Dear users of Check_MK,
you may have noticed the two recently announced CVEs (CVE-2016-9566 and
CVE-2016-9565) affecting the Nagios Core and now ask yourself whether
your Check_MK installation might be affected.
The good news: Check_MK is not affected by neither CVE-2016-9565 nor
CVE-2016-9566.
We have checked both issues with the following results:
a) CVE-2016-9565: We are shipping a patched Nagios 3.5 with Check_MK
where the problematic functionality had been patched out since 2010.
b) CVE-2016-9566: The possible privilege escalation (when starting
nagios as root) is not relevant since all processes are started in the
context of the site users. So you can >not< gain root access using this
issue.
As always: In case you discover security related issues, please let us
know at security(a)check-mk.org.
Best regards
Lars
--
We’ll meet in Munich for the Check_MK Conference #3.
Book your place now and be part of it.
May 2nd-4th, 2017
http://mathias-kettner.com/conference
---
Mathias Kettner GmbH
Kellerstraße 29, 81667 München, Germany
Registergericht: Amtsgericht München, HRB 165902
Geschäftsführer: Mathias Kettner
http://mathias-kettner.de
Tel. +49 89 1890 435-0
Fax. +49 89 1890 435-29
Dear friends of Check_MK,
the new innovation release 1.4.0i2p5 of Check_MK is ready for download.
It is the final release of the 1.4.0i2 branch. In case you want to try the
newest features, please checkout out the 1.4.0i3 version instead of this one.
Changes in all Check_MK Editions:
Core & Setup:
* 4078 FIX: Fixed handling of hosts with non resolvable IP addresses during runtime...
Checks & Agents:
* 4069 FIX: cmciii.phase: Fixed broken check with some devices...
* 4092 FIX: if.include: fixed wrong calculated number of interfaces which are up in case of interface groups
* 4093 FIX: oracle_tablespaces: Werk 3907 broke the space calculation...
* 4074 FIX: check_ftp: Fixed possible wrong service description caused by unintended use of global variable
* 3943 FIX: ntp.time: fixed parameters in discovered checks...
* 4081 FIX: dell_powerconnect_cpu: Fixed broken metrics
* 4099 FIX: msexch_rpcclientaccess: Previously nonfunctional WATO rule and default parameters now work...
NOTE: Please refer to the migration notes!
* 4112 FIX: db2_logsizes: fixed invalid data handling
* 4100 FIX: mk_mysql: Only perform queries if mysqladmin ping is successful#...
* 4113 FIX: postgres_locks: fixed missing include file
* 4114 FIX: innovaphone_licenses: fixed wrong percentage calculation
* 4115 FIX: mem.linux: fixed missing stack bug in PNP template
* 4157 FIX: netapp_api_cluster: fixed None item
* 4138 FIX: statgrab: Fixed issue in FreeBSD agent when statgrab is not installed
* 4158 FIX: fileinfo: fixed file handling containing spaces
* 4101 FIX: citrix_sessions: Output error message in case of missing session information....
* 4159 FIX: mem.win: fixed KeyError
* 4102 FIX: logwatch: Fixed crash due to non-existant logfile...
* 4160 FIX: emcvnx_info: fixed data handling, now detects errors
* 4161 FIX: emcvnx_sp_util: fixed empty data handling
* 4162 FIX: esx_vsphere_vm.heartbeat: fixed KeyError
* 4163 FIX: kernel: fixed empty data handling
* 4164 FIX: livestatus_status: fixed ValueError for values in scientific notation
* 4103 FIX: kaspersky_av_client: No longer crash when date of last full scan is unknown...
* 4165 FIX: tsm_stagingpools: fixed node info handling
* 4117 FIX: HPUX agent: fixed determination of cpu/core information...
Multisite:
* 4072 FIX: Fixed multiple issues in BI availability when groups or names contain umlauts
* 4080 FIX: Fixed possible exception "unsupported operand type" in matrix views
* 4127 FIX: Fixed possible "maximum recursion depth exceeded" error when sorting tables with a lot of text in cells
* 4128 FIX: Fixed exception in "Virtual host tree" snapin in case a user tries to access a not existing tree
* 4129 FIX: Fixed possible exception when a view is linking to a not permitted other view
* 4140 FIX: Views: Download agent output action was not displayed correctly on SNMP+Agent hosts
WATO:
* 4068 FIX: Fixed possible exception in case of wrong automation secrets between multiple sites...
