SUSE Container Update Advisory: ses/7/ceph/grafana
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2020:698-1
Container Tags        : ses/7/ceph/grafana:7.1.5 , ses/7/ceph/grafana:7.1.5.3.287 , ses/7/ceph/grafana:latest , ses/7/ceph/grafana:sle15.2.octopus
Container Release     : 3.287
Severity              : important
Type                  : security
References            : 1174232 1174593 1177458 1177490 1177510 1177858 1178387 1178512
                        1178727 CVE-2020-25692 CVE-2020-28196 
-----------------------------------------------------------------

The container ses/7/ceph/grafana was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3249-1
Released:    Fri Nov  6 17:02:51 2020
Summary:     Recommended update for grafana
Type:        recommended
Severity:    moderate
References:  
This update for grafana fixes the following issues:

- Update to version 7.1.5:
  * Features / Enhancements
    - Stats: Stop counting the same user multiple times.
    - Field overrides: Filter by field name using regex.
    - AzureMonitor: map more units.
    - Explore: Don't run queries on datasource change.
    - Graph: Support setting field unit & override data source (automatic) unit.
    - Explore: Unification of logs/metrics/traces user interface
    - Table: JSON Cell should try to convert strings to JSON
    - Variables: enables cancel for slow query variables queries.
    - TimeZone: unify the time zone pickers to one that can rule them all.
    - Search: support URL query params.
    - Grafana-UI: Add FileUpload.
    - TablePanel: Sort numbers correctly.
  * Bug fixes
    - Alerting: remove LongToWide call in alerting.
    - AzureMonitor: fix panic introduced in 7.1.4 when unit was unspecified and alias was used.
    - Variables: Fixes issue with All variable not being resolved.
    - Templating: Fixes so texts show in picker not the values.
    - Templating: Templating: Fix undefined result when using raw interpolation format
    - TextPanel: Fix content overflowing panel boundaries.
    - StatPanel: Fix stat panel display name not showing when explicitly set.
    - Query history: Fix search filtering if null value.
    - Flux: Ensure connections to InfluxDB are closed.
    - Dashboard: Fix for viewer can enter panel edit mode by modifying url (but cannot not save anything).
    - Prometheus: Fix prom links in mixed mode.
    - Sign In Use correct url for the Sign In button.
    - StatPanel: Fixes issue with name showing for single series / field results
    - BarGauge: Fix space bug in single series mode.
    - Auth: Fix POST request failures with anonymous access
    - Templating: Fix recursive loop of template variable queries when changing ad-hoc-variable
    - Templating: Fixed recursive queries triggered when switching dashboard settings view
    - GraphPanel: Fix annotations overflowing panels.
    - Prometheus: Fix performance issue in processing of histogram labels.
    - Datasources: Handle URL parsing error.
    - Security: Use Header.Set and Header.Del for X-Grafana-User header.
  * Changes in spec file
    - Fix golang version = 1.14 to avoid dependency conflicts on some OBS projects

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3290-1
Released:    Wed Nov 11 12:25:32 2020
Summary:     Recommended update for findutils
Type:        recommended
Severity:    moderate
References:  1174232
This update for findutils fixes the following issues:

- Do not unconditionally use leaf optimization for NFS. (bsc#1174232)
  NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made.

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3313-1
Released:    Thu Nov 12 16:07:37 2020
Summary:     Security update for openldap2
Type:        security
Severity:    important
References:  1178387,CVE-2020-25692
This update for openldap2 fixes the following issues:

- CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387).

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2020:3377-1
Released:    Thu Nov 19 09:29:32 2020
Summary:     Security update for krb5
Type:        security
Severity:    moderate
References:  1178512,CVE-2020-28196
This update for krb5 fixes the following security issue:

- CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3381-1
Released:    Thu Nov 19 10:53:38 2020
Summary:     Recommended update for systemd
Type:        recommended
Severity:    moderate
References:  1177458,1177490,1177510
This update for systemd fixes the following issues:

- build-sys: optionally disable support of journal over the network (bsc#1177458)
- ask-password: prevent buffer overflow when reading from keyring (bsc#1177510)
- mount: don't propagate errors from mount_setup_unit() further up
- Rely on the new build option --disable-remote for journal_remote
  This allows to drop the workaround that consisted in cleaning journal-upload files and
  {sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled.
- Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package 
- Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458)
  These files were incorrectly packaged in the main package when systemd-journal_remote was disabled.
- Make use of %{_unitdir} and %{_sysusersdir}
- Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490)

