UbuntuUpdates.org

Package "check-mk-livestatus"

Name: check-mk-livestatus

Description:

general purpose monitoring plugin for retrieving data

Latest version: 1.2.8p16-1ubuntu0.2
Release: bionic (18.04)
Level: security
Repository: universe
Head package: check-mk

Links


Download "check-mk-livestatus"


Other versions of "check-mk-livestatus" in Bionic

Repository Area Version
base universe 1.2.8p16-1ubuntu0.1
updates universe 1.2.8p16-1ubuntu0.2

Changelog

Version: 1.2.8p16-1ubuntu0.2 2022-07-20 07:07:09 UTC

  check-mk (1.2.8p16-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: fix race condition vulnerability
    - debian/patches/04_CVE-2017-14955.dpatch: fix race condition in userdb.py
    - CVE-2017-14955
  * SECURITY UPDATE: fix XSS vulnerability
    - debian/patches/05_CVE-2017-9781.dpatch: fix xss in index.py
    - debian/patches/06_CVE-2021-36563.dpatch: fix xss in valuespec.py
    - debian/patches/07_CVE-2021-40906.dpatch: fix xss in metrics.py
    - debian/patches/08_CVE-2022-24565.dpatch: fix xss in valuespec.py
    - CVE-2017-9781
    - CVE-2021-36563
    - CVE-2021-40906
    - CVE-2022-24565

 -- Nishit Majithia <email address hidden> Tue, 19 Jul 2022 19:26:18 +0530

CVE-2017-14955 Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to
CVE-2017-9781 A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject
CVE-2021-36563 The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an at
CVE-2021-40906 CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. Thi
CVE-2022-24565 Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias o



About   -   Send Feedback to @ubuntu_updates