Checkmk werks level1 October 2018

checkmk-werks-lvl1@lists.checkmk.com

14 participants
88 discussions

Check_MK Werk 6843: Increased size of "state of a service" BI rule input field

by Lars Michelsen

ID: 6843 Title: Increased size of "state of a service" BI rule input field Component: WATO Level: 1 Class: Bug fix Version: 1.6.0i1

5 years, 10 months

Check_MK Werk 6808: agent_vsphere: Fixed retrieving system information

by Simon Betz

ID: 6808 Title: agent_vsphere: Fixed retrieving system information Component: Checks & agents Level: 1 Class: Bug fix Version: 1.6.0i1

5 years, 10 months

Check_MK Werk 6806: Management boards: Fixed execution of inventory plugins

by Simon Betz

ID: 6806 Title: Management boards: Fixed execution of inventory plugins Component: HW/SW Inventory Level: 1 Class: Bug fix Version: 1.5.0p7

5 years, 10 months

Check_MK Werk 6842: Fixed dashlet top offset in classic theme

by Lars Michelsen

ID: 6842 Title: Fixed dashlet top offset in classic theme Component: Multisite Level: 1 Class: Bug fix Version: 1.6.0i1 CMK-1147

5 years, 10 months

Check_MK Werk 6841: Fixed missing hostname in graph collection graph titles

by Lars Michelsen

ID: 6841 Title: Fixed missing hostname in graph collection graph titles Component: metrics Level: 1 Class: Bug fix Version: 1.6.0i1

5 years, 10 months

Check_MK Werk 6505: Avoid CMC crash during event helper restarts.

by Sven Panne

ID: 6505 Title: Avoid CMC crash during event helper restarts. Component: Core & setup Level: 1 Class: Bug fix Version: 1.6.0i1 When an event helper (for notifications/alerts) should be restarted, the Check_MK Micro Core could go into an infinite recursion, ultimately leading to a crash of the CMC itself. This has been fixed. CMK-1117

5 years, 10 months

Check_MK Werk 6787: Notification spooler: Fixed file path traversal vulnerability

by Lars Michelsen

ID: 6787 Title: Notification spooler: Fixed file path traversal vulnerability Component: Notifications Level: 2 Class: Security fix Version: 1.6.0i1 The notification daemon of one site connects to the notification daemon of another site to exchange notifications between both sites. The notification daemon was not validating the incoming data correctly which made it possible for an attacker that has access to the notification sending site to compromise the receiving site. Using this vulnerability it was possible to write write files in directories that are writable by the receiving site user. This could be used to gain access to the site.

5 years, 10 months

Check_MK Werk 6786: Livestatus proxy: Fixed file path traversal vulnerability

by Lars Michelsen

ID: 6786 Title: Livestatus proxy: Fixed file path traversal vulnerability Component: Livestatus Proxy Level: 2 Class: Security fix Version: 1.6.0i1 The livestatus proxy connects to the livestatus server of remote sites. One task is to fetch the inventory data of the remote site and replicate it to the master site to make client accesses faster. The livestatus proxy was not validating the incoming data correctly which made it possible for an attacker that has access to the remote sites to compromise the site the livestatus proxy daemon is running in. Using this vulnerability it was possible to write write files in directories that are writable by the liveproxy site user. This could be used to gain access to the liveproxy site.

5 years, 10 months

Check_MK Werk 6788: Notification spooler: Fixed deserialization of arbitrary input

by Lars Michelsen

ID: 6788 Title: Notification spooler: Fixed deserialization of arbitrary input Component: Notifications Level: 2 Class: Security fix Version: 1.6.0i1 The notification daemon of one site connects to the notification daemon of another site to exchange notifications between both sites. The messages that are sent between the notification daemons were encoded in an insecure format which allowed code injections between the communication partners. This means it was possible to inject code from one notification spooler to another. We have now changed the message format to a secure alternative which prevents code injections. To be able to perform this transition without loosing notifications and preventing subtile incompatibilities we decided to keep the new format disabled by default for all sites created with Check_MK 1.4 and 1.5. This means your installation will still be affected by this issue by default after updating. However, once you have updated all your sites to at least 1.4.0p37 in case of the 1.4.0 branch or or at least 1.5.0p7 in case of the 1.5.0 branch you can change the main configuration option "Notification Spooler insecure messages" to "off" and activate the new configuration. Once you have done this all notification spoolers will use the new secure message format. Please note that the 1.6 notification spoolers will always use the new message format and not be compatible to the old message format of the 1.5 notification spoolers anymore. If you plan to use 1.5 and 1.6 together during migration you will have to ensure that you use the new message format in your 1.5 sites.

5 years, 10 months

Check_MK Werk 5847: lnx_thermal: Fixed to only gather values of temp & type

by Óscar Nájera

ID: 5847 Title: lnx_thermal: Fixed to only gather values of temp & type Component: Checks & agents Level: 1 Class: Bug fix Version: 1.5.0p6 The Linux agent collected too many values when hysteresis data was available and the check crashed. This has been fixed now by fixing the required values.

5 years, 10 months

← Newer
1
2
3
4
5
6
7
8
9
Older →

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Checkmk werks level1 October 2018