drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in grafana
Name: |
Mehrere Probleme in grafana |
|
ID: |
SUSE-SU-2018:2536-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
SUSE OpenStack Cloud 7 |
|
Datum: |
Di, 28. August 2018, 17:11 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3817
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12099 |
|
Applikationen: |
Grafana |
|
Originalnachricht |
SUSE Security Update: Security update for grafana, kafka, logstash and monasca-installer ______________________________________________________________________________
Announcement ID: SUSE-SU-2018:2536-1 Rating: moderate References: #1086909 #1090192 #1090343 #1090849 #1094448 #1095603 #1096985 #1102920 Cross-References: CVE-2018-12099 CVE-2018-1288 CVE-2018-3817 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________
An update that solves three vulnerabilities and has 5 fixes is now available.
Description:
This update for grafana, kafka, logstash and monasca-installer fixes the following issues:
The following security issues have been fixed:
grafana:
- CVE-2018-12099: Fix Cross-Site-Scripting (XSS) vulnerabilities in dashboard links. (bsc#1096985)
kafka:
- CVE-2018-1288: Authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. (bsc#1102920)
logstash:
- CVE-2018-3817: Fix potential leak of sensitive data when logging warnings about deprecated options. (bsc#1090849)
Additionally, the following non-security issues have been fixed:
monasca-installer:
- Add complete set of elasticsearch performance tunables. - Update to version Build_20180427_14.04 (bsc#1090192, bsc#1090343) - Fix bad elasticsearch-curator configuration. (bsc#1090192) - Enable bootstrap.memory_lock for Elasticsearch. (bsc#1090343)
logstash:
- Declare Gemfile as config to prevent loss of installed plugins when updating. - Stop installing prebuilt jruby for non-x86.
kafka:
- Update to version 0.10.2.2 (bsc#1102920, CVE-2018-1288) - Add noreplace directive for /etc/kafka/server.properties. - Reduce package ownership of tmpfiles.d to bare minium. (SLE12 SP2) - Set log rotation options. (bsc#1094448) - Disable jmxremote debugging. (bsc#1095603) - Increase open file limits. (bsc#1086909)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 7:
zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1771=1
Package List:
- SUSE OpenStack Cloud 7 (x86_64):
grafana-4.5.1-1.8.1 kafka-0.10.2.2-5.1 logstash-2.4.1-5.1
- SUSE OpenStack Cloud 7 (noarch):
monasca-installer-20180608_12.47-9.1
References:
https://www.suse.com/security/cve/CVE-2018-12099.html https://www.suse.com/security/cve/CVE-2018-1288.html https://www.suse.com/security/cve/CVE-2018-3817.html https://bugzilla.suse.com/1086909 https://bugzilla.suse.com/1090192 https://bugzilla.suse.com/1090343 https://bugzilla.suse.com/1090849 https://bugzilla.suse.com/1094448 https://bugzilla.suse.com/1095603 https://bugzilla.suse.com/1096985 https://bugzilla.suse.com/1102920
_______________________________________________ sle-security-updates mailing list sle-security-updates@lists.suse.com http://lists.suse.com/mailman/listinfo/sle-security-updates
|
|
|
|