SUSE: 2018:2536-1 Moderate: Grafana, Kafka, Logstash Security Fixes
suse
August 28, 2018
An update that solves three vulnerabilities and has 5 fixes is now available
Summary
This update for grafana, kafka, logstash and monasca-installer fixes the following issues: The following security issues have been fixed: grafana: - CVE-2018-12099: Fix Cross-Site-Scripting (XSS) vulnerabilities in dashboard links. (bsc#1096985) kafka: - CVE-2018-1288: Authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. (bsc#1102920) logstash: - CVE-2018-3817: Fix potential leak of sensitive data when logging warnings about deprecated options. (bsc#1090849) Additionally, the following non-security issues have been fixed: monasca-installer: - Add complete set of elasticsearch performance tunables. - Update to version Build_20180427_14.04 (bsc#1090192, bsc#1090343)
Topics Covered
References
#1086909 #1090192 #1090343 #1090849 #1094448
#1095603 #1096985 #1102920
Cross- CVE-2018-12099 CVE-2018-1288 CVE-2018-3817
Affected Products:
SUSE OpenStack Cloud 7
https://www.suse.com/security/cve/CVE-2018-12099.html
https://www.suse.com/security/cve/CVE-2018-1288.html
https://www.suse.com/security/cve/CVE-2018-3817.html
https://bugzilla.suse.com/1086909
https://bugzilla.suse.com/1090192
https://bugzilla.suse.com/1090343
https://bugzilla.suse.com/1090849
https://bugzilla.suse.com/1094448
https://bugzilla.suse.com/1095603
https://bugzilla.suse.com/1096985
https://bugzilla.suse.com/1102920
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2018:2536-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!