drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in grafana und mybatis
Name: |
Zwei Probleme in grafana und mybatis |
|
ID: |
SUSE-SU-2024:1530-2 |
|
Distribution: |
SUSE |
|
Plattformen: |
SUSE Linux Enterprise Desktop 15 SP6, SUSE Linux Enterprise Server for SAP Applications 15 SP6, SUSE Linux Enterprise Server 15 SP6, SUSE Linux Enterprise Real Time 15 SP6, SUSE openSUSE Leap 15.6, SUSE Package Hub 15 15-SP6 |
|
Datum: |
Mo, 24. Juni 2024, 23:16 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1313
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6152 |
|
Applikationen: |
mybatis, Grafana |
|
Originalnachricht |
--===============6109053219811130584== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit
# Security update for grafana and mybatis
Announcement ID: SUSE-SU-2024:1530-2 Rating: moderate References:
* bsc#1219912 * bsc#1222155 * jsc#MSQA-760
Cross-References:
* CVE-2023-6152 * CVE-2024-1313
CVSS scores:
* CVE-2023-6152 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L * CVE-2024-1313 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products:
* openSUSE Leap 15.6 * SUSE Linux Enterprise Desktop 15 SP6 * SUSE Linux Enterprise Real Time 15 SP6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * SUSE Package Hub 15 15-SP6
An update that solves two vulnerabilities and contains one feature can now be installed.
## Description:
This update for grafana and mybatis fixes the following issues:
grafana was updated to version 9.5.18:
* Grafana now requires Go 1.20 * Security issues fixed:
* CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155)
* CVE-2023-6152: Add email verification when updating user email (bsc#1219912)
* Other non-security related changes:
* Version 9.5.17:
* [FEATURE] Alerting: Backport use Alertmanager API v2 * Version 9.5.16:
* [BUGFIX] Annotations: Split cleanup into separate queries and deletes to avoid deadlocks on MySQL * Version 9.5.15:
* [FEATURE] Alerting: Attempt to retry retryable errors * Version 9.5.14:
* [BUGFIX] Alerting: Fix state manager to not keep datasource_uid and ref_id labels in state after Error * [BUGFIX] Transformations: Config overrides being lost when config from query transform is applied * [BUGFIX] LDAP: Fix enable users on successfull login * Version 9.5.13:
* [BUGFIX] BrowseDashboards: Only remember the most recent expanded folder * [BUGFIX] Licensing: Pass func to update env variables when starting plugin * Version 9.5.12:
* [FEATURE] Azure: Add support for Workload Identity authentication * Version 9.5.9:
* [FEATURE] SSE: Fix DSNode to not panic when response has empty response * [FEATURE] Prometheus: Handle the response with different field key order * [BUGFIX] LDAP: Fix user disabling
mybatis:
* `apache-commons-ognl` is now a non-optional dependency * Fixed building with log4j v1 and v2 dependencies
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:
* openSUSE Leap 15.6 zypper in -t patch openSUSE-SLE-15.6-2024-1530=1
* SUSE Package Hub 15 15-SP6 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1530=1
## Package List:
* openSUSE Leap 15.6 (noarch) * mybatis-javadoc-3.5.6-150200.5.6.1 * mybatis-3.5.6-150200.5.6.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) * grafana-9.5.18-150200.3.56.1 * grafana-debuginfo-9.5.18-150200.3.56.1 * SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) * grafana-9.5.18-150200.3.56.1 * grafana-debuginfo-9.5.18-150200.3.56.1
## References:
* https://www.suse.com/security/cve/CVE-2023-6152.html * https://www.suse.com/security/cve/CVE-2024-1313.html * https://bugzilla.suse.com/show_bug.cgi?id=1219912 * https://bugzilla.suse.com/show_bug.cgi?id=1222155 * https://jira.suse.com/browse/MSQA-760
--===============6109053219811130584== Content-Type: text/html; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit
<div class="container"> <h1>Security update for grafana and mybatis</h1>
<table class="table table-striped table-bordered"> <tbody> <tr> <th>Announcement ID:</th> <td>SUSE-SU-2024:1530-2</td> </tr> <tr> <th>Rating:</th> <td>moderate</td> </tr> <tr> <th>References:</th> <td> <ul> <li style="display: inline;"> <a href="https://bugzilla.suse.com/show_bug.cgi?id=1219912">bsc#1219912</a> </li> <li style="display: inline;"> <a href="https://bugzilla.suse.com/show_bug.cgi?id=1222155">bsc#1222155</a> </li> <li style="display: inline;"> <a href="https://jira.suse.com/browse/MSQA-760">jsc#MSQA-760</a> </li> </ul> </td> </tr> <tr> <th> Cross-References: </th> <td> <ul> <li style="display: inline;"> <a href="https://www.suse.com/security/cve/CVE-2023-6152.html">CVE-2023-6152</a> </li> <li style="display: inline;"> <a