USN-5527-1 fixed vulnerabilities in Checkmk. This update provides the corresponding update for Ubuntu 16.04 ESM.
Original advisory details:
It was discovered that Checkmk incorrectly handled authentication. An attacker could possibly use this issue to cause a race condition leading to information disclosure. (CVE-2017-14955)
It was discovered that Checkmk incorrectly handled certain inputs. An attacker could use these cross-site scripting issues to inject arbitrary html or javascript code to obtain sensitive information including user information, session cookies and valid credentials. (CVE-2017-9781, CVE-2021-36563, CVE-2021-40906, CVE-2022-24565)
{ "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro", "binaries": [ { "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1", "binary_name": "check-mk-agent" }, { "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1", "binary_name": "check-mk-agent-logwatch" }, { "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1", "binary_name": "check-mk-config-icinga" }, { "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1", "binary_name": "check-mk-config-nagios3" }, { "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1", "binary_name": "check-mk-doc" }, { "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1", "binary_name": "check-mk-livestatus" }, { "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1", "binary_name": "check-mk-livestatus-dbgsym" }, { "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1", "binary_name": "check-mk-multisite" }, { "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1", "binary_name": "check-mk-server" } ] }