USN-5527-1: Checkmk vulnerabilities
20 July 2022
Several security issues were fixed in Checkmk.
Releases
Packages
- check-mk - general purpose monitoring plugin for retrieving data
Details
It was discovered that Checkmk incorrectly handled authentication. An attacker
could possibly use this issue to cause a race condition leading to information
disclosure. (CVE-2017-14955)
It was discovered that Checkmk incorrectly handled certain inputs. An attacker
could use these cross-site scripting issues to inject arbitrary html or
javascript code to obtain sensitive information including user information,
session cookies and valid credentials. (CVE-2017-9781, CVE-2021-36563,
CVE-2021-40906, CVE-2022-24565)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.04
-
check-mk-multisite
-
1.2.8p16-1ubuntu0.2
-
check-mk-server
-
1.2.8p16-1ubuntu0.2
-
check-mk-livestatus
-
1.2.8p16-1ubuntu0.2
In general, a standard system update will make all the necessary changes.
Related notices
- USN-5527-2: check-mk-doc, check-mk-livestatus, check-mk-agent, check-mk-config-icinga, check-mk-server, check-mk-multisite, check-mk-config-nagios3, check-mk, check-mk-agent-logwatch