Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

openSUSE: 2021:1148-1 Important: grafana Denial of Service Exploit

opensuse
Calendar Grey August 13, 2021
Dist Opensuse Esm H88
Significant revision released for openSUSE addressing various critical vulnerabilities in grafana, improving overall safety.
An update that fixes 5 vulnerabilities is now available

Description

This update for grafana fixes the following issues:

- CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of

Service via a remote API call (bsc#1183803)

- Update to version 7.5.7:

* Updated relref to "Configuring exemplars" section (#34240) (#34243)

* Added exemplar topic (#34147) (#34226)

* Quota: Do not count folders towards dashboard quota (#32519) (#34025)

* Instructions to separate emails with semicolons (#32499) (#34138)

* Docs: Remove documentation of v8 generic OAuth feature (#34018)

* Annotations: Prevent orphaned annotation tags cleanup when no

annotations were cleaned (#33957) (#33975)

* [GH-33898] Add missing --no-cache to Dockerfile. (#33906) (#33935)

* ReleaseNotes: Updated changelog and release notes for 7.5.6 (#33932)

(#33936)

* Stop hoisting @icons/material (#33922)

* Chore: fix react-color version in yarn.lock (#33914)

* "Release: Updated versions in package to...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory software patch security fix Denial of Service important update openSUSE grafana

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.2:

zypper in -t patch openSUSE-2021-1148=1

Package List

- openSUSE Leap 15.2 (x86_64):

grafana-7.5.7-lp152.2.16.1

References

https://www.suse.com/security/cve/CVE-2021-27358.html

https://www.suse.com/security/cve/CVE-2021-27962.html

https://www.suse.com/security/cve/CVE-2021-28146.html

https://www.suse.com/security/cve/CVE-2021-28147.html

https://www.suse.com/security/cve/CVE-2021-28148.html

https://bugzilla.suse.com/1183803

https://bugzilla.suse.com/1183809

https://bugzilla.suse.com/1183811

https://bugzilla.suse.com/1183813

https://bugzilla.suse.com/1184371

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:1148-1
Rating: important
Affected Products: openSUSE Leap 15.2 .

Topics%20covered

Topics Covered

security advisory software patch security fix Denial of Service important update openSUSE grafana

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here