diff options
author | Julian Brost | 2018-03-22 17:04:28 +0100 |
---|---|---|
committer | Julian Brost | 2018-03-22 17:04:28 +0100 |
commit | 97184584a2d6fe8e5bfc5526f87550bd084af4b4 (patch) | |
tree | 5108202b8a114d75bfd6b53026a8a15bcb286fa0 /icinga2.changelog | |
parent | a846332c30fd86128aa430e65ad4ba7c492e1229 (diff) | |
download | aur-97184584a2d6fe8e5bfc5526f87550bd084af4b4.tar.gz |
new version 2.8.2-1
Diffstat (limited to 'icinga2.changelog')
-rw-r--r-- | icinga2.changelog | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/icinga2.changelog b/icinga2.changelog new file mode 100644 index 000000000000..01db0bc094e0 --- /dev/null +++ b/icinga2.changelog @@ -0,0 +1,13 @@ +2.8.2-1 + - New upstream version 2.8.2, including security fixes for: + - CVE-2017-16933: chmod on user-writable symlinks, allowing privilege + escalation. + - CVE-2018-6532: Denial of service by memory exhaustion if the API + component is enabled. + - CVE-2018-6533: Possible privilege escalation via init.conf. + - CVE-2018-6534: Denial of service due to a NULL pointer dereference. + - CVE-2018-6535: API lacks a constant-time password comparison. + - CVE-2018-6536: (not affected when using systemd) The init.d script kills + a PID supplied by the icinga user as root. + - As the update removes /etc/icinga2/init.conf, you have to update + /etc/default/icinga2 if you changed the user or group in init.conf. |