603534 – <net-analyzer/icinga-1.13.4: Root privilege escalation (CVE-2016-9566)

Bug 603534 - <net-analyzer/icinga-1.13.4: Root privilege escalation (CVE-2016-9566)

Summary: <net-analyzer/icinga-1.13.4: Root privilege escalation (CVE-2016-9566)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal major (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	B1 [glsa cve]
Keywords:

Depends on:
Blocks:

Reported:	2016-12-23 03:05 UTC by Matthew Thode ( prometheanfire )
Modified:	2016-12-31 06:38 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Matthew Thode ( prometheanfire ) archtester

2016-12-23 03:05:42 UTC

* Fix possible root privilege escalation during opening logs (CVE-2016-9566) #13709

Icinga is **not** vulnerable to CVE-2016-9565 since we do not provide any PHP
files nor external advertising RSS feeds inside the Classic UI.

I've fast stablized 1.13.4 and 1.14.0 (both have the fix) and cleaned bad packages.

I'll be opening a seperate bug for icingaweb.

Reproducible: Always

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2016-12-30 23:43:04 UTC

New GLSA request filed.

Comment 2 GLSAMaker/CVETool Bot gentoo-dev

2016-12-31 06:38:12 UTC

This issue was resolved and addressed in
 GLSA 201612-51 at https://security.gentoo.org/glsa/201612-51
by GLSA coordinator Aaron Bauman (b-man).