* 4076 FIX: Git integration: Using mail address of user in author info
* 4077 FIX: Fixed "Request URI too long" when cloning role after editing another one
* 4079 FIX: Improved error handling in case a WATO folder can not be written
* 4082 FIX: Icon selector: Fixed exception in case non images are saved in icon folder
* 4084 FIX: Improved error handling in case of broken hosts.mk files
* 4130 FIX: Improved error handling when trying to edit not existant rules
* 4131 FIX: Fixed broken WATO site login when using password containing special characters...
Changes in the Check_MK Enterprise Edition:
Config generation:
* 8645 FIX: Configuration validation: Taking shadow_hosts into account when checking for duplicate hosts
Reporting:
* 8644 FIX: Improved error reporting when trying to edit not existing report elements
Metrics System:
* 8640 FIX: Graph collection: PDF exports respect the choosen time range now...
You can download Check_MK from our download page:
* http://mathias-kettner.de/check_mk_download.html
Please mail bug reports and qualified feedback to feedback(a)check-mk.org.
We greatly thank you for using Check_MK and wish you a successful monitoring,
Your Check_MK Team
--
Mathias Kettner GmbH
Kellerstraße 29, 81667 München, Germany
Registergericht: Amtsgericht München, HRB 165902
Geschäftsführer: Mathias Kettner
http://mathias-kettner.de
Tel. +49 89 1890 435-0
Fax. +49 89 1890 435-29
Dear friends of Check_MK,
the new stable release 1.2.8p15 of Check_MK is ready for download.
This new maintenance release 1.2.8p15 fixes 42 minor issues affecting all
editions of Check_MK and 4 minor Enterprise Edition specific issues.
Changes in all Check_MK Editions:
Core & Setup:
* 4078 FIX: Fixed handling of hosts with non resolvable IP addresses during runtime...
Checks & Agents:
* 4159 smart: added compatibility for Intel SSDs...
* 4069 FIX: cmciii.phase: Fixed broken check with some devices...
* 4092 FIX: if.include: fixed wrong calculated number of interfaces which are up in case of interface groups
* 4093 FIX: oracle_tablespaces: Werk 3907 broke the space calculation...
* 4074 FIX: check_ftp: Fixed possible wrong service description caused by unintended use of global variable
* 3943 FIX: ntp.time: fixed parameters in discovered checks...
* 4081 FIX: dell_powerconnect_cpu: Fixed broken metrics
* 4126 FIX: apache_status: Handle https requests lo localhost in case of certificate mismatch...
* 3953 FIX: diskstat: extended fix for multipath devices with or without alias...
* 4111 FIX: hp_proliant: fixed empty data handling
* 4099 FIX: msexch_rpcclientaccess: Previously nonfunctional WATO rule and default parameters now work...
NOTE: Please refer to the migration notes!
* 4112 FIX: db2_logsizes: fixed invalid data handling
* 4100 FIX: mk_mysql: Only perform queries if mysqladmin ping is successful#...
* 4113 FIX: postgres_locks: fixed missing include file
* 4114 FIX: innovaphone_licenses: fixed wrong percentage calculation
* 4115 FIX: mem.linux: fixed missing stack bug in PNP template
* 4157 FIX: netapp_api_cluster: fixed None item
* 4138 FIX: statgrab: Fixed issue in FreeBSD agent when statgrab is not installed
* 4158 FIX: fileinfo: fixed file handling containing spaces
* 4101 FIX: citrix_sessions: Output error message in case of missing session information....
* 4102 FIX: logwatch: Fixed crash due to non-existant logfile...
* 4160 FIX: emcvnx_info: fixed data handling, now detects errors
* 4161 FIX: emcvnx_sp_util: fixed empty data handling
* 4162 FIX: esx_vsphere_vm.heartbeat: fixed KeyError
* 4163 FIX: kernel: fixed empty data handling
* 4164 FIX: livestatus_status: fixed ValueError for values in scientific notation
* 4103 FIX: kaspersky_av_client: No longer crash when date of last full scan is unknown...
