You are here
Home > Preporuke > Sigurnosni nedostaci programskog paketa check-mk

Sigurnosni nedostaci programskog paketa check-mk

by ncert - 0

——————————————————————————–
Fedora Update Notification
FEDORA-2014-11082
2014-09-19 09:07:06
——————————————————————————–

Name : check-mk
Product : Fedora 19
Version : 1.2.4p5
Release : 1.fc19
URL : http://mathias-kettner.de/check_mk
Summary : A new general purpose Nagios-plugin for retrieving data
Description :
check-mk is a general purpose Nagios-plugin for retrieving data. It adopts a
new approach for collecting data from operating systems and network components.
It obsoletes NRPE, check_by_ssh, NSClient, and check_snmp and it has many
benefits, the most important are a significant reduction of CPU usage on
the Nagios host and an automatic inventory of items to be checked on hosts.

——————————————————————————–
Update Information:

New upstream release providing many security fixes.
——————————————————————————–
ChangeLog:

* Wed Sep 17 2014 Andrea Veri <averi@fedoraproject.org> – 1.2.4p5-1
– New upstream release. Fixes CVEs:
– CVE-2014-5338
– CVE-2014-5339
– CVE-2014-5340 (BZ: #1132337, #1132339, #1132341)
– Stop shipping the j4p_performance plugin as it’s deprecated. (BZ: #1133068)
– Turn Wato_Legacy_Eval as True as we want to prevent breakages
between machines running different Python and/or check-mk releases.
This is necessary after the ‘ast’ move from ‘pickle’ (that was
generating a insecure API call), however the ‘ast’ module is still
not available for RHEL / CentOS 5 machines. The patch is there to
avoid miscommunications between different distribution releases. More
information is available at:
http://mathias-kettner.com/check_mk_werks.php?werk_id=984.
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1.2.4p2-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1.2.4p2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue May 27 2014 Andrea Veri <averi@fedoraproject.org> – 1.2.4p2-2
– Install the mk-job binary on /usr/bin.
– Make sure the proper permissions are given to /var/lib/check_mk_agent/job
to prevent any hard or symlink to be created by a normal user and pointing
to any file on the filesystem exposing it on the check-mk-agent output being
run as root. Fixes BZ #1101669.
* Mon Apr 14 2014 Andrea Veri <averi@fedoraproject.org> – 1.2.4p2-1
– New upstream release.
* Wed Apr 2 2014 Andrea Veri <averi@fedoraproject.org> – 1.2.4p1-1
– New upstream release. Fixes the missing two CVEs that were still
left unfixed on 1.2.4:
– CVE-2014-2330
– CVE-2014-2331
* Tue Mar 25 2014 Andrea Veri <averi@fedoraproject.org> – 1.2.4-1
– New upstream release. Fixes the following CVEs:
– CVE-2014-2329
– CVE-2014-2332
* Wed Oct 2 2013 Andrea Veri <averi@fedoraproject.org> – 1.2.2p2-2
– Make sure an /etc/check_mk/conf.d/wato directory is created for WATO
to work properly. (BZ: #987863)
– Improve the packages description.
* Sat Aug 31 2013 Andrea Veri <averi@fedoraproject.org> – 1.2.2p2-1
– New upstream release.
* Thu Aug 29 2013 Andrea Veri <averi@fedoraproject.org> – 1.2.2-6
– Make sure the waitmax binary gets built. Also thanks to John Reddy
for his initial work on this. (BZ: #982769)
– Add an if statement for RHEL and make sure auto provides are not set
automatically. (BZ #985285)
– Requires set to mod_python on RHEL, no mod_wsgi migration yet on EPEL. (BZ: #987852)
– Fix the perl command that was doing the needed substitution on the
/usr/bin/check_mk_agent’s configuration directories. Thanks Brainslug for the
report. (BZ: #989793)
– In addition to a customized ‘defaults’ file, add a defaults.py accordingly. (BZ: #987859)
* Fri Aug 2 2013 Petr Pisar <ppisar@redhat.com> – 1.2.2-5
– Do not provide from a documentation
* Sun Apr 28 2013 Andrea Veri <averi@fedoraproject.org> 1.2.2-5
– Make sure the Nagios library path on the check_mk_templates.cfg file
is correct on both x86_64 and i686 systems.
* Sat Apr 27 2013 Andrea Veri <averi@fedoraproject.org> 1.2.2-4
– Change check-mk-agent’s binary name to check_mk_agent to match xinetd’s file. (BZ: #956489)
– Remove other operating systems agents, we definitely don’t need them on this package.
– Make sure that check_mk_templates gets shipped into /etc/nagios/conf.d. (BZ: #956492)
– Don’t ship the auto-generated defaults file, but provide it with our customizations. This actually
fixes BZ: #956496 since we modify the checkresults path to be the same as the one provided
by Nagios itself, thus no need to create an additional directory.
——————————————————————————–
References:

