Important Icinga 2 Security Fix!

A critical bug allowed attackers to get valid certificates if Icinga 2 runs with OpenSSL < 1.1.0 (e.g. on RHEL 7, Amazon Linux 2).

Fixed in: 2.14.6
And backported to: 2.13.12 and 2.12.12

Check your OpenSSL version with icinga2 --version | grep OpenSSL and update Icinga 2 now if affected.

Learn more about the issue here.

1 Like