Your message dated Tue, 01 May 2018 21:42:21 +0000 with message-id <e1fdd2t-000hkd...@fasolo.debian.org> and subject line Bug#883247: fixed in icinga2 2.8.4-1~exp1 has caused the Debian Bug report #883247, regarding CVE-2017-16933: icinga2: root privilege escalation via prepare-dirs to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 883247: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883247 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: icinga2 Version: None X-Debbugs-CC: t...@security.debian.org secure-testing-t...@lists.alioth.debian.org Severity: grave Tags: security Hi, the following vulnerability was published for icinga2. CVE-2017-16933: | etc/initsystem/prepare-dirs in Icinga 2.x through 2.8.0 has a chown | call for a filename in a user-writable directory, which allows local | users to gain privileges by leveraging access to the $ICINGA2_USER | account for creation of a link. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: https://security-tracker.debian.org/tracker/CVE-2017-16933 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16933 https://github.com/Icinga/icinga2/issues/5793 Please adjust the affected versions in the BTS as needed. -- Henri Salo
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---Source: icinga2 Source-Version: 2.8.4-1~exp1 We believe that the bug you reported is fixed in the latest version of icinga2, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 883...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Bas Couwenberg <sebas...@debian.org> (supplier of updated icinga2 package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 01 May 2018 20:38:14 +0200 Source: icinga2 Binary: icinga2 icinga2-common icinga2-bin icinga2-doc icinga2-classicui icinga2-ido-mysql icinga2-ido-pgsql libicinga2 icinga2-studio vim-icinga2 Architecture: source amd64 all Version: 2.8.4-1~exp1 Distribution: experimental Urgency: medium Maintainer: Debian Nagios Maintainer Group <pkg-nagios-de...@lists.alioth.debian.org> Changed-By: Bas Couwenberg <sebas...@debian.org> Description: icinga2 - host and network monitoring system icinga2-bin - host and network monitoring system - daemon icinga2-classicui - host and network monitoring system - classic UI icinga2-common - host and network monitoring system - common files icinga2-doc - host and network monitoring system - documentation icinga2-ido-mysql - host and network monitoring system - MySQL support icinga2-ido-pgsql - host and network monitoring system - PostgreSQL support icinga2-studio - host and network monitoring system - studio API GUI libicinga2 - host and network monitoring system - internal libraries vim-icinga2 - syntax highlighting for Icinga 2 config files in VIM Closes: 883247 891333 897301 Changes: icinga2 (2.8.4-1~exp1) experimental; urgency=medium . * Team upload. . [ Bas Couwenberg ] * New upstream release. - CVEs fixes in 2.8.2: CVE-2017-16933, CVE-2018-6532, CVE-2018-6533, CVE-2018-6534, CVE-2018-6535, CVE-2018-6536 (closes: #897301, #891333, #883247) * Add gbp.conf to use pristine-tar by default. * Update copyright file, changes: - Update copyright years for Icinga Development Team. - Use stand-alone license paragraphs - Add license & copyright for socketpair * Restructure control file with cme. * Change priority from extra to optional. * Sort (build) dependencies. * Drop obsolete dbg package. * Update Vcs-* URLs for Salsa. * Update copyright format URL to use HTTPS. * Update various debian.org & icinga.com URLs to use HTTPS. * Bump Standards-Version to 4.1.4, changes: priority, copyright format. * Enable parallel globally. * Simplify 'disable unity builds' rules. * Drop