Package: icinga2 Version: None X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security
Hi, the following vulnerability was published for icinga2. CVE-2017-16933: | etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.0 has a chown | call for a filename in a user-writable directory, which allows local | users to gain privileges by leveraging access to the $ICINGA2_USER | account for creation of a link. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: https://security-tracker.debian.org/tracker/CVE-2017-16933 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16933 https://github.com/Icinga/icinga2/issues/5793 Please adjust the affected versions in the BTS as needed. -- Henri Salo
signature.asc
Description: PGP signature