* 4117 FIX: HPUX agent: fixed determination of cpu/core information...
Multisite:
* 4072 FIX: Fixed multiple issues in BI availability when groups or names contain umlauts
* 4080 FIX: Fixed possible exception "unsupported operand type" in matrix views
* 4085 FIX: Fixed bug when rendering table views that have joined columns
* 4127 FIX: Fixed possible "maximum recursion depth exceeded" error when sorting tables with a lot of text in cells
* 4128 FIX: Fixed exception in "Virtual host tree" snapin in case a user tries to access a not existing tree
* 4139 FIX: Fixed exception on service detail page in case of invalid man pages
* 4140 FIX: Views: Download agent output action was not displayed correctly on SNMP+Agent hosts
WATO:
* 4077 FIX: Fixed "Request URI too long" when cloning role after editing another one
* 4079 FIX: Improved error handling in case a WATO folder can not be written
* 4082 FIX: Icon selector: Fixed exception in case non images are saved in icon folder
* 4130 FIX: Improved error handling when trying to edit not existant rules
* 4131 FIX: Fixed broken WATO site login when using password containing special characters...
Event Console:
* 4097 FIX: Event console: Make writing of status file more robust...
Changes in the Check_MK Enterprise Edition:
The Check_MK Micro Core:
* 8672 FIX: Fixed crash of monitoring core with duplicate hosts...
Config generation:
* 8645 FIX: Configuration validation: Taking shadow_hosts into account when checking for duplicate hosts
Reporting:
* 8644 FIX: Improved error reporting when trying to edit not existing report elements
Metrics System:
* 8640 FIX: Graph collection: PDF exports respect the choosen time range now...
You can download Check_MK from our download page:
* http://mathias-kettner.de/check_mk_download.html
Please mail bug reports and qualified feedback to feedback(a)check-mk.org.
We greatly thank you for using Check_MK and wish you a successful monitoring,
Your Check_MK Team
--
Mathias Kettner GmbH
Kellerstraße 29, 81667 München, Germany
Registergericht: Amtsgericht München, HRB 165902
Geschäftsführer: Mathias Kettner
http://mathias-kettner.de
Tel. +49 89 1890 435-0
Fax. +49 89 1890 435-29
Dear friends of Check_MK,
the new innovation release 1.4.0i3 of Check_MK is ready for download.
This new innovation release adds a lot of bug fixes and several new features
and improvements to the next Check_MK version.
Changes in all Check_MK Editions:
Core & Setup:
* 3978 FIX: mkbackup: Fixed backup to some CIFS shares ([Errno 13] Permission denied) '...')...
* 4078 FIX: Fixed handling of hosts with non resolvable IP addresses during runtime...
Checks & Agents:
* 3988 Windows agent: new global option disabled_sections...
* 3989 Logwatch patterns: now able to change state of context lines...
* 4087 netgear_fans, netgear_powersupplies, netgear_temp: new checks for Netgear Switches which support the FASTPATH-BOXSERVICES-PRIVATE MIB
* 4089 oracle_tablespaces: file online states are now configurable if size info is available
* 4096 avaya_chassis_card, avaya_chassis_ps, avaya_chassis_temp: New checks for Avaya devices...
* 4094 apc_rackpdu_power: now detects all phases or banks connected to this pdu
NOTE: Please refer to the migration notes!
* 3993 Some minor performance improvements during config generation...
* 4116 mk_oracle.ps1: added Oracle wallet support to Windows plugin...
* 3995 skype check: updated perfvariable and metric names, making their purpose more clear...
NOTE: Please refer to the migration notes!
* 3996 agent_netapp clustermode: now uses a fallback query to determine the node name if the intial query fails
* 4108 ipmi_sensors: new options available...
* 4109 websphere_mq_instance, websphere_mq_instance.manager: new checks for Websphere MQ
* 4110 netscaler_vserver: now lower levels for health are configurable
* 4098 ups_cps_battery, ups_cps_battery.temp, ups_cps_inphase, ups_cps_outphase: Several checks to monitor CPS UPS devices
* 4118 check_bi_aggr: changed check and WATO rule to support Kerberos auth...
