Branch: refs/heads/master
Home:
https://github.com/tribe29/checkmk
Commit: 9ece278c95931576a4a8d1e374311646a4bf4fe3
https://github.com/tribe29/checkmk/commit/9ece278c95931576a4a8d1e374311646a…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2020-12-03 (Thu, 03 Dec 2020)
Changed paths:
M omd/packages/navicli/navicli-0.7.1/lib/seccli/libccme_base.so
M omd/packages/navicli/navicli-0.7.1/lib/seccli/libcryptocme2.so
Log Message:
-----------
Clear stack execution bit for 3rd party libraries
The 3rd party libraries libccme_base.so and libcryptocme2.so from the
navicli package previously had the stack execution bit set. To prevent
stack-overflow exploits, the stack of a binary or shared library must be
marked as not executable.
These libraries were only used by our special agent for monitoring EMC
VNX storage systems.
Have look here for further information:
https://www.ibm.com/support/knowledgecenter/linuxonibm/com.ibm.linux.z.lkdd…
Change-Id: Iad1bab24a9a41a880e70329a6f87059dcaa3a221
Commit: 7e186fe9ba2b416e7fd224ec5e9bc95e6d2f7ca2
https://github.com/tribe29/checkmk/commit/7e186fe9ba2b416e7fd224ec5e9bc95e6…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2020-12-03 (Thu, 03 Dec 2020)
Changed paths:
M cmk/gui/sites.py
Log Message:
-----------
GUI: Add some debug output for tracking down composition test issues
Change-Id: I448f802741449d7cf1de28e89c87a1b7a8a2cf20
Commit: c1781f126facd8447184e38733bdf75e020c8a06
https://github.com/tribe29/checkmk/commit/c1781f126facd8447184e38733bdf75e0…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2020-12-03 (Thu, 03 Dec 2020)
Changed paths:
A .werks/11747
M cmk/gui/plugins/views/mkeventd.py
Log Message:
-----------
11747 SEC Fix stored XSS triggered by received syslog messages
You are only affected by this issue in case you use the Event Console.
An attacker could send messages to the Event Console, e.g. via syslog,
containing arbitrary HTML code. This was executed in the browser context of any
user viewing the event in the Checkmk user interface.
The information is now properly escaped in a generic way to prevent these
issues.
Change-Id: I5d4f3594e69de7980aa474b8e3b9aa94d7342bb2
Compare:
https://github.com/tribe29/checkmk/compare/7bb0eb57b339...c1781f126fac