blob: 402a15f44e977054c15ea3d5fd1993bf801a2e43 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
2.10.4-1
- New upstream version 2.10.4
2.10.3-1
- New upstream version 2.10.3
2.10.2-1
- New upstream version 2.10.2
2.10.1-1
- New upstream version 2.10.1
2.10.0-1
- New upstream version 2.10.0
- Some path constants changed in the config (should be backwards-compatible)
- "namespace" and "using" are now reserved keywords in the config
- Some configuration errors are now fatal
- For details, see
https://icinga.com/docs/icinga2/latest/doc/16-upgrading-icinga-2/#upgrading-to-v210
2.9.1-1
- New upstream version 2.9.1
2.9.0-1
- New upstream version 2.9.0
- Icinga Studio was removed from upstream
- The package is no longer a split package as most of the libs are now linked
into the icinga2 binary
2.8.2-1
- New upstream version 2.8.2, including security fixes for:
- CVE-2017-16933: chmod on user-writable symlinks, allowing privilege
escalation.
- CVE-2018-6532: Denial of service by memory exhaustion if the API
component is enabled.
- CVE-2018-6533: Possible privilege escalation via init.conf.
- CVE-2018-6534: Denial of service due to a NULL pointer dereference.
- CVE-2018-6535: API lacks a constant-time password comparison.
- CVE-2018-6536: (not affected when using systemd) The init.d script kills
a PID supplied by the icinga user as root.
- As the update removes /etc/icinga2/init.conf, you have to update
/etc/default/icinga2 if you changed the user or group in init.conf.
|