Test ID:	1.3.6.1.4.1.25623.1.0.853553
Category:	SuSE Local Security Checks
Title:	openSUSE: Security Advisory for icinga2 (openSUSE-SU-2020:1820-1)
Summary:	The remote host is missing an update for the 'icinga2'; package(s) announced via the openSUSE-SU-2020:1820-1 advisory.
Description:	Summary: The remote host is missing an update for the 'icinga2' package(s) announced via the openSUSE-SU-2020:1820-1 advisory. Vulnerability Insight: This update for icinga2 fixes the following issues: - Info that since version 2.12.0 following security issue is fixed: prepare-dirs script allows for symlink attack in the icinga user context. boo#1172171 (CVE-2020-14004) Update to 2.12.1: * Bugfixes + Core - Fix crashes during config update #8348 #8345 - Fix crash while removing a downtime #8228 - Ensure the daemon doesn't get killed by logrotate #8170 - Fix hangup during shutdown #8211 - Fix a deadlock in Icinga DB #8168 - Clean up zombie processes during reload #8376 - Reduce check latency #8276 + IDO - Prevent unnecessary IDO updates #8327 #8320 - Commit IDO MySQL transactions earlier #8349 - Make sure to insert IDO program status #8330 - Improve IDO queue stats logging #8271 #8328 #8379 + Misc - Ensure API connections are closed properly #8293 - Prevent unnecessary notifications #8299 - Don't skip null values of command arguments #8174 - Fix Windows .exe version #8234 - Reset Icinga check warning after successful config update #8189 Update to 2.12.0: * Breaking changes - Deprecate Windows plugins in favor of our - PowerShell plugins #8071 - Deprecate Livestatus #8051 - Refuse acknowledging an already acknowledged checkable #7695 - Config lexer: complain on EOF in heredocs, i.e. {{{abc #7541 * Enhancements + Core - Implement new database backend: Icinga DB #7571 - Re-send notifications previously suppressed by their time periods #7816 + API - Host/Service: Add acknowledgement_last_change and next_update attributes #7881 #7534 - Improve error message for POST queries #7681 - /v1/actions/remove-comment: let users specify themselves #7646 - /v1/actions/remove-downtime: let users specify themselves #7645 - /v1/config/stages: Add 'activate' parameter #7535 + CLI - Add pki verify command for better TLS certificate troubleshooting #7843 - Add OpenSSL version to 'Build' section in --version #7833 - Improve experience with 'Node Setup for Agents/Satellite' #7835 + DSL - Add get_template() and get_templates() #7632 - MacroProcessor::ResolveArguments(): skip null argument values #7567 - Fix crash due to dependency apply rule with ignore_on_error and non-existing parent #7538 - Introduce ternary operator (x ? y : z) #7442 - LegacyTimePeriod: support specifying seconds #7439 - Add support for Lambda Closures (() use(x) => x and () use(x) => { return x }) #7417 + ITL - Add notemp parameter to oracle health #7748 - Add extended checks options to snmp-interface command template #7602 - Add file a ... Description truncated. Please see the references for more information. Affected Software/OS: 'icinga2' package(s) on openSUSE Leap 15.2, openSUSE Leap 15.1. Solution: Please install the updated package(s). CVSS Score: 4.6 CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-14004 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2020-14004 https://github.com/Icinga/icinga2/compare/v2.12.0-rc1...master https://github.com/Icinga/icinga2/pull/8045/commits/2f0f2e8c355b75fa4407d23f85feea037d2bc4b6 https://github.com/Icinga/icinga2/releases SuSE Security Announcement: openSUSE-SU-2020:1820 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00014.html
Copyright	Copyright (C) 2020 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.