openSUSE Security Update : icinga (openSUSE-2017-100)
High Nessus Plugin ID 96545
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for icinga includes various upstream fixes and the following security security fixes :
- icinga was updated to version 1.14.0
- the classic-UI was vulnerable to a cross site scripting attack (CVE-2015-8010, boo#952777)
- A user with nagios privileges could have gained root privileges by placing a symbolic link at the logfile location (CVE-2016-9566, boo#1014637)
SolutionUpdate the affected icinga packages.