obsolete dh-systemd build dependency. * Use DEB_BUILD_ARCH instead of DEB_HOST_ARCH, and not unconditionally. * Drop obsolete mysql (build) dependency alternatives. * Strip trailing whitespace from changelog. * Enable all hardening buildflags. * Add patch to fix spelling errors. * Move spelling-error-in-binary override from icinga2-bin to libicinga2. * Drop unused overrides for apache2-deprecated-auth-config. * Move rm_conffile from prerm to postrm. * Update systemd service file, changes: - Remove obsolete syslog.target - Add Documentation key * Add lintian overrides for hardening-no-fortify-functions. * Override dh_missing to use --list-missing. * Sort rules in order of execution. * Reorder and align install files. * Install IDO SQL files from debian/tmp. * Explicitly remove files not included in any package. . [ Dimitri John Ledkov ] * Make sure icinga2-common has /etc/icinga2/pki folder, which appears to still be in use. Checksums-Sha1: cadaf49756d6fdcee84be09d329fcef380976598 2894 icinga2_2.8.4-1~exp1.dsc f08f57070dbc0d73b98ebf560815c986accd98e8 2510333 icinga2_2.8.4.orig.tar.gz ed5463a6a6f6a048e04cb22ba9f5a6837fda620e 33704 icinga2_2.8.4-1~exp1.debian.tar.xz cb69a4a26fa74613fb6d438aace6f9b6c950bede 942268 icinga2-bin-dbgsym_2.8.4-1~exp1_amd64.deb 6aafd4073b6d61f532e57cb9fa7b08a45e36b223 155548 icinga2-bin_2.8.4-1~exp1_amd64.deb ba00434176d0f0f104176cffc8bd21be3004eca2 94452 icinga2-classicui_2.8.4-1~exp1_all.deb 2d9908b8051b0cc37f43bb0b8263c59c948197d1 131588 icinga2-common_2.8.4-1~exp1_all.deb 55b44223489d2bf5e627938abf54c93193bf20f2 1511036 icinga2-doc_2.8.4-1~exp1_all.deb cf4d957808b119a60041b23ebd051b7bcc83114e 1224136 icinga2-ido-mysql-dbgsym_2.8.4-1~exp1_amd64.deb 2915f5254efb62166ac67cf67de955a6a2b315bf 188984 icinga2-ido-mysql_2.8.4-1~exp1_amd64.deb 3d10b3caa33cea0503cf7396c83b641e6cf935f6 1156892 icinga2-ido-pgsql-dbgsym_2.8.4-1~exp1_amd64.deb 502a3ad6c31e65a4c9d9a5e819d13eb34f93d013 181544 icinga2-ido-pgsql_2.8.4-1~exp1_amd64.deb 489ad2a8eb52e1df576783bbb7ab8666e956d67f 1268976 icinga2-studio-dbgsym_2.8.4-1~exp1_amd64.deb c79eddb8f657e8d772996cce08a4b0349a9afb6d 163288 icinga2-studio_2.8.4-1~exp1_amd64.deb 613b3d3ba86e49bafb549044d67c9f61c104b3c8 17129 icinga2_2.8.4-1~exp1_amd64.buildinfo b5f83859a4f925f405b70d321d32f65d013d7afe 88020 icinga2_2.8.4-1~exp1_amd64.deb fe1a09d1cee56b7be4a9ddd33404a80924db3cdd 34390252 libicinga2-dbgsym_2.8.4-1~exp1_amd64.deb af29b8b19320b89638cbe32f5341990300074712 2356800 libicinga2_2.8.4-1~exp1_amd64.deb 2d1bea31a73e084a60885f663f55f6170d0149d8 85772 vim-icinga2_2.8.4-1~exp1_all.deb Checksums-Sha256: d921cc2cef7518f478df59aa2f9504eb5268afc54ab65c8ffb91a67f463bc43c 2894 icinga2_2.8.4-1~exp1.dsc 36f6ae3ccd5d93599459ee093011e6b64f0c56cc16bc28d37e2e6acd0c63aae6 2510333 icinga2_2.8.4.orig.tar.gz bd80c18fca2d7f525c94f976168778427b620202e0acfe798e12377c102ffc94 33704 icinga2_2.8.4-1~exp1.debian.tar.xz ad1e6a359dba73581150ad1c565cdb513973607cc4e7077846215a3497193307 942268 icinga2-bin-dbgsym_2.8.4-1~exp1_amd64.deb fc7212c58133150d290a0b11d3361d702ebfa4b6880036bab60b0504ad115033 155548 icinga2-bin_2.8.4-1~exp1_amd64.deb 4d93cd0c92cfe64ce9b49b29134ac6d88ffc97ee63065aad7bf63153905baace 94452 icinga2-classicui_2.8.4-1~exp1_all.deb 311bc6e863477a15c16369219f45f692333bd9e86949a970f9404ed5db9a82e4 131588 icinga2-common_2.8.4-1~exp1_all.deb 3c17217daf96d7d0ea995161e36a3d82ef424760805805a38fdbb8e1936eb659 1511036 icinga2-doc_2.8.4-1~exp1_all.deb 3e7ec7cb3ddac21868cc60823430237487c6ef14dbaf0af3b5d0e182dfb73ccd 1224136 icinga2-ido-mysql-dbgsym_2.8.4-1~exp1_amd64.deb a95f7ad454d7d4626835eac1d9cf26949ed21bc90ab2663c48c89bf8f69f65d9 188984 