* 3987 FIX: Check_MK Agent Access: Windows agent reported incorrect only from value
* 3952 FIX: diskstat: fixed bug if multipath devices having an alias...
* 3939 FIX: f5_bigip_conns: readded performance data and graphs...
* 3979 FIX: vbox_guest: Only try to fetch VBox state in case the vboxguest module is loaded
* 3750 FIX: cmc_temp: Check now also works when using Nagios core
* 3983 FIX: mssql_instance: Be more robust agains missing instance info in case of connection issues
* 3963 FIX: check_mk_agent.linux: fixed strayed output of postfix status command
* 3940 FIX: aix_hacmp_services: fixed broken check in case of agent section showing extra information before the "Status(...)" line...
* 3941 FIX: zypper: fixed broken check for sections since agent OS SLES12...
* 4043 FIX: Add missing metric definition for 15 minute CPU load prediction'
* 3751 FIX: jolokia_metrics: Discovery no longer crashes in case of error querying instance
* 4088 FIX: ntp: fixed incomplete data handling
* 4090 FIX: apc_rackpdu_power, apc_symmetra, apc_symmetra_input, apc_symmetra_output: some fixes...
* 4091 FIX: oracle_tablespaces: Werk 3907 broke the detection of UNDO- and TEMP-Tablespaces
* 4069 FIX: cmciii.phase: Fixed broken check with some devices...
* 4092 FIX: if.include: fixed wrong calculated number of interfaces which are up in case of interface groups
* 4093 FIX: oracle_tablespaces: Werk 3907 broke the space calculation...
* 3942 FIX: rstcli: fixed previously failing check, changed check output to provide more information...
* 4074 FIX: check_ftp: Fixed possible wrong service description caused by unintended use of global variable
* 3943 FIX: ntp.time: fixed parameters in discovered checks...
* 3994 FIX: windows agent: fixed memory and file handle leak when using windows eventlog...
* 4081 FIX: dell_powerconnect_cpu: Fixed broken metrics
* 3998 FIX: agent_netapp / netapp_api_if: improved mechanism to collect interface infos. fixes invalid if-speed...
NOTE: Please refer to the migration notes!
* 4126 FIX: apache_status: Handle https requests lo localhost in case of certificate mismatch...
* 4099 FIX: msexch_rpcclientaccess: Previously nonfunctional WATO rule and default parameters now work...
NOTE: Please refer to the migration notes!
* 4000 FIX: Windows Agent: fixed broken mrpe section...
* 4112 FIX: db2_logsizes: fixed invalid data handling
* 4100 FIX: mk_mysql: Only perform queries if mysqladmin ping is successful#...
* 4113 FIX: postgres_locks: fixed missing include file
* 4114 FIX: innovaphone_licenses: fixed wrong percentage calculation
* 4115 FIX: mem.linux: fixed missing stack bug in PNP template
* 4157 FIX: netapp_api_cluster: fixed None item
* 4001 FIX: Windows Agent: windows agent couldn't handle surrounding quotes and spaces at command specification...
* 4138 FIX: statgrab: Fixed issue in FreeBSD agent when statgrab is not installed
* 4158 FIX: fileinfo: fixed file handling containing spaces
* 4101 FIX: citrix_sessions: Output error message in case of missing session information....
* 4159 FIX: mem.win: Fixed KeyError
* 4102 FIX: logwatch: Fixed crash due to non-existant logfile...
* 4160 FIX: emcvnx_info: fixed data handling, now detects errors
* 4161 FIX: emcvnx_sp_util: fixed empty data handling
* 4162 FIX: esx_vsphere_vm.heartbeat: fixed KeyError
* 4163 FIX: kernel: fixed empty data handling
* 4164 FIX: livestatus_status: fixed ValueError for values in scientific notation
* 4103 FIX: kaspersky_av_client: No longer crash when date of last full scan is unknown...
* 4177 FIX: smart: added compatibility for Intel SSDs...
* 4178 FIX: apt: Fixed crash on unexpected output...
