Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

openSUSE Leap 15.3: 2021:2662-1 Important: Grafana Denial Service

opensuse
Calendar Grey August 12, 2021
Dist Opensuse Esm H88
openSUSE has issued a vital security update focused on five major vulnerabilities in Grafana, which improves stability and performance for users and developers alike
An update that fixes 5 vulnerabilities is now available

Description

This update for grafana fixes the following issues:

- CVE-2021-27358: unauthenticated remote attackers to trigger a Denial of

Service via a remote API call (bsc#1183803)

- Update to version 7.5.7:

* Updated relref to "Configuring exemplars" section (#34240) (#34243)

* Added exemplar topic (#34147) (#34226)

* Quota: Do not count folders towards dashboard quota (#32519) (#34025)

* Instructions to separate emails with semicolons (#32499) (#34138)

* Docs: Remove documentation of v8 generic OAuth feature (#34018)

* Annotations: Prevent orphaned annotation tags cleanup when no

annotations were cleaned (#33957) (#33975)

* [GH-33898] Add missing --no-cache to Dockerfile. (#33906) (#33935)

* ReleaseNotes: Updated changelog and release notes for 7.5.6 (#33932)

(#33936)

* Stop hoisting @icons/material (#33922)

* Chore: fix react-color version in yarn.lock (#33914)

* "Release: Updated versions in package to...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory update denial service remote access important openSUSE grafana

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2021-2662=1

Package List

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

grafana-7.5.7-3.12.1

References

https://www.suse.com/security/cve/CVE-2021-27358.html

https://www.suse.com/security/cve/CVE-2021-27962.html

https://www.suse.com/security/cve/CVE-2021-28146.html

https://www.suse.com/security/cve/CVE-2021-28147.html

https://www.suse.com/security/cve/CVE-2021-28148.html

https://bugzilla.suse.com/1183803

https://bugzilla.suse.com/1183809

https://bugzilla.suse.com/1183811

https://bugzilla.suse.com/1183813

https://bugzilla.suse.com/1184371

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2021:2662-1
Rating: important
Affected Products: openSUSE Leap 15.3 .

Topics%20covered

Topics Covered

security advisory update denial service remote access important openSUSE grafana

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here