SUSE-SU-2018:2536-1: moderate: Security update for grafana, kafka, logstash and monasca-installer

sle-updates at sle-updates at
Tue Aug 28 07:10:23 MDT 2018

   SUSE Security Update: Security update for grafana, kafka, logstash and monasca-installer

Announcement ID:    SUSE-SU-2018:2536-1
Rating:             moderate
References:         #1086909 #1090192 #1090343 #1090849 #1094448 
                    #1095603 #1096985 #1102920 
Cross-References:   CVE-2018-12099 CVE-2018-1288 CVE-2018-3817
Affected Products:
                    SUSE OpenStack Cloud 7

   An update that solves three vulnerabilities and has 5 fixes
   is now available.


   This update for grafana, kafka, logstash and monasca-installer fixes the
   following issues:

   The following security issues have been fixed:


   - CVE-2018-12099: Fix Cross-Site-Scripting (XSS) vulnerabilities in
     dashboard links. (bsc#1096985)


   - CVE-2018-1288: Authenticated Kafka users may perform action reserved for
     the Broker via a manually created fetch request interfering with data
     replication, resulting in data loss. (bsc#1102920)


   - CVE-2018-3817: Fix potential leak of sensitive data when logging
     warnings about deprecated options. (bsc#1090849)

   Additionally, the following non-security issues have been fixed:


   - Add complete set of elasticsearch performance tunables.
   - Update to version Build_20180427_14.04 (bsc#1090192, bsc#1090343)
   - Fix bad elasticsearch-curator configuration. (bsc#1090192)
   - Enable bootstrap.memory_lock for Elasticsearch. (bsc#1090343)


   - Declare Gemfile as config to prevent loss of installed plugins when
   - Stop installing prebuilt jruby for non-x86.


   - Update to version (bsc#1102920, CVE-2018-1288)
   - Add noreplace directive for /etc/kafka/
   - Reduce package ownership of tmpfiles.d to bare minium. (SLE12 SP2)
   - Set log rotation options. (bsc#1094448)
   - Disable jmxremote debugging. (bsc#1095603)
   - Increase open file limits. (bsc#1086909)

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud 7:

      zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1771=1

Package List:

   - SUSE OpenStack Cloud 7 (x86_64):


   - SUSE OpenStack Cloud 7 (noarch):



More information about the sle-updates mailing list