icingacoreFollowing up on our recent Icinga 1.10.2 bug fix release, we have backported patches to older versions and now present 1.8.5 and 1.9.4 for download.
These two new bug fix releases are important for users who allow public access to their Classic UI. In particular they deal with susceptibilities to:

  • (CVE-2013-7106) Buffer overflow errors, as fixed in #5250
  • (CVE-2013-7108) Off-by-one errors, as fixed in #5251

Please note: CVE-2013-7107 was identified and is being addressed with issue #5346. A fix will be integrated into Icinga 1.11. In the meantime, we recommend users with vulnerabilities to manage their user rights accordingly in the Classic UI.
Once again we thank the DTAG Group Information Security for their advice.
For a quick upgrade, keep an eye on our auto-built packages. As always, we welcome your feedback on our development tracker and support channels.