USN-5527-2

It was discovered that Checkmk incorrectly handled authentication. An attacker could possibly use this issue to cause a race condition leading to information disclosure. (CVE-2017-14955)

It was discovered that Checkmk incorrectly handled certain inputs. An attacker could use these cross-site scripting issues to inject arbitrary html or javascript code to obtain sensitive information including user information, session cookies and valid credentials. (CVE-2017-9781, CVE-2021-36563, CVE-2021-40906, CVE-2022-24565)

References

Affected packages

Ubuntu:Pro:16.04:LTS / check-mk

Package

Name: check-mk
Purl: pkg:deb/ubuntu/check-mk?arch=source&distro=esm-infra-legacy%2Fxenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.2.6p12-1ubuntu0.16.04.1+esm1

Affected versions

1.*

1.2.6p5-1

1.2.6p12-1

1.2.6p12-1ubuntu0.16.04.1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro with Legacy support add-on: https://ubuntu.com/pro",
    "binaries": [
        {
            "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1",
            "binary_name": "check-mk-config-icinga"
        },
        {
            "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1",
            "binary_name": "check-mk-config-nagios3"
        },
        {
            "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1",
            "binary_name": "check-mk-multisite"
        },
        {
            "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1",
            "binary_name": "check-mk-server"
        },
        {
            "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1",
            "binary_name": "check-mk-livestatus"
        },
        {
            "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1",
            "binary_name": "check-mk-agent-logwatch"
        },
        {
            "binary_version": "1.2.6p12-1ubuntu0.16.04.1+esm1",
            "binary_name": "check-mk-agent"
        }
    ]
}

Database specific

source

"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-5527-2.json"

cves_map

{
    "ecosystem": "Ubuntu:Pro:16.04:LTS",
    "cves": []
}