[checkmk-commits] [Checkmk/checkmk] 1f5ed8: 15717 FIX NagVis: Updated to 1.9.40

Branch: refs/heads/2.1.0 Home: https://github.com/Checkmk/checkmk Commit: 1f5ed8224b6e4ca263d99479e5285c62045e6bf5 https://github.com/Checkmk/checkmk/commit/1f5ed8224b6e4ca263d99479e5285c620… Author: Lars Michelsen &lt;lm(a)checkmk.com&gt; Date: 2024-01-09 (Tue, 09 Jan 2024) Changed paths: A .werks/15717 R omd/packages/nagvis/nagvis-1.9.39.tar.gz A omd/packages/nagvis/nagvis-1.9.40.tar.gz M omd/packages/nagvis/nagvis.make Log Message: ----------- 15717 FIX NagVis: Updated to 1.9.40 Change-Id: I1d16e99036e85e909a85f3c94bc1a781d728cf46 Commit: 087fb7a46534123cb898c3435a4fc3d833e86d42 https://github.com/Checkmk/checkmk/commit/087fb7a46534123cb898c3435a4fc3d83… Author: Sofia Colakovic &lt;sofia.colakovic(a)checkmk.com&gt; Date: 2024-01-09 (Tue, 09 Jan 2024) Changed paths: A .werks/16165 M agents/check_mk_agent.aix M agents/check_mk_agent.freebsd M agents/check_mk_agent.linux M agents/check_mk_agent.openwrt M agents/check_mk_agent.solaris Log Message: ----------- 16165 FIX check_mk_agent: Set LC_ALL before running the agent Previously, Checkmk agents would be run with a preset LC_ALL environment variable if neither C.UTF-8 or C.utf-8 locales were installed. That led to invalid agent output and crashes in section parsing in multiple checks. Linux, AIX, Solaris, FreeBSD and OpenWrt agents were affected. Now, LC_ALL variable is set to C for the described case. Change-Id: I615488e2ff8361716d4834ba86f9f03c78209cfb Commit: 36dafc25e81c63254800114dd15be4aa89cef7d2 https://github.com/Checkmk/checkmk/commit/36dafc25e81c63254800114dd15be4aa8… Author: Sofia Colakovic &lt;sofia.colakovic(a)checkmk.com&gt; Date: 2024-01-09 (Tue, 09 Jan 2024) Changed paths: A .werks/16163 M agents/plugins/jar_signature Log Message: ----------- 16163 SEC jar_signature: Prevent priviledge escalation Agent plugin was vulnerable to the privilege escalation to root from an oracle user. A malicious oracle user could replace the jarsigner binary with another script and put it in the JAVA_HOME directory. The script would be executed by the root user. The jarsigner is now executed by the oracle user, preventing the privilege escalation. This issue was found during internal review. CMK-15315 Change-Id: I2954f72ad3f426b10deadf4028926996a5569964 Commit: df896a7c5dc9462927b63fd00fbbe85b2c696251 https://github.com/Checkmk/checkmk/commit/df896a7c5dc9462927b63fd00fbbe85b2… Author: Moritz Kiemer &lt;moritz.kiemer(a)checkmk.com&gt; Date: 2024-01-09 (Tue, 09 Jan 2024) Changed paths: A .werks/16273 M agents/plugins/mk_tsm A tests/unit-shell/agents/plugins/test_mk_tsm.sh Log Message: ----------- 16273 SEC Local privilege escalation in agent plugin 'mk_tsm' Change-Id: I088919799c9fc071849726d0d3d1604e06ed58b8 Commit: c6bab5765bbd1dd12b8e3dab1a96e25edcda59dc https://github.com/Checkmk/checkmk/commit/c6bab5765bbd1dd12b8e3dab1a96e25ed… Author: Maximilian Wirtz &lt;maximilian.wirtz(a)checkmk.com&gt; Date: 2024-01-10 (Wed, 10 Jan 2024) Changed paths: A .werks/16227 M cmk/gui/login.py M cmk/update_config.py M cmk/utils/crypto/password_hashing.py Log Message: ----------- 16227 SEC Disabled automation users could still authenticate Prior to this Werk an automation user whose password was disabled also described as "disable the login to this account" was still able to authenticate. The information that a user was disabled was not checked for automation users. We found this vulnerability internally. <b>Affected Versions</b>: * 2.2.0 * 2.1.0 * 2.0.0 * 1.6.0 * 1.5.0 (probably older versions as well) <b>Mitigations</b>: If the need arises to block an automation user one can change the password or remove that user from the system. <b>Vulnerability Management</b>: We have rated the issue with a CVSS Score of 8.8 (High) with the following CVSS vector: <tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</tt>. We assigned CVE-2023-31211 to this vulnerability. <b>Changes</b>: This Werk adds a check for the disabled information. During update you will be warned if a automation user is currently disabled. CMK-15213 Change-Id: I552d218ad181fecb0471d3dd4a4e08c9b669551f Commit: 3ff75be1738cb01a6b51a394d5d4178ee7cd792e https://github.com/Checkmk/checkmk/commit/3ff75be1738cb01a6b51a394d5d4178ee… Author: Jonas Scharpf &lt;jonas.scharpf(a)checkmk.com&gt; Date: 2024-01-10 (Wed, 10 Jan 2024) Changed paths: M tests/docker/test_docker.py Log Message: ----------- Update base version of checkmk-raw for docker test update ... as older tags got cleaned up with CMK-15313 Change-Id: I3f970ca3efc1ca9084e652031ab497dd622f7f36 Compare: https://github.com/Checkmk/checkmk/compare/051d3fea5772...3ff75be1738c