icinga2-ido-mysql_2.8.4-1~exp1_amd64.deb d14bbc7107311b24f74dd78c53286430aff6bac7a7bcc466a671b22040dbd6a3 1156892 icinga2-ido-pgsql-dbgsym_2.8.4-1~exp1_amd64.deb 91faffc7e734caaa967367f816d77a0eeaf33654c6df3149be061faf952bce50 181544 icinga2-ido-pgsql_2.8.4-1~exp1_amd64.deb 79905aa0d2b8c1b5497df7ac2d67896b0f4e573a4d9c94b3598e2e0935dcbf9f 1268976 icinga2-studio-dbgsym_2.8.4-1~exp1_amd64.deb c5f75da287ba0ec9e2b1aeaadb7f22664cf4512ae3f66343038fad2f2f16ba82 163288 icinga2-studio_2.8.4-1~exp1_amd64.deb 2f7fe0f54e2fe7c270a45cd3f54a06755e3263cc3be73f476b95bc572d3d54e1 17129 icinga2_2.8.4-1~exp1_amd64.buildinfo 3edc858898b9827c5273c992a60a3b098535e725a3d3f49b12e8393c21f68eb4 88020 icinga2_2.8.4-1~exp1_amd64.deb f20e3d21d7f3c551a8a7c270463959ee0e19a7fc2c55e65dbd8b8b0178195b28 34390252 libicinga2-dbgsym_2.8.4-1~exp1_amd64.deb 6a183d0aa8de301e1363c30f8374c909c1bd949840d922e82c917c2763ab4723 2356800 libicinga2_2.8.4-1~exp1_amd64.deb 8ff2a96f7d67f44276cafe5c0c997d60d450e24df28b4f372dddbfe6b672c9d4 85772 vim-icinga2_2.8.4-1~exp1_all.deb Files: dcd03e6720e9a1804f97cc174ba9940e 2894 admin optional icinga2_2.8.4-1~exp1.dsc 4393f337ec190246774d7bc034c93c45 2510333 admin optional icinga2_2.8.4.orig.tar.gz 13719a0cd24423c64334c93b87e54cc2 33704 admin optional icinga2_2.8.4-1~exp1.debian.tar.xz ecd5b3cfd09b95e356d09823c769b000 942268 debug optional icinga2-bin-dbgsym_2.8.4-1~exp1_amd64.deb 2f71ce206dbe7dd7363bb749a3db4b26 155548 admin optional icinga2-bin_2.8.4-1~exp1_amd64.deb b0afd5f560483f21c7f5a0fe689f9d23 94452 admin optional icinga2-classicui_2.8.4-1~exp1_all.deb 88ff3dddff8b33d0e50126952b17b644 131588 admin optional icinga2-common_2.8.4-1~exp1_all.deb 9f69d9eb2a1448e6728fc20691597134 1511036 doc optional icinga2-doc_2.8.4-1~exp1_all.deb 13bfb91e8bc96a83a5c0220887f9e860 1224136 debug optional icinga2-ido-mysql-dbgsym_2.8.4-1~exp1_amd64.deb eea6541f20f2909e86595fe11879061d 188984 admin optional icinga2-ido-mysql_2.8.4-1~exp1_amd64.deb 2f7c588ca3023e0ecc8e0d637834dc62 1156892 debug optional icinga2-ido-pgsql-dbgsym_2.8.4-1~exp1_amd64.deb 66d6afdcc46702e3d22a9fb6a351ebd8 181544 admin optional icinga2-ido-pgsql_2.8.4-1~exp1_amd64.deb ba3e4b50ee448aa599bd67002275af0b 1268976 debug optional icinga2-studio-dbgsym_2.8.4-1~exp1_amd64.deb 1edbb40d47607f453b50ad0a84c742e3 163288 admin optional icinga2-studio_2.8.4-1~exp1_amd64.deb b2ffa23bff3dc219c2651e1d8872d470 17129 admin optional icinga2_2.8.4-1~exp1_amd64.buildinfo 206e22d54553bdacca4db1894aea79b9 88020 admin optional icinga2_2.8.4-1~exp1_amd64.deb e775b9f8539d333a91a276af5e7b7701 34390252 debug optional libicinga2-dbgsym_2.8.4-1~exp1_amd64.deb 1b77d1f91e65a6465045a95ef982fb90 2356800 libs optional libicinga2_2.8.4-1~exp1_amd64.deb 1f6bbf4670dc8d8c365e7bfb81cfc185 85772 admin optional vim-icinga2_2.8.4-1~exp1_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEgYLeQXBWQI1hRlDRZ1DxCuiNSvEFAlroz5sACgkQZ1DxCuiN SvHYRhAAtwoBmqkdE1NlBWjFcW0NLo+5XVBMeRWkIxj5RDgEiONvv9w+QLe3JaNF WcNB9OtUM71OrcL0L1aMcZzjF2n4khkd6ukemOQ2LurjoN827ww8xA78yZ+MrwKW twSLcNyoNbzPq9rYfWyaa4h6fvumrVS3DZICJ9shXLtXodmHAQrydYQpsa03fadz 37V7yay0nbLNDOU4AwaugLn8J/q1qtm4jmNhQHbu7gSbgWLmEoJ/pp/hWGXZRQoe 1yCLfbfa4Poin0BLMMt5kU651zh94Wj5/4h9oXdqD2UK884KnljQ80cCKGbLbOVz F4JfHbb9XStoA7wVgf7hHp8d1U3pj/TVQgcFKBrymt9KTqaSR/dIvKYy5+mDzPer +pMmIPO10h1VlF9zGXdfVvjfd4hgevP5FamUF5SVtS4GVSWsjEtRRqwT/4GeExNf COjwhKgBz0bb4xMe7IPyeMiC2QGIH273fBiEM+bMaE+ug17wG0y7KBgSE+JrkFX5 ZiQRl2HnA0g4DWFcmLeaDKns1qEfObNTws8n7uvUAJn/Y7XxTaXYBT08CL7NA+JX mMvzWgxquQl3WaFCP5iE/PkuQoV6Rm9WFbordLxfiqOxyPxXuQ21UUgOBsn3CPtu 0cLBrDy07Zp+WuS2ySt1jJ39cF5EDQD/dcpp+5hLuftFqVs+cgU= =IONM -----END PGP SIGNATURE-----
--- End Message ---
