Branch: refs/heads/2.0.0
Home:
https://github.com/tribe29/checkmk
Commit: 88fc002e9f1980c190f85d1d8a4ca5771b3d94c2
https://github.com/tribe29/checkmk/commit/88fc002e9f1980c190f85d1d8a4ca5771…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
R .werks/14483
M Pipfile
M Pipfile.lock
M omd/packages/python3-modules/python3-modules.make
R omd/packages/python3-modules/src/Babel-2.10.3.tar.gz
A omd/packages/python3-modules/src/Babel-2.8.0.tar.gz
A omd/packages/python3-modules/src/PyJWT-1.7.1.tar.gz
R omd/packages/python3-modules/src/PyJWT-2.4.0.tar.gz
A omd/packages/python3-modules/src/PyPDF2-1.26.0.tar.gz
R omd/packages/python3-modules/src/PyPDF2-2.10.2.tar.gz
A omd/packages/python3-modules/src/reportlab-3.5.34.tar.gz
R omd/packages/python3-modules/src/reportlab-3.6.11.tar.gz
A omd/packages/python3-modules/src/rsa-4.6.tar.gz
R omd/packages/python3-modules/src/rsa-4.9.tar.gz
A omd/packages/python3-modules/src/typing_extensions-3.7.4.1.tar.gz
R omd/packages/python3-modules/src/typing_extensions-4.3.0.tar.gz
Log Message:
-----------
Revert "Revert "Revert "14483 SEC Update dependencies"""
This reverts commit e32d55125f760f318473b6228d5e706585fedf24.
Reason for revert: Tests fail
Change-Id: I5e724776991302216b079d9d02ecbb1b9d0bfcbf
Commit: 98978b78b5a1a6d71e1c4c91df1d69d004decd20
https://github.com/tribe29/checkmk/commit/98978b78b5a1a6d71e1c4c91df1d69d00…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
M omd/packages/python3-modules/python3-modules.make
Log Message:
-----------
Revert "Add workaround for package build without setup.py"
This reverts commit 4166cd932aab5328b764149ea0af18f908254cb2.
Reason for revert: Tests fail
Change-Id: I0b4a32f89c5f95b6ff3fb86b14e2497b20121b15
Commit: 73a5201ded5c011549c6a743a63802677791d78c
https://github.com/tribe29/checkmk/commit/73a5201ded5c011549c6a743a63802677…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14381
M notifications/sms
Log Message:
-----------
14381 SEC Fix command injection in SMS notification script
Previous to this Werk it was possible to inject arbitrary shell commands
when sending SMS notifications. For this, attackers would have needed to
place a crafted string in a user's Pager Address, which was not properly
escaped by the SMS script.
In most setups, this issue will not be exploitable: Changing a user's
Pager Address requires the User Management permission. Users with that
permission are effectively Administrators and can thus already
legitimately execute code in the Site context. Note however, that in
some setups the attribute can also be configured by external interfaces,
for example via LDAP User Synchronization.
<b>Affected Versions</b>: All currently supported versions are affected:
1.6, 2.0, and 2.1.
<b>Mitigations</b>: As an immediate mitigation all notifications via the
method "SMS (using smstools)" can be disabled. Note that users' personal
notification rules are affected as well.
<b>Indicators of Compromise</b>: If you suspect this issue might have
been exploited in your installation, validate users' Pager Address
fields. Check the Audit Log for changes to this field.
<b>Vulnerability Management</b>: We have rated the issue with a CVSS
Score of 8.0 (High) with the following CVSS vector:
<tt>CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H</tt>. A CVE has been
requested.
<b>Changes</b>: This Werk replaces a hazardous call to
<tt>os.system</tt> by a safer alternative and adds additional validation
to the Pager Address before attempting to send SMS to it. Valid Pager
Addresses may now include letters, numbers, space characters, any of the
characters <tt>. / - ()</tt>, as well as a <tt>+</tt> character at
the
beginning.
