[//]: # (werk v2)
# hyperv_vms: Mapping of VM-to-monitoring state causes UNKNOWN services
key | value
---------- | ---
date | 2024-05-27T14:11:42+00:00
version | 2.4.0b1
class | fix
edition | cre
component | checks
level | 1
compatible | yes
This is a regression since Checkmk 2.3.0.
When configuring the rule _Microsoft Hyper-V Server VM state_ with option
_Translation of VM state to monitoring state: Direct mapping of VM state to monitoring state_,
the matching _VM_ services previously showed up with status _UNKNOWN_ for all VM states that were not
explicitly configured by the rule.
[//]: # (werk v2)
# Limit "Send out notification" on test to HTML and ASCII Email
key | value
---------- | ---
date | 2024-05-31T10:16:11+00:00
version | 2.4.0b1
class | fix
edition | cre
component | notifications
level | 1
compatible | yes
If you used the option "Send out notification according to notification rules
(uncheck to avoid spam)" in "Test configuration" for other notification methods
than "HTML Email" or "ASCII Email", the processed notification script could
crash with a Traceback.
This is caused by missing notification parameters that differ for each
notification method.
We now limit the mentioned option to HTML and ASCII Email, as originally
intended.
Testing all other notification methods is still possible, but you can only send
out HTML and ASCII notifications.
ID: 16827
Title: Fix checkmk errors appearing at the bottom of the page
Component: Setup
Level: 1
Class: Bug fix
Version: 2.2.0p27
A certain class of errors, including time out errors appeared at
the bottom of a page, making the error difficult to notice, especially
when viewing large tables. With this werk, these error messages
will appear on top of the page like all other errors.
ID: 16828
Title: netapp: Fix crash when setting state in snapshot reserve service rule
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.2.0p27
A problem in the NetApp Snapshot Reserve rule caused a crash
when setting the "State when no reserve is configured" option.
This werk fixes the bug such that the state can be defined
as expected.
Werk 15200 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Restrict check_sftp local paths
Class: security
Compatible: incomp
Component: checks
Date: 1715852900
Edition: cre
Level: 1
Version: 2.1.0p44
Prior to this Werk, <code>check_sftp</code> did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure <code>check_sftp</code> to read or write files within the Checkmk site home.
The local paths are now restricted to the folder <code>var/check_mk/active_checks/check_sftp</code> within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
If you want a hot-fix in existing versions and are not using `check_sftp`, you can remove the executable (`/omd/sites/[SITE_ID]/lib/nagios/plugins/check_sftp`) from your installation.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</code> and assigned CVE <code>CVE-2024-28826</code>.
------------------------------------<diff>-------------------------------------------
Title: Restrict check_sftp local paths
Class: security
Compatible: incomp
Component: checks
Date: 1715852900
Edition: cre
Level: 1
Version: 2.1.0p44
Prior to this Werk, <code>check_sftp</code> did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure <code>check_sftp</code> to read or write files within the Checkmk site home.
The local paths are now restricted to the folder <code>var/check_mk/active_checks/check_sftp</code> within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
+ If you want a hot-fix in existing versions and are not using `check_sftp`, you can remove the executable (`/omd/sites/[SITE_ID]/lib/nagios/plugins/check_sftp`) from your installation.
+
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</code> and assigned CVE <code>CVE-2024-28826</code>.
Werk 15200 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: Restrict check_sftp local paths
Class: security
Compatible: incomp
Component: checks
Date: 1715852900
Edition: cre
Level: 1
Version: 2.2.0p27
Prior to this Werk, <code>check_sftp</code> did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure <code>check_sftp</code> to read or write files within the Checkmk site home.
The local paths are now restricted to the folder <code>var/check_mk/active_checks/check_sftp</code> within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
If you want a hot-fix in existing versions and are not using `check_sftp`, you can remove the executable (`/omd/sites/[SITE_ID]/lib/nagios/plugins/check_sftp`) from your installation.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</code> and assigned CVE <code>CVE-2024-28826</code>.
