SUSE OpenStack 8: 2018:3563-1 Important: Kafka Data Loss Alert
suse
October 30, 2018
An update that solves one vulnerability and has three fixes is now available
Summary
This update for ardana-monasca, ardana-spark, kafka, kafka-kit, openstack-monasca-api fixes the following issues: This update for ardana-monasca to version 8.0+git.1535031421.9262a47 fixes these issues: - Requests Apache to reload on change (bsc#1102662) - Avoids managing non-Monasca users (bsc#1102662) - Line up perms on storm.conf to match rpm (bsc#1094971) This update for ardana-spark to version 8.0+git.1532114050.04654a8 fixes this issue: - Only set log dir perms on legacy install (bsc#1094851) This update for kafka to version 0.10.2.2 fixes this security issue: - CVE-2018-1288: Authenticated Kafka users may have performed action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss (bsc#1102920).
References
#1094851 #1094971 #1102662 #1102920
Cross- CVE-2018-1288
Affected Products:
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud 8
HPE Helion Openstack 8
https://www.suse.com/security/cve/CVE-2018-1288.html
https://bugzilla.suse.com/1094851
https://bugzilla.suse.com/1094971
https://bugzilla.suse.com/1102662
https://bugzilla.suse.com/1102920
PREVIOUS
NEXT
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!