Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "check-mk-agent", "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1" }, { "binary_name": "check-mk-agent-logwatch", "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1" }, { "binary_name": "check-mk-config-icinga", "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1" }, { "binary_name": "check-mk-config-nagios3", "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1" }, { "binary_name": "check-mk-doc", "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1" }, { "binary_name": "check-mk-livestatus", "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1" }, { "binary_name": "check-mk-livestatus-dbgsym", "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1" }, { "binary_name": "check-mk-multisite", "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1" }, { "binary_name": "check-mk-server", "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_name": "check-mk-agent", "binary_version": "1.2.8p16-1ubuntu0.2" }, { "binary_name": "check-mk-agent-logwatch", "binary_version": "1.2.8p16-1ubuntu0.2" }, { "binary_name": "check-mk-config-icinga", "binary_version": "1.2.8p16-1ubuntu0.2" }, { "binary_name": "check-mk-doc", "binary_version": "1.2.8p16-1ubuntu0.2" }, { "binary_name": "check-mk-livestatus", "binary_version": "1.2.8p16-1ubuntu0.2" }, { "binary_name": "check-mk-livestatus-dbgsym", "binary_version": "1.2.8p16-1ubuntu0.2" }, { "binary_name": "check-mk-multisite", "binary_version": "1.2.8p16-1ubuntu0.2" }, { "binary_name": "check-mk-server", "binary_version": "1.2.8p16-1ubuntu0.2" } ] }