Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in grafana
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in grafana
ID: SUSE-SU-2018:2536-1
Distribution: SUSE
Plattformen: SUSE OpenStack Cloud 7
Datum: Di, 28. August 2018, 17:11
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12099
Applikationen: grafana

Originalnachricht

   SUSE Security Update: Security update for grafana, kafka, logstash and
monasca-installer
______________________________________________________________________________

Announcement ID: SUSE-SU-2018:2536-1
Rating: moderate
References: #1086909 #1090192 #1090343 #1090849 #1094448
#1095603 #1096985 #1102920
Cross-References: CVE-2018-12099 CVE-2018-1288 CVE-2018-3817

Affected Products:
SUSE OpenStack Cloud 7
______________________________________________________________________________

An update that solves three vulnerabilities and has 5 fixes
is now available.

Description:

This update for grafana, kafka, logstash and monasca-installer fixes the
following issues:

The following security issues have been fixed:

grafana:

- CVE-2018-12099: Fix Cross-Site-Scripting (XSS) vulnerabilities in
dashboard links. (bsc#1096985)

kafka:

- CVE-2018-1288: Authenticated Kafka users may perform action reserved for
the Broker via a manually created fetch request interfering with data
replication, resulting in data loss. (bsc#1102920)

logstash:

- CVE-2018-3817: Fix potential leak of sensitive data when logging
warnings about deprecated options. (bsc#1090849)

Additionally, the following non-security issues have been fixed:

monasca-installer:

- Add complete set of elasticsearch performance tunables.
- Update to version Build_20180427_14.04 (bsc#1090192, bsc#1090343)
- Fix bad elasticsearch-curator configuration. (bsc#1090192)
- Enable bootstrap.memory_lock for Elasticsearch. (bsc#1090343)

logstash:

- Declare Gemfile as config to prevent loss of installed plugins when
updating.
- Stop installing prebuilt jruby for non-x86.

kafka:

- Update to version 0.10.2.2 (bsc#1102920, CVE-2018-1288)
- Add noreplace directive for /etc/kafka/server.properties.
- Reduce package ownership of tmpfiles.d to bare minium. (SLE12 SP2)
- Set log rotation options. (bsc#1094448)
- Disable jmxremote debugging. (bsc#1095603)
- Increase open file limits. (bsc#1086909)


Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE OpenStack Cloud 7:

zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1771=1



Package List:

- SUSE OpenStack Cloud 7 (x86_64):

grafana-4.5.1-1.8.1
kafka-0.10.2.2-5.1
logstash-2.4.1-5.1

- SUSE OpenStack Cloud 7 (noarch):

monasca-installer-20180608_12.47-9.1


References:

https://www.suse.com/security/cve/CVE-2018-12099.html
https://www.suse.com/security/cve/CVE-2018-1288.html
https://www.suse.com/security/cve/CVE-2018-3817.html
https://bugzilla.suse.com/1086909
https://bugzilla.suse.com/1090192
https://bugzilla.suse.com/1090343
https://bugzilla.suse.com/1090849
https://bugzilla.suse.com/1094448
https://bugzilla.suse.com/1095603
https://bugzilla.suse.com/1096985
https://bugzilla.suse.com/1102920

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung