SUSE-SU-2018:2317-1: moderate: Security update for grafana, kafka, logstash, openstack-monasca-installer
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Aug 14 04:11:01 MDT 2018
SUSE Security Update: Security update for grafana, kafka, logstash, openstack-monasca-installer
______________________________________________________________________________
Announcement ID: SUSE-SU-2018:2317-1
Rating: moderate
References: #1090336 #1090849 #1094448 #1095603 #1096985
#1097847 #1101366
Cross-References: CVE-2018-12099 CVE-2018-3817
Affected Products:
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud 8
HPE Helion Openstack 8
______________________________________________________________________________
An update that solves two vulnerabilities and has 5 fixes
is now available.
Description:
This update for grafana, kafka, logstash, openstack-monasca-installer
fixes the following issues:
Security issues fixed:
- CVE-2018-12099: grafana: Fix XSS vulnerabilities in dashboard links
(bsc#1096985).
- CVE-2018-3817: logstash: Fix inadvertently logging of sensitive
information (bsc#1090849).
Bug fixes:
- bsc#1095603: Disable jmxremote debugging.
- bsc#1097847: Make time series database schema setup conditional.
- bsc#1094448: Set log rotation options.
- bsc#1090336: Add complete set of elasticsearch performance tunables.
- bsc#1101366: Fix build issues with s390x, ppc64le and aarch64.
- Fix various spec errors affecting Leap 15 and Tumbleweed
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 8:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1553=1
- SUSE OpenStack Cloud 8:
zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1553=1
- HPE Helion Openstack 8:
zypper in -t patch HPE-Helion-OpenStack-8-2018-1553=1
Package List:
- SUSE OpenStack Cloud Crowbar 8 (noarch):
openstack-monasca-installer-20180622_15.06-3.6.1
- SUSE OpenStack Cloud Crowbar 8 (x86_64):
grafana-4.5.1-4.3.1
grafana-debuginfo-4.5.1-4.3.1
grafana-debugsource-4.5.1-4.3.1
kafka-0.9.0.1-5.3.1
logstash-2.4.1-5.4.1
- SUSE OpenStack Cloud 8 (noarch):
openstack-monasca-installer-20180622_15.06-3.6.1
- SUSE OpenStack Cloud 8 (x86_64):
grafana-4.5.1-4.3.1
grafana-debuginfo-4.5.1-4.3.1
grafana-debugsource-4.5.1-4.3.1
kafka-0.9.0.1-5.3.1
logstash-2.4.1-5.4.1
- HPE Helion Openstack 8 (noarch):
openstack-monasca-installer-20180622_15.06-3.6.1
- HPE Helion Openstack 8 (x86_64):
grafana-4.5.1-4.3.1
grafana-debuginfo-4.5.1-4.3.1
grafana-debugsource-4.5.1-4.3.1
kafka-0.9.0.1-5.3.1
logstash-2.4.1-5.4.1
References:
https://www.suse.com/security/cve/CVE-2018-12099.html
https://www.suse.com/security/cve/CVE-2018-3817.html
https://bugzilla.suse.com/1090336
https://bugzilla.suse.com/1090849
https://bugzilla.suse.com/1094448
https://bugzilla.suse.com/1095603
https://bugzilla.suse.com/1096985
https://bugzilla.suse.com/1097847
https://bugzilla.suse.com/1101366
More information about the sle-security-updates
mailing list