SUSE: 2020:3624-1 Moderate: Crowbar, Grafana, InfluxDB Updates
suse
December 4, 2020
An update that fixes 5 vulnerabilities, contains one feature is now available
Summary
This update for crowbar-openstack, grafana, influxdb, python-urllib3 contains the following fixes: Security fixes included in this update: openstack-glance - CVE-2016-8611: Added rate limiting for glance api (bnc#1005886) grafana - CVE-2020-24303: Fixed an XSS via a query alias for the ElasticSearch datasource (#bnc#1178243) influxdb - CVE-2019-20933: Fixed an authentication bypass (bnc#1178988) python-urlib3 - CVE-2019-9740: Fixed a CRLF injection in urllib3 (bnc#1129071). - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bnc#1177120) memcached - CVE-2018-1000115: Fixed a issue where a UDP server allowed spoofed traffic amplification DoS (bnc#1083903). Non-security fixes included in this update: Changes in crowbar-openstack:
References
#1005886 #1170479 #1177120 #1178243 #1178988
SOC-11240
Cross- CVE-2016-8611 CVE-2019-20933 CVE-2019-9740
CVE-2020-24303 CVE-2020-26137
Affected Products:
SUSE OpenStack Cloud 7
https://www.suse.com/security/cve/CVE-2016-8611.html
https://www.suse.com/security/cve/CVE-2019-20933.html
https://www.suse.com/security/cve/CVE-2019-9740.html
https://www.suse.com/security/cve/CVE-2020-24303.html
https://www.suse.com/security/cve/CVE-2020-26137.html
https://bugzilla.suse.com/1005886
https://bugzilla.suse.com/1170479
https://bugzilla.suse.com/1177120
https://bugzilla.suse.com/1178243
https://bugzilla.suse.com/1178988
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2020:3624-1
Rating: moderate
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!