Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 603534

Summary: <net-analyzer/icinga-1.13.4: Root privilege escalation (CVE-2016-9566)
Product: Gentoo Security Reporter: Matthew Thode ( prometheanfire ) <prometheanfire>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B1 [glsa cve]
Package list:
Runtime testing required: ---

Description Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2016-12-23 03:05:42 UTC 
* Fix possible root privilege escalation during opening logs (CVE-2016-9566) #13709

Icinga is **not** vulnerable to CVE-2016-9565 since we do not provide any PHP
files nor external advertising RSS feeds inside the Classic UI.

I've fast stablized 1.13.4 and 1.14.0 (both have the fix) and cleaned bad packages.

I'll be opening a seperate bug for icingaweb.

Reproducible: Always
Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev 2016-12-30 23:43:04 UTC 
New GLSA request filed.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2016-12-31 06:38:12 UTC 
This issue was resolved and addressed in
 GLSA 201612-51 at https://security.gentoo.org/glsa/201612-51
by GLSA coordinator Aaron Bauman (b-man).