[ 1 ] Bug #1132337 – CVE-2014-5338 CVE-2014-5339 CVE-2014-5340 check-mk: multiple flaws fixed in versions 1.2.4p4 and 1.2.5i4
https://bugzilla.redhat.com/show_bug.cgi?id=1132337
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update check-mk’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

——————————————————————————–
Fedora Update Notification
FEDORA-2014-10972
2014-09-19 09:02:19
——————————————————————————–

Name : check-mk
Product : Fedora 20
Version : 1.2.4p5
Release : 1.fc20
URL : http://mathias-kettner.de/check_mk
Summary : A new general purpose Nagios-plugin for retrieving data
Description :
check-mk is a general purpose Nagios-plugin for retrieving data. It adopts a
new approach for collecting data from operating systems and network components.
It obsoletes NRPE, check_by_ssh, NSClient, and check_snmp and it has many
benefits, the most important are a significant reduction of CPU usage on
the Nagios host and an automatic inventory of items to be checked on hosts.

——————————————————————————–
Update Information:

New upstream release providing many security fixes.
——————————————————————————–
ChangeLog:

* Wed Sep 17 2014 Andrea Veri <averi@fedoraproject.org> – 1.2.4p5-1
– New upstream release. Fixes CVEs:
– CVE-2014-5338
– CVE-2014-5339
– CVE-2014-5340 (BZ: #1132337, #1132339, #1132341)
– Stop shipping the j4p_performance plugin as it’s deprecated. (BZ: #1133068)
– Turn Wato_Legacy_Eval as True as we want to prevent breakages
between machines running different Python and/or check-mk releases.
This is necessary after the ‘ast’ move from ‘pickle’ (that was
generating a insecure API call), however the ‘ast’ module is still
not available for RHEL / CentOS 5 machines. The patch is there to
avoid miscommunications between different distribution releases. More
information is available at:
http://mathias-kettner.com/check_mk_werks.php?werk_id=984.
* Sat Aug 16 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1.2.4p2-4
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Sat Jun 7 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> – 1.2.4p2-3
– Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue May 27 2014 Andrea Veri <averi@fedoraproject.org> – 1.2.4p2-2
– Install the mk-job binary on /usr/bin.
– Make sure the proper permissions are given to /var/lib/check_mk_agent/job
to prevent any hard or symlink to be created by a normal user and pointing
to any file on the filesystem exposing it on the check-mk-agent output being
run as root. Fixes BZ #1101669.
* Mon Apr 14 2014 Andrea Veri <averi@fedoraproject.org> – 1.2.4p2-1
– New upstream release.
* Wed Apr 2 2014 Andrea Veri <averi@fedoraproject.org> – 1.2.4p1-1
– New upstream release. Fixes the missing two CVEs that were still
left unfixed on 1.2.4:
– CVE-2014-2330
– CVE-2014-2331
* Tue Mar 25 2014 Andrea Veri <averi@fedoraproject.org> – 1.2.4-1
– New upstream release. Fixes the following CVEs:
– CVE-2014-2329
– CVE-2014-2332
——————————————————————————–
References:

[ 1 ] Bug #1132337 – CVE-2014-5338 CVE-2014-5339 CVE-2014-5340 check-mk: multiple flaws fixed in versions 1.2.4p4 and 1.2.5i4
https://bugzilla.redhat.com/show_bug.cgi?id=1132337
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update check-mk’ at the command line.
For more information, refer to “Managing Software with yum”,
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

ncert
Top
More in Preporuke
Sigurnosni propusti programskog paketa bash

Izdane su zakrpe za otklanjanje dva otkrivena sigurnosna propusta kod programskog paketa bash za Ubuntu 10.04 LTS, 12.04 LTS i...

Close