USN-5527-2: Checkmk vulnerabilities
20 July 2022
Several security issues were fixed in Checkmk.
Releases
Packages
- check-mk - general purpose nagios-plugin for retrieving data
Details
USN-5527-1 fixed vulnerabilities in Checkmk. This update provides the
corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Checkmk incorrectly handled authentication. An attacker
could possibly use this issue to cause a race condition leading to information
disclosure. (CVE-2017-14955)
It was discovered that Checkmk incorrectly handled certain inputs. An attacker
could use these cross-site scripting issues to inject arbitrary html or
javascript code to obtain sensitive information including user information,
session cookies and valid credentials. (CVE-2017-9781, CVE-2021-36563,
CVE-2021-40906, CVE-2022-24565)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 16.04
-
check-mk-multisite
-
1.2.6p12-1ubuntu0.16.04.1+esm1
Available with Ubuntu Pro
-
check-mk-server
-
1.2.6p12-1ubuntu0.16.04.1+esm1
Available with Ubuntu Pro
-
check-mk-livestatus
-
1.2.6p12-1ubuntu0.16.04.1+esm1
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5527-1: check-mk-livestatus, check-mk-doc, check-mk-server, check-mk-config-icinga, check-mk-agent, check-mk, check-mk-agent-logwatch, check-mk-multisite