Change-Id: I75d5ea3ac8cc3e0e9eb9390cef2d70cfa4cac38d
Commit: 509e7453c96f38e3d4c0fcf2d280f2faac08cbd9
https://github.com/tribe29/checkmk/commit/509e7453c96f38e3d4c0fcf2d280f2faa…
Author: Hannes Rantzsch <hannes.rantzsch(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14383
M cmk/gui/watolib/auth_php.py
M cmk/gui/watolib/tags.py
M cmk/gui/watolib/utils.py
M tests/unit/cmk/gui/watolib/test_watolib.py
Log Message:
-----------
14383 SEC Fix code injection in watolib
This Werk fixes a code injection vulnerability in watolib.
Prior to this Werk it was possible for authenticated users to inject PHP
code in files generated by Wato for NagVis integration. The code would
be executed once a request to the respective NagVis component is made.
The underlying reason for this issue was that user data entered in Wato
was not properly sanitized when writing to the PHP file.
We thank Stefan Schiller (SonarSource) for reporting this issue.
Affected Versions: All currently supported versions are affected:
1.6, 2.0, and 2.1.
Mitigations: As an immediate mitigation you can entirely disable
PHP on your server. Note that NagVis will not work anymore without PHP.
Indicators of Compromise: Malicious code is injected in either of
the files <tt>var/check_mk/wato/auth/auth.php</tt> or
<tt>var/check_mk/wato/php-api/hosttags.php</tt>. Check these files for
suspicious code.
Vulnerability Management: We have rated the issue with a CVSS
Score of 9.1 (Critical) with the following CVSS vector:
<tt>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L</tt>. A CVE has been
requested.
Changes: This Werk fixes the vulnerability by improving
sanitization.
CMK-11206
Change-Id: I54e0dc8ed44df4cbb4d873de2bab9b91f391368c
Commit: a08326084023c15b98f1c40181013ef7b4a3d1b9
https://github.com/tribe29/checkmk/commit/a08326084023c15b98f1c40181013ef7b…
Author: Andreas Umbreit <andreas.umbreit(a)tribe29.com>
Date: 2022-08-29 (Mon, 29 Aug 2022)
Changed paths:
A .werks/14732
Log Message:
-----------
14732 FIX cmk-update-agent: Retry locking
The agent updater is designed to have no more than one instance running
at a time on a host. This is implemented by holding a file lock while running.
We recently observed that a lock may sometimes fail briefly after it was
released by a previous agent updater instance, possibly due to some anti virus
software.
To mitigate this situation, the locking is now retried 10 times before aborting
the agent updater call.
Change-Id: Ib7952650460b73b4f6317a2b18fa5ecd3580f08d
Commit: 2480848f9bcf00b7dee952336b938f83d5e4ee1f
https://github.com/tribe29/checkmk/commit/2480848f9bcf00b7dee952336b938f83d…
Author: Kenneth Okoh <kenneth.okoh(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M web/htdocs/themes/facelift/scss/_mega_menu.scss
Log Message:
-----------
Mega menu: Fix 'show more' for single-column menu
When the 'Monitor' or 'Setup' menu was displayed as a single column
(monitors of great height), the 'show more' button was rendered outside
of the menu.
Change-Id: I094755d64e0375bfee7713b03ad20011aa9365e6
Commit: 1a41c1795b9c97c2b212233411a40fd252c12ea3
https://github.com/tribe29/checkmk/commit/1a41c1795b9c97c2b212233411a40fd25…
Author: Lars Michelsen <lm(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14291
A omd/packages/nagvis/nagvis-1.9.34.tar.gz
M omd/packages/nagvis/nagvis.make
Log Message:
-----------
14291 SEC NagVis: Updated to 1.9.34 (Fix security issues)
This update of NagVis fixes the following security issues:
1. Fix SSRF (triggerable by admin users)
An administrative user with access to the global options, could perform a
server-side request forgery.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:L (8.2)
2. Fix arbitrary file read
An authenticated attacker can read arbitrary files with the permissions of the
web server user.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L (9.1)
3. Fix type juggling vulnerability in cookie hash processing
An attacker could bypass the authentication and gain access to the NagVis
component of checkmk.