* 4179 FIX: oracle_dataguard_stats, oracle_longactivesessions, oracle_rman: fixed crashes...
* 4180 FIX: fileinfo: Made paths for file grouping compatible for windows...
* 4165 FIX: tsm_stagingpools: fixed node info handling
* 4117 FIX: HPUX agent: fixed determination of cpu/core information...
Multisite:
* 4070 Added a painter for the service check period
* 4095 new filter host auxiliary tags
* 4106 new filter host/service-service-level...
* 4107 Now you are able to search for check plugins
* 3997 New metric for mrpe/check_icmp...
* 4083 Web API: Always output full traceback in case of non Check_MK unhandled exceptions
* 4135 View CSV export: Group cells are added in front of the regular cells for each row...
* 4136 Availability CSV export: Adding grouping title as first column in case of grouped views
* 3974 FIX: Sorting comments in hover menu of comments icon by time now
* 4040 FIX: Fix error in view about "No WATO folder ..." in case of host imported via cmcdump...
* 4046 FIX: Repaired html rendering....
* 3938 FIX: tactical overview: fixed wrong display of number of host/service problems...
* 3980 FIX: Fixed possible flickering GUI when using Chrome and zooming the page
* 3981 FIX: Views: Fixed context button displaying depending on usage
* 4071 FIX: Removed notes_url from "LOG *" logwatch services...
* 4072 FIX: Fixed multiple issues in BI availability when groups or names contain umlauts
* 4080 FIX: Fixed possible exception "unsupported operand type" in matrix views
* 4127 FIX: Fixed possible "maximum recursion depth exceeded" error when sorting tables with a lot of text in cells
* 4128 FIX: Fixed exception in "Virtual host tree" snapin in case a user tries to access a not existing tree
* 4129 FIX: Fixed possible exception when a view is linking to a not permitted other view
* 4137 FIX: List of strings: New fields are now added when last field is not empty...
* 4140 FIX: Views: Download agent output action was not displayed correctly on SNMP+Agent hosts
WATO:
* 3984 Permissions can now be filtered by providing a search term on the "edit role" page...
* 4044 Display host/service notification delay with d/h/m/s, not with fractions of minute
* 4075 Activate Changes has been reworked...
* 4167 Notification plugins: now can be hidden by role...
* 4039 FIX: Fix UnicodeEncodeError exception in WATO folder display...
* 4041 FIX: Fix exception when editing global configuration settings...
* 3975 FIX: Improved error handling when trying to edit not existing global setting
* 3976 FIX: Fixed broken link in LDAP automatic sync help text
* 3977 FIX: Fixed poping up changes button in sidebar snapin after a change
* 3982 FIX: Some MKPs created with WATO could not be uploaded to the Check_MK Exchange
* 4045 FIX: Tactical Overview: do not count OK events as problems
* 4068 FIX: Fixed possible exception in case of wrong automation secrets between multiple sites...
* 3992 FIX: netapp_api_connection: fixed GUI display bug when editing rules
* 4076 FIX: Git integration: Using mail address of user in author info
* 4077 FIX: Fixed "Request URI too long" when cloning role after editing another one
* 4079 FIX: Improved error handling in case a WATO folder can not be written
* 4082 FIX: Icon selector: Fixed exception in case non images are saved in icon folder
* 4084 FIX: Improved error handling in case of broken hosts.mk files
* 4130 FIX: Improved error handling when trying to edit not existant rules
* 4131 FIX: Fixed broken WATO site login when using password containing special characters...
* 4133 FIX: Do not suppress site specific global issues during WATO activation
* 4134 FIX: Unified ineffective rulesets view with other ruleset list views
* 3999 FIX: Added core restart note to bulk host rename page
* 4150 FIX: Avoid exception in host search when searching for empty texts
Notifications:
* 4042 FIX: Fix missing From address in synchronous SMTP notifications...
BI:
* 4002 BI: Major Rework of Code. Apache processes now share computated data...
* 3991 FIX: BI Aggregations: no longer show duplicate aggregations when an aggregation has mulitple groups
Event Console:
* 4132 Monitoring notifications: Add EC_ORIG_HOST to notifiation context...
