Branch: refs/heads/2.1.0
Home: https://github.com/Checkmk/checkmk
Commit: 9fc7ab9cec19bf68b66a12bedc44f385c1cbb859
https://github.com/Checkmk/checkmk/commit/9fc7ab9cec19bf68b66a12bedc44f385c…
Author: Checkmk release system <feedback(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
M agents/check_mk_agent.aix
M agents/check_mk_agent.freebsd
M agents/check_mk_agent.hpux
M agents/check_mk_agent.linux
M agents/check_mk_agent.macosx
M agents/check_mk_agent.netbsd
M agents/check_mk_agent.openbsd
M agents/check_mk_agent.openvms
M agents/check_mk_agent.openwrt
M agents/check_mk_agent.solaris
M agents/cmk-agent-ctl/src/constants.rs
M agents/plugins/apache_status.py
M agents/plugins/asmcmd.sh
M agents/plugins/db2_mem
M agents/plugins/dnsclient
M agents/plugins/hpux_lunstats
M agents/plugins/hpux_statgrab
M agents/plugins/ibm_mq
M agents/plugins/isc_dhcpd.py
M agents/plugins/jar_signature
M agents/plugins/kaspersky_av
M agents/plugins/lnx_container_host_if.linux
M agents/plugins/lnx_quota
M agents/plugins/lvm
M agents/plugins/mailman_lists
M agents/plugins/mk_apt
M agents/plugins/mk_ceph
M agents/plugins/mk_cups_queues
M agents/plugins/mk_db2.aix
M agents/plugins/mk_db2.linux
M agents/plugins/mk_docker.py
M agents/plugins/mk_errpt.aix
M agents/plugins/mk_filehandler
M agents/plugins/mk_filestats.py
M agents/plugins/mk_haproxy.freebsd
M agents/plugins/mk_informix
M agents/plugins/mk_inotify.py
M agents/plugins/mk_inventory.aix
M agents/plugins/mk_inventory.linux
M agents/plugins/mk_inventory.solaris
M agents/plugins/mk_iptables
M agents/plugins/mk_jolokia.py
M agents/plugins/mk_logins
M agents/plugins/mk_logwatch.py
M agents/plugins/mk_mongodb.py
M agents/plugins/mk_mysql
M agents/plugins/mk_nfsiostat
M agents/plugins/mk_omreport
M agents/plugins/mk_oracle
M agents/plugins/mk_oracle_crs
M agents/plugins/mk_postgres.py
M agents/plugins/mk_redis
M agents/plugins/mk_sap.aix
M agents/plugins/mk_sap.py
M agents/plugins/mk_sap_hana
M agents/plugins/mk_saprouter
M agents/plugins/mk_scaleio
M agents/plugins/mk_site_object_counts
M agents/plugins/mk_sshd_config
M agents/plugins/mk_suseconnect
M agents/plugins/mk_tinkerforge.py
M agents/plugins/mk_tsm
M agents/plugins/mk_zypper
M agents/plugins/mtr.py
M agents/plugins/netstat.aix
M agents/plugins/netstat.linux
M agents/plugins/netstat.solaris
M agents/plugins/nfsexports
M agents/plugins/nfsexports.solaris
M agents/plugins/nginx_status.py
M agents/plugins/plesk_backups.py
M agents/plugins/plesk_domains.py
M agents/plugins/runas
M agents/plugins/smart
M agents/plugins/symantec_av
M agents/plugins/unitrends_backup
M agents/plugins/unitrends_replication.py
M agents/plugins/vxvm
M agents/plugins/websphere_mq
M agents/plugins/zorp
M agents/windows/plugins/ad_replication.bat
M agents/windows/plugins/arcserve_backup.ps1
M agents/windows/plugins/citrix_farm.ps1
M agents/windows/plugins/citrix_licenses.vbs
M agents/windows/plugins/citrix_xenapp.ps1
M agents/windows/plugins/hyperv_vms.ps1
M agents/windows/plugins/hyperv_vms_guestinfos.ps1
M agents/windows/plugins/iis_app_pool_state.ps1
M agents/windows/plugins/kaspersky_av_client.vbs
M agents/windows/plugins/mcafee_av_client.bat
M agents/windows/plugins/megaraid.bat
M agents/windows/plugins/mk_dhcp_enabled.bat
M agents/windows/plugins/mk_inventory.vbs
M agents/windows/plugins/mk_msoffice.ps1
M agents/windows/plugins/mk_mysql.vbs
M agents/windows/plugins/mk_oracle.ps1
M agents/windows/plugins/msexch_dag.ps1
M agents/windows/plugins/msexch_database.ps1
M agents/windows/plugins/mssql.vbs
M agents/windows/plugins/netstat_an.bat
M agents/windows/plugins/rds_licenses.vbs
M agents/windows/plugins/rstcli.bat
M agents/windows/plugins/sansymphony.ps1
M agents/windows/plugins/storcli.bat
M agents/windows/plugins/tsm_checks.bat
M agents/windows/plugins/veeam_backup_status.ps1
M agents/windows/plugins/win_dhcp_pools.bat