------------------------------------<diff>-------------------------------------------
Title: Restrict check_sftp local paths
Class: security
Compatible: incomp
Component: checks
Date: 1715852900
Edition: cre
Level: 1
Version: 2.2.0p27
Prior to this Werk, <code>check_sftp</code> did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure <code>check_sftp</code> to read or write files within the Checkmk site home.
The local paths are now restricted to the folder <code>var/check_mk/active_checks/check_sftp</code> within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
+ If you want a hot-fix in existing versions and are not using `check_sftp`, you can remove the executable (`/omd/sites/[SITE_ID]/lib/nagios/plugins/check_sftp`) from your installation.
+
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</code> and assigned CVE <code>CVE-2024-28826</code>.
Werk 15200 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# Restrict check_sftp local paths
key | value
---------- | ---
date | 2024-05-16T09:48:20+00:00
version | 2.3.0p4
class | security
edition | cre
component | checks
level | 1
compatible | no
Prior to this Werk, `check_sftp` did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure `check_sftp` to read or write files within the Checkmk site home.
The local paths are now restricted to the folder `var/check_mk/active_checks/check_sftp` within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
If you want a hot-fix in existing versions and are not using `check_sftp`, you can remove the executable (`/omd/sites/[SITE_ID]/lib/nagios/plugins/check_sftp`) from your installation.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H` and assigned CVE `CVE-2024-28826`.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
# Restrict check_sftp local paths
key | value
---------- | ---
date | 2024-05-16T09:48:20+00:00
version | 2.3.0p4
class | security
edition | cre
component | checks
level | 1
compatible | no
Prior to this Werk, `check_sftp` did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure `check_sftp` to read or write files within the Checkmk site home.
The local paths are now restricted to the folder `var/check_mk/active_checks/check_sftp` within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
+ If you want a hot-fix in existing versions and are not using `check_sftp`, you can remove the executable (`/omd/sites/[SITE_ID]/lib/nagios/plugins/check_sftp`) from your installation.
+
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H` and assigned CVE `CVE-2024-28826`.
Werk 15200 was adapted. The following is the new Werk, a diff is shown at the end of the message.
[//]: # (werk v2)
# Restrict check_sftp local paths
key | value
---------- | ---
date | 2024-05-16T09:48:20+00:00
version | 2.4.0b1
class | security
edition | cre
component | checks
level | 1
compatible | no
Prior to this Werk, `check_sftp` did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure `check_sftp` to read or write files within the Checkmk site home.
The local paths are now restricted to the folder `var/check_mk/active_checks/check_sftp` within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
If you want a hot-fix in existing versions and are not using `check_sftp`, you can remove the executable (`/omd/sites/[SITE_ID]/lib/nagios/plugins/check_sftp`) from your installation.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H` and assigned CVE `CVE-2024-28826`.
------------------------------------<diff>-------------------------------------------
[//]: # (werk v2)
# Restrict check_sftp local paths
key | value
---------- | ---
date | 2024-05-16T09:48:20+00:00
version | 2.4.0b1
class | security
edition | cre
component | checks
level | 1
compatible | no
Prior to this Werk, `check_sftp` did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure `check_sftp` to read or write files within the Checkmk site home.
The local paths are now restricted to the folder `var/check_mk/active_checks/check_sftp` within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
+ If you want a hot-fix in existing versions and are not using `check_sftp`, you can remove the executable (`/omd/sites/[SITE_ID]/lib/nagios/plugins/check_sftp`) from your installation.
+
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H` and assigned CVE `CVE-2024-28826`.
[//]: # (werk v2)
# Re-enable bulk service discovery in empty folders
key | value
---------- | ---
date | 2024-05-30T10:51:31+00:00
version | 2.3.0p5
class | fix
edition | cre
component | multisite
level | 1
compatible | yes
The page menu entry "Hosts" > "In this folder" > "Run bulk service discovery" on folder setup pages was unclickable if there was no host given in the current folder, even if subfolders held hosts.
This bug is fixed to the former behavior, enabling the bulk service discovery whenever the current folder or any of its subfolders holds at least one host.