[//]: # (werk v2)
# Agent Updater: Better detection of underlying platform
key | value
---------- | ---
date | 2024-02-21T10:36:36+00:00
version | 2.3.0b1
class | fix
edition | cee
component | agents
level | 1
compatible | yes
Previously, the agent updater used to detect the underlying platform,
in terms of the combination of OS and package manager (e.g., Linux + RPM),
automatically by scanning for certrain directories.
As multiple package managers may be available on one system, this sometimes
lead to unexpected behavior on agent updates when the update mechanism decided
to switch to a different platform.
Now, the platform will be specified by a file that comes with the agent installation,
and the agent updater will rely on this static information instead of the dynamic detection.
[//]: # (werk v2)
# disk_smb: Allow macros in 'NetBIOS name of the server' field
key | value
---------- | ---
compatible | yes
version | 2.4.0b1
date | 2024-05-28T11:21:20+00:00
level | 1
class | fix
component | checks
edition | cre
With the rework of disk_smb active check in version 2.1.0, using macros in
'NetBIOS name of the server' was disallowed. Now, the macros are enabled
for this field again.
[//]: # (werk v2)
# Restrict check_sftp local paths
key | value
---------- | ---
date | 2024-05-16T09:48:20+00:00
version | 2.4.0b1
class | security
edition | cre
component | checks
level | 1
compatible | no
Prior to this Werk, `check_sftp` did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure `check_sftp` to read or write files within the Checkmk site home.
The local paths are now restricted to the folder `var/check_mk/active_checks/check_sftp` within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
*Affected Versions*:
* 2.3.0
* 2.2.0
* 2.1.0
* 2.0.0 (EOL)
*Vulnerability Management*:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: `CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H` and assigned CVE `CVE-2024-28826`.
ID: 16856
Title: disk_smb: Allow macros in 'NetBIOS name of the server' field
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.1.0p44
With the rework of disk_smb active check in version 2.1.0, using macros in
'NetBIOS name of the server' was disallowed. Now, the macros are enabled
for this field again.
ID: 14217
Title: No longer sporadically report stale services which are based on piggyback data
Component: Checks & agents
Level: 1
Class: Bug fix
Version: 2.1.0p44
If the check interval of a host was greater than 1 minute, any of its reported piggyback data
was at risk of being ignored by the target host because of being too old.
ID: 15200
Title: Restrict check_sftp local paths
Component: Checks & agents
Level: 1
Class: Security fix
Version: 2.2.0p27
Prior to this Werk, <code>check_sftp</code> did not restrict the local paths that for files to be uploaded and downloaded.
This allowed users with the permissions to configure <code>check_sftp</code> to read or write files within the Checkmk site home.
The local paths are now restricted to the folder <code>var/check_mk/active_checks/check_sftp</code> within the Checkmk site home.
As a consequence, the local paths in existing configurations will now be interpreted as relative to that folder.
Since a test file is created if the local file to upload doesn't exist, the check will continue to work, but it will not pick up files from the old location.
Similarly, the downloaded files will be stored in a new location.
This issue was found during internal review.
<em>Affected Versions</em>:
LI: 2.3.0
LI: 2.2.0
LI: 2.1.0
LI: 2.0.0 (EOL)
<em>Vulnerability Management</em>:
We have rated the issue with a CVSS Score of 8.8 High with the following CVSS vector: <code>CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H</code> and assigned CVE <code>CVE-2024-28826</code>.
Werk 14233 was adapted. The following is the new Werk, a diff is shown at the end of the message.
Title: HW/SW inventory: syncing inventory data from remote to central site did not work
Class: fix
Compatible: compat
Component: inv
Date: 1716885224
Edition: cre
Level: 1
Version: 2.2.0p27
HW/SW data synchronisation between a remote and a central site was interrupted after a new host was introduced at the remote site.
------------------------------------<diff>-------------------------------------------
- Title: HW/SW inventory: syncing inventory data from remote to central site did not working
? ---
+ Title: HW/SW inventory: syncing inventory data from remote to central site did not work
Class: fix
Compatible: compat
Component: inv
Date: 1716885224
Edition: cre
Level: 1
Version: 2.2.0p27
HW/SW data synchronisation between a remote and a central site was interrupted after a new host was introduced at the remote site.
Title: HW/SW inventory: syncing inventory data from remote to central site did not working
Class: fix
Compatible: compat
Component: inv
Date: 1716885224
Edition: cre
Level: 1
Version: 2.2.0p27
HW/SW data synchronisation between a remote and a central site was interrupted after a new host was introduced at the remote site.