CVSROOT: /cvs
Module name: ports
Changes by: st...@cvs.openbsd.org 2018/03/23 03:31:17
Modified files:
net/icinga/core2: Makefile distinfo
net/icinga/core2/pkg: PLIST-main
Log message:
update to icinga 2.8.2, ok jca@
CVE-2018-6532: By sending specially crafted requests, authenticated and
unauthenticated, an attacker can exhaust a lot of memory on the server
side, triggering the OOM killer.
CVE-2018-6534: By sending specially crafted messages, an attacker can
cause a NULL pointer dereference, which can cause Icinga2 to crash.
CVE-2018-6535: Lack of a constant-time password comparison function can
disclose the password to an attacker.
Detailed write-up and simple crashers for the above at
https://hansmi.ch/articles/2018-03-icinga2-security
(CVE-2017-16933 and CVE-2018-6536 also in this release relate to the
init scripts that we don't use).