* 4148 EC: reorder entries in Performance snapin, add overflows and load
* 4166 New view command: archive events of hosts...
* 4151 Use notification fallback also for hosts not known to the monitoring...
* 4097 FIX: Event console: Make writing of status file more robust...
* 4147 FIX: Always show rule analyser result on Generate, not only after previous Try out...
* 4149 FIX: Fix notifications from Event Console if host has more than one contact...
* 4152 FIX: Fix matching of hosts when forwarding notifications from Event Console...
Livestatus:
* 3651 FIX: Fixed potential segfault with Nagios core when accessing log/commands table via Livestatus....
HW/SW-Inventory:
* 3916 FIX: History view: Only showing removed/added entries tables when there are entries
* 4066 FIX: Fixed broken titles of nodes in inventory views
* 4067 FIX: Fixed broken inventory history view in current master...
* 3917 FIX: Fixed broken dicttable rendering
* 3918 FIX: Inventory history: Fixed possible exception when renedering history tables...
* 4073 FIX: Cleaned up cluster host handling in HW/SW inventory...
Changes in the Check_MK Enterprise Edition:
The Check_MK Micro Core:
* 8642 Reworked logging configuration of the Check_MK Microcore...
NOTE: Please refer to the migration notes!
* 8652 FIX: Correctly read host alias, IP addresses and other attributes from cmcdump config dump
* 8636 FIX: Fixed broken manual checks after reloading the configuration
* 8575 FIX: Fixed segfaults and incorrect Livestatus replies when history file is missing...
* 8577 FIX: Fixed Livestatus queries for custom_variable_names columns....
NOTE: Please refer to the migration notes!
* 8578 FIX: Fixed C-style mangling of performance variable names in Graphite/InfluxDB connections...
* 8672 FIX: Fixed crash of monitoring core with duplicate hosts...
Makefile, OMD-Integration:
* 8620 FIX: Install missing alert handler for remote execution on Linux...
Multisite:
* 8619 FIX: Show button [Export as PDF] only if user has permission "Use Reporting"
Config generation:
* 8645 FIX: Configuration validation: Taking shadow_hosts into account when checking for duplicate hosts
Livestatus:
* 8579 Generalize Livestatus filter operators...
* 8576 FIX: Fixed segfaults in cmc when Stats{And,Or,Negate} was used for EC tables...
* 8580 FIX: Removed space leaks related to dynamic columns....
Agent Bakery:
* 8509 Agent Bakery: now able to configure disabled_sections for windows agent
* 8646 cmk-update-agent: Added -V / --version to output the version of the plugin
* 8662 FIX: fixed encryption.cfg in bakecd Linux agents...
* 8639 FIX: Fixed broken agent update status view...
* 8647 FIX: cmk-update-agent: Fixed certificate verification issues in case openssl tools are not available...
Reporting:
* 8644 FIX: Improved error reporting when trying to edit not existing report elements
Metrics System:
* 8641 Views: Time range selected by panning is respected in PDF exports now
* 8643 Web API: New API for fetching graph data...
* 8635 FIX: Custom graphs: When using summary operator, draw line even when some metrics have no value
* 8640 FIX: Graph collection: PDF exports respect the choosen time range now...
Notifications:
* 8637 Check_MK Notification Spooler is now always enabled...
* 8638 FIX: Fixed broken notifications when Check_MK notification spooler not enabled (regression since 1.4.0i2)...
* 8653 FIX: Fix output of log verbosity in mknotifyd.log...
Alert Handlers:
* 8510 FIX: Installed alert handler scripts are now executable
You can download Check_MK from our download page:
* http://mathias-kettner.de/check_mk_download.html
Please mail bug reports and qualified feedback to feedback(a)check-mk.org.
We greatly thank you for using Check_MK and wish you a successful monitoring,
Your Check_MK Team
--
Mathias Kettner GmbH
Kellerstraße 29, 81667 München, Germany
Registergericht: Amtsgericht München, HRB 165902
Geschäftsführer: Mathias Kettner
http://mathias-kettner.de
Tel. +49 89 1890 435-0
Fax. +49 89 1890 435-29