[//]: # (werk v2)
# disk_smb: Allow macros in 'NetBIOS name of the server' field
key | value
---------- | ---
compatible | yes
version | 2.4.0b1
date | 2024-05-28T11:21:20+00:00
level | 1
class | fix
component | checks
edition | cre
With the rework of disk_smb active check in version 2.1.0, using macros in
'NetBIOS name of the server' was disallowed. Now, the macros are enabled
for this field again.
[//]: # (werk v2)
# Restrict check_sftp local paths
key | value
---------- | ---
date | 2024-05-16T09:48:20+00:00
version | 2.4.0b1
class | security
edition | cre
component | checks
level | 1
compatible | no
Prior to this Werk, `check_sftp` did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure `check_sftp` to read or write files within the Checkmk site home.
The local paths are now restricted to the folder `var/check_mk/active_checks/check_sftp` within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H` and assigned CVE `CVE-2024-28826`.
ID: 16856
Title: disk_smb: Allow macros in 'NetBIOS name of the server' field
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.1.0p44
With the rework of disk_smb active check in version 2.1.0, using macros in
'NetBIOS name of the server' was disallowed. Now, the macros are enabled
for this field again.
ID: 14217
Title: No longer sporadically report stale services which are based on piggyback data
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.1.0p44
If the check interval of a host was greater than 1 minute, any of its reported piggyback data
was at risk of being ignored by the target host because of being too old.
ID: 15200
Title: Restrict check_sftp local paths
Component: Checks & agents
Level: 1
Class: Security fix
Version: 2.2.0p27
Prior to this Werk, <code>check_sftp</code> did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure <code>check_sftp</code> to read or write files within the Checkmk site home.
The local paths are now restricted to the folder <code>var/check_mk/active_checks/check_sftp</code> within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</code> and assigned CVE <code>CVE-2024-28826</code>.
Werk 14233 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: HW/SW inventory: syncing inventory data from remote to central site did not work
Class: fix
Compatible: compat
Component: inv
Date: 1716885224
Edition: cre
Level: 1
Version: 2.2.0p27
HW/SW data synchronisation between a remote and a central site was interrupted after a new host was introduced at the remote site.
------------------------------------<diff>-------------------------------------------
- Title: HW/SW inventory: syncing inventory data from remote to central site did not working
? ---
+ Title: HW/SW inventory: syncing inventory data from remote to central site did not work
Class: fix
Compatible: compat
Component: inv
Date: 1716885224
Edition: cre
Level: 1
Version: 2.2.0p27
HW/SW data synchronisation between a remote and a central site was interrupted after a new host was introduced at the remote site.
Title: HW/SW inventory: syncing inventory data from remote to central site did not working
Class: fix
Compatible: compat
Component: inv
Date: 1716885224
Edition: cre
Level: 1
Version: 2.2.0p27
HW/SW data synchronisation between a remote and a central site was interrupted after a new host was introduced at the remote site.
Title: omd cp: Fix RuntimeError: Failed to determine site version
Class: fix
Compatible: compat
Component: omd
Date: 1716877362
Edition: cre
Level: 1
Version: 2.2.0p27
This problem affects users of the Checkmk Raw Edition.
Previously, the command <tt>sudo omd mv cmk1 cmk2</tt> would result in the following traceback.
C+:
File "/omd/versions/2.2.0p26.cre/lib/python3/omdlib/contexts.py", line 155, in replacements
raise RuntimeError("Failed to determine site version")
RuntimeError: Failed to determine site version
C-:
With this Werk, the error is fixed.