Change-Id: I014996ba270dc1fc0ef7829ee85f8f716aa9cd03
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N (3.7)
Commit: 62e8f8562273e170c153396f29e76426052d88b9
https://github.com/tribe29/checkmk/commit/62e8f8562273e170c153396f29e764260…
Author: Checkmk release system <feedback(a)checkmk.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
M agents/check_mk_agent.aix
M agents/check_mk_agent.freebsd
M agents/check_mk_agent.hpux
M agents/check_mk_agent.linux
M agents/check_mk_agent.macosx
M agents/check_mk_agent.netbsd
M agents/check_mk_agent.openbsd
M agents/check_mk_agent.openvms
M agents/check_mk_agent.openwrt
M agents/check_mk_agent.solaris
M agents/plugins/apache_status.py
M agents/plugins/asmcmd.sh
M agents/plugins/db2_mem
M agents/plugins/dnsclient
M agents/plugins/hpux_lunstats
M agents/plugins/hpux_statgrab
M agents/plugins/ibm_mq
M agents/plugins/isc_dhcpd.py
M agents/plugins/jar_signature
M agents/plugins/kaspersky_av
M agents/plugins/lnx_quota
M agents/plugins/lvm
M agents/plugins/mailman_lists
M agents/plugins/mk_apt
M agents/plugins/mk_ceph
M agents/plugins/mk_cups_queues
M agents/plugins/mk_db2.aix
M agents/plugins/mk_db2.linux
M agents/plugins/mk_docker.py
M agents/plugins/mk_errpt.aix
M agents/plugins/mk_filehandler
M agents/plugins/mk_filestats.py
M agents/plugins/mk_haproxy.freebsd
M agents/plugins/mk_informix
M agents/plugins/mk_inotify.py
M agents/plugins/mk_inventory.aix
M agents/plugins/mk_inventory.linux
M agents/plugins/mk_inventory.solaris
M agents/plugins/mk_iptables
M agents/plugins/mk_jolokia.py
M agents/plugins/mk_logins
M agents/plugins/mk_logwatch.py
M agents/plugins/mk_mongodb.py
M agents/plugins/mk_mysql
M agents/plugins/mk_nfsiostat
M agents/plugins/mk_omreport
M agents/plugins/mk_oracle
M agents/plugins/mk_oracle_crs
M agents/plugins/mk_postgres.py
M agents/plugins/mk_redis
M agents/plugins/mk_sap.aix
M agents/plugins/mk_sap.py
M agents/plugins/mk_sap_hana
M agents/plugins/mk_saprouter
M agents/plugins/mk_scaleio
M agents/plugins/mk_site_object_counts
M agents/plugins/mk_sshd_config
M agents/plugins/mk_suseconnect
M agents/plugins/mk_tinkerforge.py
M agents/plugins/mk_tsm
M agents/plugins/mk_zypper
M agents/plugins/mtr.py
M agents/plugins/netstat.aix
M agents/plugins/netstat.linux
M agents/plugins/netstat.solaris
M agents/plugins/nfsexports
M agents/plugins/nfsexports.solaris
M agents/plugins/nginx_status.py
M agents/plugins/plesk_backups.py
M agents/plugins/plesk_domains.py
M agents/plugins/runas
M agents/plugins/smart
M agents/plugins/symantec_av
M agents/plugins/unitrends_replication.py
M agents/plugins/vxvm
M agents/plugins/websphere_mq
M agents/windows/plugins/ad_replication.bat
M agents/windows/plugins/arcserve_backup.ps1
M agents/windows/plugins/citrix_farm.ps1
M agents/windows/plugins/citrix_licenses.vbs
M agents/windows/plugins/citrix_xenapp.ps1
M agents/windows/plugins/hyperv_vms.ps1
M agents/windows/plugins/hyperv_vms_guestinfos.ps1
M agents/windows/plugins/iis_app_pool_state.ps1
M agents/windows/plugins/kaspersky_av_client.vbs
M agents/windows/plugins/mcafee_av_client.bat
M agents/windows/plugins/megaraid.bat
