.
+    - CVE-2018-6536: (not affected when using systemd) The init.d script kills
+      a PID supplied by the icinga user as root.
+  - As the update removes /etc/icinga2/init.conf, you have to update
+    /etc/default/icinga2 if you changed the user or group in init.conf.
author	Julian Brost	2018-03-22 17:04:28 +0100
committer	Julian Brost	2018-03-22 17:04:28 +0100
commit	97184584a2d6fe8e5bfc5526f87550bd084af4b4 (patch)
tree	5108202b8a114d75bfd6b53026a8a15bcb286fa0 /icinga2.changelog
parent	a846332c30fd86128aa430e65ad4ba7c492e1229 (diff)
download	aur-97184584a2d6fe8e5bfc5526f87550bd084af4b4.tar.gz