Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 603534 - <net-analyzer/icinga-1.13.4: Root privilege escalation (CVE-2016-9566)
Summary: <net-analyzer/icinga-1.13.4: Root privilege escalation (CVE-2016-9566)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal major (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B1 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2016-12-23 03:05 UTC by Matthew Thode ( prometheanfire )
Modified: 2016-12-31 06:38 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew Thode ( prometheanfire ) archtester Gentoo Infrastructure gentoo-dev Security 2016-12-23 03:05:42 UTC
* Fix possible root privilege escalation during opening logs (CVE-2016-9566) #13709

Icinga is **not** vulnerable to CVE-2016-9565 since we do not provide any PHP
files nor external advertising RSS feeds inside the Classic UI.

I've fast stablized 1.13.4 and 1.14.0 (both have the fix) and cleaned bad packages.

I'll be opening a seperate bug for icingaweb.

Reproducible: Always
Comment 1 Thomas Deutschmann gentoo-dev 2016-12-30 23:43:04 UTC
New GLSA request filed.
Comment 2 GLSAMaker/CVETool Bot gentoo-dev 2016-12-31 06:38:12 UTC
This issue was resolved and addressed in
 GLSA 201612-51 at https://security.gentoo.org/glsa/201612-51
by GLSA coordinator Aaron Bauman (b-man).