M agents/windows/plugins/win_dmidecode.bat
M agents/windows/plugins/win_license.bat
M agents/windows/plugins/win_printers.ps1
M agents/windows/plugins/windows_broadcom_bonding.bat
M agents/windows/plugins/windows_if.ps1
M agents/windows/plugins/windows_intel_bonding.bat
M agents/windows/plugins/windows_multipath.vbs
M agents/windows/plugins/windows_os_bonding.ps1
M agents/windows/plugins/windows_tasks.ps1
M agents/windows/plugins/windows_updates.vbs
M agents/windows/plugins/wmic_if.bat
M agents/wnx/src/common/wnx_version.h
M bin/livedump
M bin/mkbackup
M bin/mkbench
M cmk/utils/version.py
M configure.ac
M defines.make
M docker/Dockerfile
Log Message:
-----------
Set version to 2.1.0p41
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: b218acb92666ed4b3e0be0fd0b3ce2efbe407709
https://github.com/Checkmk/checkmk/commit/b218acb92666ed4b3e0be0fd0b3ce2efb…
Author: Hannes Rantzsch <hannes.rantzsch(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
M cmk/gui/plugins/config/base.py
R omd/packages/nagios/skel/etc/nagios/cgi.cfg
R omd/packages/nagios/skel/etc/nagios/config.inc.php
M omd/packages/omd/omdlib/main.py
R omd/packages/omd/skel/etc/htpasswd
M omd/packages/pnp4nagios/BUILD.pnp4nagios.bazel
R omd/packages/pnp4nagios/skel/etc/pnp4nagios/config.php
Log Message:
-----------
Remove some remnants of omdadmin
including some nagios skel files.
Change-Id: I5b498c86a36f950b522ae7fead956501f706a9e6
Commit: 4aa5f324c084e64e42ed120dddcea0e7428afa05
https://github.com/Checkmk/checkmk/commit/4aa5f324c084e64e42ed120dddcea0e74…
Author: Simon Jess <simon.jess(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
M web/htdocs/js/modules/number_format.ts
Log Message:
-----------
Fix precision
Change-Id: I70f4fc79453d04ff16dc07ac46b7041f6e70f5a6
Compare: https://github.com/Checkmk/checkmk/compare/28968b0c3453...4aa5f324c084
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 28968b0c34533199c8f03e4b0b1bd495221196d9
https://github.com/Checkmk/checkmk/commit/28968b0c34533199c8f03e4b0b1bd4952…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
A .werks/16172.md
M agents/plugins/kaspersky_av
A tests/unit-shell/agents/plugins/test_kaspersky_av.sh
Log Message:
-----------
16172 SEC kaspersky_av: Don't run kav4fs-control or kesl-control if they aren't owned by root
Kaspersky Anti-Virus plugin uses /opt/kaspersky/kav4fs/bin/kav4fs-control and
/opt/kaspersky/kesl/bin/kesl-control commands to monitor a Kaspersky Anti-Virus
installation.
To prevent privilege escalation, the plugin (which is run by root user) must
not run executables which can be changed by less privileged users.
In the default installation, kav4fs-control and kesl-control commands are owned
by root and root is the only user with write permissions, which prevents privilege
escalation attacks.
With this Werk, the plugin checks if control commands are owned by root and root
is the only user with write permissions before running the command. If that's not
the case the commands won't be run. This prevents privilege escalation attacks if
the permissions of the control commands have been changed.
CMK-15318
Change-Id: Ie5de60541dbd76a983c9918ccf48a73ed1ee26f7
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.3.0
Home: https://github.com/Checkmk/checkmk
Commit: ff0b0477432250db90395946b6f0219ba7acf284
https://github.com/Checkmk/checkmk/commit/ff0b0477432250db90395946b6f0219ba…
Author: Lars Michelsen <lm(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
A .werks/15725.md
M cmk/update_config/main.py
Log Message:
-----------
15725 FIX Cleanup old Microcore config during update procedure
This change prevents a problem which might occur in case the `omd update` did
not finish successfully. In this situation, the Microcore might be started with
a configuration file from the previous version. This could lead to unexpected
behavior.
