Your submission was sent successfully! Close

You have successfully unsubscribed! Close

USN-5527-1: Checkmk vulnerabilities

20 July 2022

Several security issues were fixed in Checkmk.

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Releases

Packages

  • check-mk - general purpose monitoring plugin for retrieving data

Details

It was discovered that Checkmk incorrectly handled authentication. An attacker
could possibly use this issue to cause a race condition leading to information
disclosure. (CVE-2017-14955)

It was discovered that Checkmk incorrectly handled certain inputs. An attacker
could use these cross-site scripting issues to inject arbitrary html or
javascript code to obtain sensitive information including user information,
session cookies and valid credentials. (CVE-2017-9781, CVE-2021-36563,
CVE-2021-40906, CVE-2022-24565)

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Learn more about Ubuntu Pro

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 18.04

In general, a standard system update will make all the necessary changes.

Related notices

  • USN-5527-2: check-mk-livestatus, check-mk-config-icinga, check-mk, check-mk-doc, check-mk-agent, check-mk-agent-logwatch, check-mk-server, check-mk-config-nagios3, check-mk-multisite