Branch: refs/heads/2.1.0
Home:
https://github.com/Checkmk/checkmk
Commit: 1f5ed8224b6e4ca263d99479e5285c62045e6bf5
https://github.com/Checkmk/checkmk/commit/1f5ed8224b6e4ca263d99479e5285c620…
Author: Lars Michelsen <lm(a)checkmk.com>
Date: 2024-01-09 (Tue, 09 Jan 2024)
Changed paths:
A .werks/15717
R omd/packages/nagvis/nagvis-1.9.39.tar.gz
A omd/packages/nagvis/nagvis-1.9.40.tar.gz
M omd/packages/nagvis/nagvis.make
Log Message:
-----------
15717 FIX NagVis: Updated to 1.9.40
Change-Id: I1d16e99036e85e909a85f3c94bc1a781d728cf46
Commit: 087fb7a46534123cb898c3435a4fc3d833e86d42
https://github.com/Checkmk/checkmk/commit/087fb7a46534123cb898c3435a4fc3d83…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-01-09 (Tue, 09 Jan 2024)
Changed paths:
A .werks/16165
M agents/check_mk_agent.aix
M agents/check_mk_agent.freebsd
M agents/check_mk_agent.linux
M agents/check_mk_agent.openwrt
M agents/check_mk_agent.solaris
Log Message:
-----------
16165 FIX check_mk_agent: Set LC_ALL before running the agent
Previously, Checkmk agents would be run with a preset LC_ALL
environment variable if neither C.UTF-8 or C.utf-8 locales were
installed.
That led to invalid agent output and crashes in section parsing
in multiple checks.
Linux, AIX, Solaris, FreeBSD and OpenWrt agents were affected.
Now, LC_ALL variable is set to C for the described case.
Change-Id: I615488e2ff8361716d4834ba86f9f03c78209cfb
Commit: 36dafc25e81c63254800114dd15be4aa89cef7d2
https://github.com/Checkmk/checkmk/commit/36dafc25e81c63254800114dd15be4aa8…
Author: Sofia Colakovic <sofia.colakovic(a)checkmk.com>
Date: 2024-01-09 (Tue, 09 Jan 2024)
Changed paths:
A .werks/16163
M agents/plugins/jar_signature
Log Message:
-----------
16163 SEC jar_signature: Prevent priviledge escalation
Agent plugin was vulnerable to the privilege escalation to root from an oracle user.
A malicious oracle user could replace the jarsigner binary with another script and put
it in the JAVA_HOME directory. The script would be executed by the root user.
The jarsigner is now executed by the oracle user, preventing the privilege escalation.
This issue was found during internal review.
CMK-15315
Change-Id: I2954f72ad3f426b10deadf4028926996a5569964
Commit: df896a7c5dc9462927b63fd00fbbe85b2c696251
https://github.com/Checkmk/checkmk/commit/df896a7c5dc9462927b63fd00fbbe85b2…
Author: Moritz Kiemer <moritz.kiemer(a)checkmk.com>
Date: 2024-01-09 (Tue, 09 Jan 2024)
Changed paths:
A .werks/16273
M agents/plugins/mk_tsm
A tests/unit-shell/agents/plugins/test_mk_tsm.sh
Log Message:
-----------
16273 SEC Local privilege escalation in agent plugin 'mk_tsm'
Change-Id: I088919799c9fc071849726d0d3d1604e06ed58b8
Commit: c6bab5765bbd1dd12b8e3dab1a96e25edcda59dc
https://github.com/Checkmk/checkmk/commit/c6bab5765bbd1dd12b8e3dab1a96e25ed…
Author: Maximilian Wirtz <maximilian.wirtz(a)checkmk.com>
Date: 2024-01-10 (Wed, 10 Jan 2024)
Changed paths:
A .werks/16227
M cmk/gui/login.py
M cmk/update_config.py
M cmk/utils/crypto/password_hashing.py
Log Message:
-----------
16227 SEC Disabled automation users could still authenticate
Prior to this Werk an automation user whose password was disabled also described as
"disable the login to this account" was still able to authenticate.
The information that a user was disabled was not checked for automation users.
We found this vulnerability internally.
<b>Affected Versions</b>:
* 2.2.0
* 2.1.0
* 2.0.0
* 1.6.0
* 1.5.0 (probably older versions as well)
<b>Mitigations</b>:
If the need arises to block an automation user one can change the password or remove that
user from the system.
<b>Vulnerability Management</b>:
We have rated the issue with a CVSS Score of 8.8 (High) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</tt>.
We assigned CVE-2023-31211 to this vulnerability.
<b>Changes</b>:
This Werk adds a check for the disabled information. During update you will be warned if a
automation user is currently disabled.
CMK-15213
Change-Id: I552d218ad181fecb0471d3dd4a4e08c9b669551f
Commit: 3ff75be1738cb01a6b51a394d5d4178ee7cd792e
https://github.com/Checkmk/checkmk/commit/3ff75be1738cb01a6b51a394d5d4178ee…
Author: Jonas Scharpf <jonas.scharpf(a)checkmk.com>
Date: 2024-01-10 (Wed, 10 Jan 2024)
Changed paths:
M tests/docker/test_docker.py
Log Message:
-----------
Update base version of checkmk-raw for docker test update
... as older tags got cleaned up with CMK-15313
Change-Id: I3f970ca3efc1ca9084e652031ab497dd622f7f36
Compare:
https://github.com/Checkmk/checkmk/compare/051d3fea5772...3ff75be1738c