UbuntuUpdates.org

Package "check-mk"

Name: check-mk

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • general purpose monitoring plugin for retrieving data
  • general purpose monitoring plugin for retrieving data
  • general purpose monitoring plugin for retrieving data
  • general purpose monitoring plugin for retrieving data (documentation)

Latest version: 1.2.8p16-1ubuntu0.2
Release: bionic (18.04)
Level: updates
Repository: universe

Links



Other versions of "check-mk" in Bionic

Repository Area Version
base universe 1.2.8p16-1ubuntu0.1
security universe 1.2.8p16-1ubuntu0.2

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.2.8p16-1ubuntu0.2 2022-07-20 08:06:16 UTC

  check-mk (1.2.8p16-1ubuntu0.2) bionic-security; urgency=medium

  * SECURITY UPDATE: fix race condition vulnerability
    - debian/patches/04_CVE-2017-14955.dpatch: fix race condition in userdb.py
    - CVE-2017-14955
  * SECURITY UPDATE: fix XSS vulnerability
    - debian/patches/05_CVE-2017-9781.dpatch: fix xss in index.py
    - debian/patches/06_CVE-2021-36563.dpatch: fix xss in valuespec.py
    - debian/patches/07_CVE-2021-40906.dpatch: fix xss in metrics.py
    - debian/patches/08_CVE-2022-24565.dpatch: fix xss in valuespec.py
    - CVE-2017-9781
    - CVE-2021-36563
    - CVE-2021-40906
    - CVE-2022-24565

 -- Nishit Majithia <email address hidden> Tue, 19 Jul 2022 19:26:18 +0530

CVE-2017-14955 Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to
CVE-2017-9781 A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject
CVE-2021-36563 The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an at
CVE-2021-40906 CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. Thi
CVE-2022-24565 Checkmk <=2.0.0p19 Fixed in 2.0.0p20 and Checkmk <=1.6.0p27 Fixed in 1.6.0p28 are affected by a Cross Site Scripting (XSS) vulnerability. The Alias o



About   -   Send Feedback to @ubuntu_updates