SUSE-SU-2018:2317-1

Source
https://www.suse.com/support/update/announcement/2018/suse-su-20182317-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2018:2317-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2018:2317-1
Related
Published
2018-08-14T06:03:57Z
Modified
2018-08-14T06:03:57Z
Summary
Security update for grafana, kafka, logstash, openstack-monasca-installer
Details

This update for grafana, kafka, logstash, openstack-monasca-installer fixes the following issues:

Security issues fixed:

  • CVE-2018-12099: grafana: Fix XSS vulnerabilities in dashboard links (bsc#1096985).
  • CVE-2018-3817: logstash: Fix inadvertently logging of sensitive information (bsc#1090849).

Bug fixes:

  • bsc#1095603: Disable jmxremote debugging.
  • bsc#1097847: Make time series database schema setup conditional.
  • bsc#1094448: Set log rotation options.
  • bsc#1090336: Add complete set of elasticsearch performance tunables.
  • bsc#1101366: Fix build issues with s390x, ppc64le and aarch64.
  • Fix various spec errors affecting Leap 15 and Tumbleweed
References

Affected packages

SUSE:HPE Helion OpenStack 8 / grafana

Package

Name
grafana
Purl
purl:rpm/suse/grafana&distro=HPE%20Helion%20OpenStack%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.1-4.3.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:HPE Helion OpenStack 8 / kafka

Package

Name
kafka
Purl
purl:rpm/suse/kafka&distro=HPE%20Helion%20OpenStack%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.0.1-5.3.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:HPE Helion OpenStack 8 / logstash

Package

Name
logstash
Purl
purl:rpm/suse/logstash&distro=HPE%20Helion%20OpenStack%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.1-5.4.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:HPE Helion OpenStack 8 / openstack-monasca-installer

Package

Name
openstack-monasca-installer
Purl
purl:rpm/suse/openstack-monasca-installer&distro=HPE%20Helion%20OpenStack%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20180622_15.06-3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:OpenStack Cloud 8 / grafana

Package

Name
grafana
Purl
purl:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.1-4.3.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:OpenStack Cloud 8 / kafka

Package

Name
kafka
Purl
purl:rpm/suse/kafka&distro=SUSE%20OpenStack%20Cloud%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.0.1-5.3.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:OpenStack Cloud 8 / logstash

Package

Name
logstash
Purl
purl:rpm/suse/logstash&distro=SUSE%20OpenStack%20Cloud%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.1-5.4.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:OpenStack Cloud 8 / openstack-monasca-installer

Package

Name
openstack-monasca-installer
Purl
purl:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20180622_15.06-3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 8 / grafana

Package

Name
grafana
Purl
purl:rpm/suse/grafana&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.1-4.3.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 8 / kafka

Package

Name
kafka
Purl
purl:rpm/suse/kafka&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.9.0.1-5.3.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 8 / logstash

Package

Name
logstash
Purl
purl:rpm/suse/logstash&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.1-5.4.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}

SUSE:OpenStack Cloud Crowbar 8 / openstack-monasca-installer

Package

Name
openstack-monasca-installer
Purl
purl:rpm/suse/openstack-monasca-installer&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
20180622_15.06-3.6.1

Ecosystem specific

{
    "binaries": [
        {
            "grafana": "4.5.1-4.3.1",
            "kafka": "0.9.0.1-5.3.1",
            "openstack-monasca-installer": "20180622_15.06-3.6.1",
            "logstash": "2.4.1-5.4.1"
        }
    ]
}