href="https://www.suse.com/security/cve/CVE-2024-1313.html">CVE-2024-1313</a> </li> </ul> </td> </tr> <tr> <th>CVSS scores:</th> <td> <ul class="list-group"> <li class="list-group-item"> <span class="cvss-reference">CVE-2023-6152</span> <span class="cvss-source"> ( SUSE ): </span> <span class="cvss-score">5.4</span> <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L</span> </li> <li class="list-group-item"> <span class="cvss-reference">CVE-2024-1313</span> <span class="cvss-source"> ( SUSE ): </span> <span class="cvss-score">6.5</span> <span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N</span> </li> </ul> </td> </tr> <tr> <th>Affected Products:</th> <td> <ul class="list-group"> <li class="list-group-item">openSUSE Leap 15.6</li> <li class="list-group-item">SUSE Linux Enterprise Desktop 15 SP6</li> <li class="list-group-item">SUSE Linux Enterprise Real Time 15 SP6</li> <li class="list-group-item">SUSE Linux Enterprise Server 15 SP6</li> <li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 15 SP6</li> <li class="list-group-item">SUSE Package Hub 15 15-SP6</li> </ul> </td> </tr> </tbody> </table>
<p>An update that solves two vulnerabilities and contains one feature can now be installed.</p>
<h2>Description:</h2> <p>This update for grafana and mybatis fixes the following issues:</p> <p>grafana was updated to version 9.5.18:</p> <ul> <li>Grafana now requires Go 1.20</li> <li> <p>Security issues fixed:</p> </li> <li> <p>CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155)</p> </li> <li> <p>CVE-2023-6152: Add email verification when updating user email (bsc#1219912)</p> </li> <li> <p>Other non-security related changes:</p> </li> <li> <p>Version 9.5.17:</p> <ul> <li>[FEATURE] Alerting: Backport use Alertmanager API v2</li> </ul> </li> <li> <p>Version 9.5.16:</p> <ul> <li>[BUGFIX] Annotations: Split cleanup into separate queries and deletes to avoid deadlocks on MySQL</li> </ul> </li> <li> <p>Version 9.5.15:</p> <ul> <li>[FEATURE] Alerting: Attempt to retry retryable errors</li> </ul> </li> <li> <p>Version 9.5.14:</p> <ul> <li>[BUGFIX] Alerting: Fix state manager to not keep datasource_uid and ref_id labels in state after Error</li> <li>[BUGFIX] Transformations: Config overrides being lost when config from query transform is applied</li> <li>[BUGFIX] LDAP: Fix enable users on successfull login</li> </ul> </li> <li> <p>Version 9.5.13:</p> <ul> <li>[BUGFIX] BrowseDashboards: Only remember the most recent expanded folder</li> <li>[BUGFIX] Licensing: Pass func to update env variables when starting plugin</li> </ul> </li> <li> <p>Version 9.5.12:</p> <ul> <li>[FEATURE] Azure: Add support for Workload Identity authentication</li> </ul> </li> <li> <p>Version 9.5.9:</p> <ul> <li>[FEATURE] SSE: Fix DSNode to not panic when response has empty response</li> <li>[FEATURE] Prometheus: Handle the response with different field key order</li> <li>[BUGFIX] LDAP: Fix user disabling</li> </ul> </li> </ul> <p>mybatis:</p> <ul> <li><code>apache-commons-ognl</code> is now a non-optional dependency</li> <li>Fixed building with log4j v1 and v2 dependencies</li> </ul>
<h2>Patch Instructions:</h2> <p> To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product: </p> <ul class="list-group"> <li class="list-group-item"> openSUSE Leap 15.6 <br/> <code>zypper in -t patch openSUSE-SLE-15.6-2024-1530=1</code> </li> <li class="list-group-item"> SUSE Package Hub 15 15-SP6 <br/> <code>zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2024-1530=1</code> </li> </ul>
<h2>Package List:</h2> <ul> <li> openSUSE Leap 15.6 (noarch) <ul> <li>mybatis-javadoc-3.5.6-150200.5.6.1</li> <li>mybatis-3.5.6-150200.5.6.1</li> </ul> </li> <li> openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64) <ul> <li>grafana-9.5.18-150200.3.56.1</li> <li>grafana-debuginfo-9.5.18-150200.3.56.1</li> </ul> </li> <li> SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64) <ul> <li>grafana-9.5.18-150200.3.56.1</li> <li>grafana-debuginfo-9.5.18-150200.3.56.1</li> </ul> </li> </ul>
<h2>References:</h2> <ul> <li> <a href="https://www.suse.com/security/cve/CVE-2023-6152.html">https://www.suse.com/security/cve/CVE-2023-6152.html</a> </li> <li> <a href="https://www.suse.com/security/cve/CVE-2024-1313.html">https://www.suse.com/security/cve/CVE-2024-1313.html</a> </li> <li> <a href="https://bugzilla.suse.com/show_bug.cgi?id=1219912">https://bugzilla.suse.com/show_bug.cgi?id=1219912</a> </li> <li> <a href="https://bugzilla.suse.com/show_bug.cgi?id=1222155">https://bugzilla.suse.com/show_bug.cgi?id=1222155</a> </li> <li> <a href="https://jira.suse.com/browse/MSQA-760">https://jira.suse.com/browse/MSQA-760</a> </li> </ul> </div>
--===============6109053219811130584==--
|
|
|
|