Icinga 2 Security Release – November 2024

12 November, 2024

Icinga 2 Kritisches Sicherheitsupdate Wichtige Verbesserungen im November 2024
Tobias Redel
Tobias Redel
CEO Professional Services

Tobias Redel ist der CEO von NETWAYS Professional Services, einer Firma die auf Open Source für das Datacenter spezialisiert ist. Er arbeitet seit mehr als 20 Jahren in diesem Bereich und kümmert sich zusammen mit dem Team von NETWAYS um die Beratung und Umsetzung von Lösungen für Firmen jeder Größenordnung. Mit seiner langen Berufserfahrung war Tobias bereits als Systems Engineer, Development Engineer und Consultant tätig und kennt daher sehr viele Facetten der Enterprise IT.

by | Nov 12, 2024

Icinga Updates 

Critical error in the Icinga 2 core

Today, November 12, 2024, the Icinga team has released a security fix that is classified as CRITICAL. The associated CVE (Common Vulnerabilities and Exposures) can be found under the number CVE-2024-49369. You can find Icinga’s blog post on the topic here: https://icinga.com/blog/2024/11/12/critical-icinga-2-security-releases-2-14-3/

Our recommendation

The problems affect masters, satellites and agents. We recommend that all Icinga users install this update as soon as possible. If your Icinga installations are accessible directly from the Internet, we recommend that you carry out the updates immediately.

Which Icinga versions have been released?

The following versions of Icinga 2 have been released:

  • 2.14.3
  • 2.13.10
  • 2.12.11
  • 2.11.12

Packages for a variety of distributions have been created for the versions:

  • Red Hat Enterprise Linux 7, 8, 9
  • SUSE Linux Enterprise Server 12.5, 15.3, 15.4, 15.5, 15.6
  • Ubuntu 18.04, 20.04, 22.04, 23.04, 23.10, 24.04, 24.10
  • Debian 10, 11, 12
  • Amazon Linux 2, 2023
  • CentOS 7, 8
  • Docker images
  • Fedora 37, 38, 39, 40
  • Helmet chart
  • openSUSE 15.4, 15.5, 15.6
  • Raspberry Pi OS 11, 12 (64-bit only)
  • Raspbian 11 (32-bit only)
  • Windows Server >= 2012

Both lists include Icinga versions, distributions and operating system versions, some of which have already been discontinued. Updates have therefore been created for a very wide range of updates and packages, which is due to the severity of the problem.

What is the problem?

The TLS certificate check of the Icinga API was faulty and could be bypassed. By impersonating a trusted cluster node, an attacker was able to inject configurations into the Icinga core.

Do you need help?

If you need help updating your infrastructure, you can contact our support team or the MyEngineer team. Both can be reached at the e-mail address support@netways.de.

Customers with a support contract have priority for inquiries, but of course we also endeavor to support customers without a support contract to the best of our knowledge and belief.

Events

Training courses

Professional Services

Open Source IT Support
NETWAYS Open Source Subscriptions
NETWAYS Open Source IT-Beratung
NETWAYS Open Source IT-Outsourcing

Web Services

How did you like our article?

Read more from Tobias Redel