M agents/windows/plugins/mk_dhcp_enabled.bat
M agents/windows/plugins/mk_inventory.vbs
M agents/windows/plugins/mk_msoffice.ps1
M agents/windows/plugins/mk_mysql.vbs
M agents/windows/plugins/mk_oracle.ps1
M agents/windows/plugins/msexch_dag.ps1
M agents/windows/plugins/msexch_database.ps1
M agents/windows/plugins/mssql.vbs
M agents/windows/plugins/netstat_an.bat
M agents/windows/plugins/rds_licenses.vbs
M agents/windows/plugins/rstcli.bat
M agents/windows/plugins/sansymphony.ps1
M agents/windows/plugins/storcli.bat
M agents/windows/plugins/tsm_checks.bat
M agents/windows/plugins/veeam_backup_status.ps1
M agents/windows/plugins/win_dhcp_pools.bat
M agents/windows/plugins/win_dmidecode.bat
M agents/windows/plugins/win_license.bat
M agents/windows/plugins/win_printers.ps1
M agents/windows/plugins/windows_broadcom_bonding.bat
M agents/windows/plugins/windows_if.ps1
M agents/windows/plugins/windows_intel_bonding.bat
M agents/windows/plugins/windows_multipath.vbs
M agents/windows/plugins/windows_os_bonding.ps1
M agents/windows/plugins/windows_tasks.ps1
M agents/windows/plugins/windows_updates.vbs
M agents/windows/plugins/wmic_if.bat
M agents/wnx/src/common/wnx_version.h
M bin/livedump
M bin/mkbackup
M bin/mkbench
M cmk/utils/version.py
M configure.ac
M defines.make
M docker/Dockerfile
Log Message:
-----------
Set version to 2.0.0p29
Commit: 1e5a7a16ffbc5d2b70961c1901be13e4b1b614db
https://github.com/tribe29/checkmk/commit/1e5a7a16ffbc5d2b70961c1901be13e4b…
Author: Ronny Bruska <ronny.bruska(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14745
M cmk/gui/plugins/metrics/graph_images.py
M cmk/notification_plugins/mail.py
Log Message:
-----------
14745 FIX Fix "Data: b''" in notification result of event console bulk
notifications
SUP-11297
Change-Id: I14405d868ab0e565b2767aa6e7f0462c22457f14
Commit: 5606798eb438a8075df40944470db03067da6bce
https://github.com/tribe29/checkmk/commit/5606798eb438a8075df40944470db0306…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A tests/unit/checks/test_apc_mod_pdu_modules.py
Log Message:
-----------
apc_mod_pdu_modules: unit tests
SUP-11401
Change-Id: I7e051a709947665fe613f62241d653653b09c907
Commit: 67165f12877c8e9af39c14c0c944f34e0d91e841
https://github.com/tribe29/checkmk/commit/67165f12877c8e9af39c14c0c944f34e0…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14764
M checks/apc_mod_pdu_modules
M tests/unit/checks/test_apc_mod_pdu_modules.py
Log Message:
-----------
14764 FIX apc_mod_pdu_modules: total power measurement displayed at wrong scale
SUP-11401
Change-Id: Idac32ec0c725f25778296bc33820a1767b74f03d
Commit: 6b92ee905f0b47eaf997f3dc54fc447b926266ac
https://github.com/tribe29/checkmk/commit/6b92ee905f0b47eaf997f3dc54fc447b9…
Author: Lisa Pichler <lisa.pichler(a)tribe29.com>
Date: 2022-08-30 (Tue, 30 Aug 2022)
Changed paths:
A .werks/14761
M agents/plugins/mk_sap_hana
Log Message:
-----------
14761 FIX SAP Hana fileinfo: negative file age causes crash
SUP-11334
Change-Id: Ifc8536b3f6f4580e476509cc9a6f1ab6d74fdf5e
Compare:
https://github.com/tribe29/checkmk/compare/e32d55125f76...6b92ee905f0b