[checkmk-commits] [tribe29/checkmk] 9ece27: Clear stack execution bit for 3rd party libraries

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: 9ece278c95931576a4a8d1e374311646a4bf4fe3 https://github.com/tribe29/checkmk/commit/9ece278c95931576a4a8d1e374311646a… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2020-12-03 (Thu, 03 Dec 2020) Changed paths: M omd/packages/navicli/navicli-0.7.1/lib/seccli/libccme_base.so M omd/packages/navicli/navicli-0.7.1/lib/seccli/libcryptocme2.so Log Message: ----------- Clear stack execution bit for 3rd party libraries The 3rd party libraries libccme_base.so and libcryptocme2.so from the navicli package previously had the stack execution bit set. To prevent stack-overflow exploits, the stack of a binary or shared library must be marked as not executable. These libraries were only used by our special agent for monitoring EMC VNX storage systems. Have look here for further information: https://www.ibm.com/support/knowledgecenter/linuxonibm/com.ibm.linux.z.lkdd… Change-Id: Iad1bab24a9a41a880e70329a6f87059dcaa3a221 Commit: 7e186fe9ba2b416e7fd224ec5e9bc95e6d2f7ca2 https://github.com/tribe29/checkmk/commit/7e186fe9ba2b416e7fd224ec5e9bc95e6… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2020-12-03 (Thu, 03 Dec 2020) Changed paths: M cmk/gui/sites.py Log Message: ----------- GUI: Add some debug output for tracking down composition test issues Change-Id: I448f802741449d7cf1de28e89c87a1b7a8a2cf20 Commit: c1781f126facd8447184e38733bdf75e020c8a06 https://github.com/tribe29/checkmk/commit/c1781f126facd8447184e38733bdf75e0… Author: Lars Michelsen <lm(a)tribe29.com> Date: 2020-12-03 (Thu, 03 Dec 2020) Changed paths: A .werks/11747 M cmk/gui/plugins/views/mkeventd.py Log Message: ----------- 11747 SEC Fix stored XSS triggered by received syslog messages You are only affected by this issue in case you use the Event Console. An attacker could send messages to the Event Console, e.g. via syslog, containing arbitrary HTML code. This was executed in the browser context of any user viewing the event in the Checkmk user interface. The information is now properly escaped in a generic way to prevent these issues. Change-Id: I5d4f3594e69de7980aa474b8e3b9aa94d7342bb2 Compare: https://github.com/tribe29/checkmk/compare/7bb0eb57b339...c1781f126fac