SUSE-SU-2018:2317-1

See a problem?

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:2317-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2018:2317-1

Related

Published

2018-08-14T06:03:57Z

Modified

2018-08-14T06:03:57Z

Summary

Security update for grafana, kafka, logstash, openstack-monasca-installer

Details

This update for grafana, kafka, logstash, openstack-monasca-installer fixes the following issues:

Security issues fixed:

CVE-2018-12099: grafana: Fix XSS vulnerabilities in dashboard links (bsc#1096985).
CVE-2018-3817: logstash: Fix inadvertently logging of sensitive information (bsc#1090849).

Bug fixes:

bsc#1095603: Disable jmxremote debugging.
bsc#1097847: Make time series database schema setup conditional.
bsc#1094448: Set log rotation options.
bsc#1090336: Add complete set of elasticsearch performance tunables.
bsc#1101366: Fix build issues with s390x, ppc64le and aarch64.
Fix various spec errors affecting Leap 15 and Tumbleweed

References

Affected packages

SUSE:HPE Helion OpenStack 8 / grafana

Package

Name: grafana
Purl: purl:rpm/suse/grafana&distro=HPE%20Helion%20OpenStack%208

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.1-4.3.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:HPE Helion OpenStack 8 / kafka

Package

Name: kafka
Purl: purl:rpm/suse/kafka&distro=HPE%20Helion%20OpenStack%208

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.0.1-5.3.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:HPE Helion OpenStack 8 / logstash

Package

Name: logstash
Purl: purl:rpm/suse/logstash&distro=HPE%20Helion%20OpenStack%208

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.1-5.4.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:HPE Helion OpenStack 8 / openstack-monasca-installer

Package

Name: openstack-monasca-installer
Purl: purl:rpm/suse/openstack-monasca-installer&distro=HPE%20Helion%20OpenStack%208

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20180622_15.06-3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:OpenStack Cloud 8 / grafana

Package

Name: grafana
Purl: purl:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%208

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.1-4.3.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:OpenStack Cloud 8 / kafka

Package

Name: kafka
Purl: purl:rpm/suse/kafka&distro=SUSE%20OpenStack%20Cloud%208

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.0.1-5.3.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:OpenStack Cloud 8 / logstash

Package

Name: logstash
Purl: purl:rpm/suse/logstash&distro=SUSE%20OpenStack%20Cloud%208

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.1-5.4.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:OpenStack Cloud 8 / openstack-monasca-installer

Package

Name: openstack-monasca-installer
Purl: purl:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%208

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20180622_15.06-3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 8 / grafana

Package

Name: grafana
Purl: purl:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.1-4.3.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 8 / kafka

Package

Name: kafka
Purl: purl:rpm/suse/kafka&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.9.0.1-5.3.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 8 / logstash

Package

Name: logstash
Purl: purl:rpm/suse/logstash&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.4.1-5.4.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 8 / openstack-monasca-installer

Package

Name: openstack-monasca-installer
Purl: purl:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20180622_15.06-3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}