Recently, OpenSSL published an advisory about two vulnerabilities, X.509 Email Address 4-byte Buffer Overflow (CVE-2022-3602) and X.509 Email Address Variable Length Buffer Overflow (CVE-2022-3786). Depending on the operating system you are using, this may affect Icinga as well.
Update your operating systems
On Linux, Icinga uses the OpenSSL version provided by the operating system. Therefore, Icinga is affected if the version provided by the operating system is affected. Of the distributions we officially support, this is the case on Fedora 36, RHEL 9, and Ubuntu 22.04 (jammy). To address the issue, install the patches provided by your operating system and restart the Icinga process. Other distributions still use OpenSSL 1.x and are not affected by these two vulnerabilities.
On Windows, OpenSSL 1.1.1 is bundled with Icinga 2. This OpenSSL version is not affected.