Instead of keeping the old configuration, the update procedure now deletes the
file which makes the Microcore fail during startup with a more helpful error
message.
CMK-16020
Change-Id: I5c7a326d9269ada9ae0f4f8b4e48610bdaffabdb
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: f876ded4b9793800fc69b728895c68c92e27184b
https://github.com/Checkmk/checkmk/commit/f876ded4b9793800fc69b728895c68c92…
Author: Lars Michelsen <lm(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
A .werks/15725.md
M cmk/update_config/main.py
Log Message:
-----------
15725 FIX Cleanup old Microcore config during update procedure
This change prevents a problem which might occur in case the `omd update` did
not finish successfully. In this situation, the Microcore might be started with
a configuration file from the previous version. This could lead to unexpected
behavior.
Instead of keeping the old configuration, the update procedure now deletes the
file which makes the Microcore fail during startup with a more helpful error
message.
CMK-16020
Change-Id: I5c7a326d9269ada9ae0f4f8b4e48610bdaffabdb
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: d95cd664fa041bf12368753927aba6da4312af65
https://github.com/Checkmk/checkmk/commit/d95cd664fa041bf12368753927aba6da4…
Author: Andreas Umbreit <andreas.umbreit(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
M packages/check-http/src/checking_types.rs
M packages/check-http/src/checks.rs
Log Message:
-----------
check_http: Allow custom format for values in CheckResult helper functions
Needed to display some values more prettily, e.g., influence the number
of shown digits of a float value.
CMK-16160
Change-Id: Ieba7b6be023ab8615a5fae6253385d5402c221b4
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/master
Home: https://github.com/Checkmk/checkmk
Commit: 4759ef01d3a5223f6b79067bff8f9f2bb2dc8970
https://github.com/Checkmk/checkmk/commit/4759ef01d3a5223f6b79067bff8f9f2bb…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
A .werks/16361.md
Log Message:
-----------
16361 SEC Privilege escalation in Windows agent
In order to execute some system commands Checkmk Windows agent writes cmd files to `C:\Windows\Temp\` and afterwards executes them.
The permissions of the files were set restrictive but existing files were not properly handled.
If a cmd file already existed and was write protected the agent was not able to rewrite the file but did not handle this case and executed the file nevertheless.
We thank Michael Baer (SEC Consult Vulnerability Lab) for reporting this issue.
**Affected Versions**:
* 2.2.0
* 2.1.0
* 2.0.0
**Indicators of Compromise**:
The filename of the cmd file needed to be guessed therefore the proof-of-concept creates a lot of files in `C\Windows\Temp` with the filename `cmk_all_\d+_1.cmd`.
These file-creation events could be monitored.
**Vulnerability Management**:
We have rated the issue with a CVSS Score of 8.8 (High) with the following CVSS vector:
`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`.
We assigned CVE-2024-0670 to this vulnerability.
**Changes**:
This Werk changes the temp folder and adds a subfolder with more restrictive permissions in which the files are created.
Also errors are handled better.
Change-Id: I9b6b6dbe68d638c9e0dcf127646783d15f1df589
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications
Branch: refs/heads/2.3.0
Home: https://github.com/Checkmk/checkmk
Commit: a91bc0411ec1ae2e45dab2f4cba525794805b031
https://github.com/Checkmk/checkmk/commit/a91bc0411ec1ae2e45dab2f4cba525794…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
A .werks/16361.md
Log Message:
-----------
16361 SEC Privilege escalation in Windows agent
In order to execute some system commands Checkmk Windows agent writes cmd files to `C:\Windows\Temp\` and afterwards executes them.
The permissions of the files were set restrictive but existing files were not properly handled.
If a cmd file already existed and was write protected the agent was not able to rewrite the file but did not handle this case and executed the file nevertheless.
We thank Michael Baer (SEC Consult Vulnerability Lab) for reporting this issue.
**Affected Versions**:
* 2.2.0
* 2.1.0
* 2.0.0
**Indicators of Compromise**:
The filename of the cmd file needed to be guessed therefore the proof-of-concept creates a lot of files in `C\Windows\Temp` with the filename `cmk_all_\d+_1.cmd`.
These file-creation events could be monitored.
**Vulnerability Management**:
We have rated the issue with a CVSS Score of 8.8 (High) with the following CVSS vector:
`CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H`.
We assigned CVE-2024-0670 to this vulnerability.
**Changes**:
This Werk changes the temp folder and adds a subfolder with more restrictive permissions in which the files are created.
Also errors are handled better.
Change-Id: I9b6b6dbe68d638c9e0dcf127646783d15f1df589
To unsubscribe from these emails, change your notification settings at https://github.com/Checkmk/checkmk/settings/notifications