Icinga 2.13.1 + 2.12.6 + 2.11.11: Security and Bugfix Releases

by | Aug 19, 2021

Today we’re releasing the security and bugfix versions 2.13.1, 2.12.6 and 2.11.11. The main focus of these versions is a security vulnerability in the TLS certificate verification of our metrics writers ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer.

In addition, 2.13.1 also fixes two issues introduced with 2.13.0.

Security (2.13.1, 2.12.6, 2.11.11)

CVE-2021-37698 – Add TLS server certificate validation to ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer

Despite a CA being specified, none of the TSDB writers verify the server’s certificate. This results in a spoofable connection between Icinga 2 and the metrics server. Icinga 2 instances which connect to any of the mentioned TSDBs using TLS over a spoofable infrastructure should immediately upgrade and change the credentials (if any) used by the TSDB writer feature to authenticate against the TSDB.

Bugfixes (2.13.1)

  • IDO PgSQL: Fix a string quoting regression introduced in 2.13.0 #8958
  • ApiListener: Automatically fall back to IPv4 in default configuration on systems without IPv6 support #8961

 

You May Also Like…

Releasing Icinga 2.13.5

Releasing Icinga 2.13.5

Today we are releasing Icinga 2.13.5. It addresses issues with 2.13.x-only changes such as logging startup messages to...

Icinga Camp Berlin 2022

Icinga Camp Berlin 2022

Our first Icinga Camp after 2019 now took place almost 3 years later and was an amazing event that took us right back...

Subscribe to our Newsletter

A monthly digest of the latest Icinga news, releases, articles and community topics.