linux-announce AT lists.psi.ch
Subject: Linux Mailing List
List archive
- From: "Konrad Bucheli (PSI)" <konrad.bucheli AT psi.ch>
- To: linux-announce AT lists.psi.ch
- Subject: [[Linux-announce] ] Critical Icinga 2 Security Release (CVE-2024-49369)
- Date: Fri, 15 Nov 2024 11:44:00 +0100
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 20.250.76.7) smtp.rcpttodomain=lists.psi.ch smtp.mailfrom=psi.ch; dmarc=pass (p=none sp=none pct=100) action=none header.from=psi.ch; dkim=none (message not signed); arc=none (0)
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YLHKRsGn8gX07EFJVkfrU1ypoq8vwI4AQIcrPfLbdmo=; b=WEnqC9FtuwdDGy8vS6t+170W142FHuPZFkJcmuLiJqMCm23Vye07qdrwacraPnZV6IiYgXpBZDxG29TzP2zXSDVz8iYGvawhsVTON02DN8EWrTw3mMVSUj+f96V0CgksxZQCufS/5YMvPi/ExGpSRw6tRoTtBuQtuRf1BPoAup7W6zvZ2yworYnASV2yYDv3fm04dhzQoqpFHeEpa/ng6cCgWoyZ+KgrNaBGI8m3lrhjEsC9TtgX4k3zXJrCDiy5A6TNDUeWCo36B1oUnXycFsLu+ZWsCbGPNZw3GnCKYG2K3I+aJZdWfY7nMsAU0LAvQIMrYLmek4zCPJ+0IJVc4A==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=nB5f+pBqwgyFCbFHJbQ0Q41cMmvLbvBRE6vMpn5V8Ij+kDpC1R/wqEa/36A5/WpQaFAAG8WMas8NtNB7XDvPOrTDCoGUTUF8QkUb3o8AjYk18hFJCm+uq26Z6+3SL0KQXEaPcxbBAk7FlwIfEu/A5gzwnGAQB6bD6MD9IMthh1g7wi9m0DSNRoRzzbrXKqtgLgF++oicScbnqSeYNBXqA8TgC9GxlQa4/EMmHCrJCCgG2zObZp9V0TobKUPH4Uy7siVGGfrxnjeSsY5q/ISnSH8HW54x59QZQLYYGTQ3iBz+BuXWAZacOyObiMaRqj+gLMyFr786NdnQ3sxqc0k94A==
- Authentication-results: mc4.ethz.ch; iprev=pass (mail-switzerlandnorthazon11020135.outbound.protection.outlook.com) smtp.remote-ip=52.101.186.135; spf=pass smtp.mailfrom=psi.ch; dkim=pass header.d=psi.ch header.s=selector2 header.a=rsa-sha256; dmarc=pass header.from=psi.ch
- Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=psi.ch;
Hi
For nodes with Icinga2 agents there is a critical vulnerability:
https://icinga.com/blog/2024/11/12/critical-icinga-2-security-releases-2-14-3/
Note that the The Puppet managed Icinga2 configuration allows only access to the API of the agent from localhost, so an attack directly over the network was never possible.
If you have icinga2 older than v2.14.3:
# rpm -q icinga2
icinga2-2.14.3-1.el8.x86_64
#
you should update:
# yum update icinga2
Please accept if your are asked
Importing GPG key 0xAA7F2382:
Userid : "Icinga GmbH (Build server) <info AT icinga.com>"
Fingerprint: dd3a f619 8ed0 00b4 c0b7 3956 cc11 6f55 aa7f 2382
From : https://repos.psi.ch/rhel7/tags/prod/keys/icinga.gpg
Is this ok [y/N]:
This recent change of the Icinga2 GPG key has further impact. On RHEL8 and RHEL9 security related updates are installed automatically with default configuration, unfortunately this may fail here as dnf-automatic does not import the new key automatically (a fix for this issue should will ready in two weeks).
There are also updates available for RHEL7, please update there as well (and consider planning the migrating to RHEL8).
Kind regards
Konrad
--
Paul Scherrer Institut
Konrad Bucheli
Linux Systems Engineer
Core Linux Research Services
Science IT Infrastructure and Services department (AWI)
OBBA/230
Forschungstrasse 111
5232 Villigen PSI
Switzerland
Phone: +41 56 310 27 24
konrad.bucheli AT psi.ch
www.psi.ch
- [[Linux-announce] ] Critical Icinga 2 Security Release (CVE-2024-49369), Konrad Bucheli (PSI), 11/15/2024
Archive powered by MHonArc 2.6.24.