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2020:3462-1
Released:    Fri Nov 20 13:14:35 2020
Summary:     Recommended update for pam and sudo
Type:        recommended
Severity:    moderate
References:  1174593,1177858,1178727
This update for pam and sudo fixes the following issue:

pam:

- pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858)
- Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)
- Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593)

sudo:

- Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593)

SUSE: 2020:698-1 ses/7/ceph/grafana Security Update

November 26, 2020

Summary

Advisory ID: SUSE-RU-2020:3249-1 Released: Fri Nov 6 17:02:51 2020 Summary: Recommended update for grafana Type: recommended Severity: moderate Advisory ID: SUSE-RU-2020:3290-1 Released: Wed Nov 11 12:25:32 2020 Summary: Recommended update for findutils Type: recommended Severity: moderate Advisory ID: SUSE-SU-2020:3313-1 Released: Thu Nov 12 16:07:37 2020 Summary: Security update for openldap2 Type: security Severity: important Advisory ID: SUSE-SU-2020:3377-1 Released: Thu Nov 19 09:29:32 2020 Summary: Security update for krb5 Type: security Severity: moderate Advisory ID: SUSE-RU-2020:3381-1 Released: Thu Nov 19 10:53:38 2020 Summary: Recommended update for systemd Type: recommended Severity: moderate Advisory ID: SUSE-RU-2020:3462-1 Released: Fri Nov 20 13:14:35 2020 Summary: Recommended update for pam and sudo Type: recommended Severity: moderate

References

References : 1174232 1174593 1177458 1177490 1177510 1177858 1178387 1178512

1178727 CVE-2020-25692 CVE-2020-28196

This update for grafana fixes the following issues:

- Update to version 7.1.5:

* Features / Enhancements

- Stats: Stop counting the same user multiple times.

- Field overrides: Filter by field name using regex.

- AzureMonitor: map more units.

- Explore: Don't run queries on datasource change.

- Graph: Support setting field unit & override data source (automatic) unit.

- Explore: Unification of logs/metrics/traces user interface

- Table: JSON Cell should try to convert strings to JSON

- Variables: enables cancel for slow query variables queries.

- TimeZone: unify the time zone pickers to one that can rule them all.

- Search: support URL query params.

- Grafana-UI: Add FileUpload.

- TablePanel: Sort numbers correctly.

* Bug fixes

- Alerting: remove LongToWide call in alerting.

- AzureMonitor: fix panic introduced in 7.1.4 when unit was unspecified and alias was used.

- Variables: Fixes issue with All variable not being resolved.

- Templating: Fixes so texts show in picker not the values.

- Templating: Templating: Fix undefined result when using raw interpolation format

- TextPanel: Fix content overflowing panel boundaries.

- StatPanel: Fix stat panel display name not showing when explicitly set.

- Query history: Fix search filtering if null value.

- Flux: Ensure connections to InfluxDB are closed.

- Dashboard: Fix for viewer can enter panel edit mode by modifying url (but cannot not save anything).

- Prometheus: Fix prom links in mixed mode.

- Sign In Use correct url for the Sign In button.

- StatPanel: Fixes issue with name showing for single series / field results

- BarGauge: Fix space bug in single series mode.

- Auth: Fix POST request failures with anonymous access

- Templating: Fix recursive loop of template variable queries when changing ad-hoc-variable

- Templating: Fixed recursive queries triggered when switching dashboard settings view

- GraphPanel: Fix annotations overflowing panels.

- Prometheus: Fix performance issue in processing of histogram labels.

- Datasources: Handle URL parsing error.

- Security: Use Header.Set and Header.Del for X-Grafana-User header.

* Changes in spec file

- Fix golang version = 1.14 to avoid dependency conflicts on some OBS projects

1174232

This update for findutils fixes the following issues:

- Do not unconditionally use leaf optimization for NFS. (bsc#1174232)

NFS st_nlink are not accurate on all implementations, leading to aborts() if that assumption is made.

1178387,CVE-2020-25692

This update for openldap2 fixes the following issues:

- CVE-2020-25692: Fixed an unauthenticated remote denial of service due to incorrect validation of modrdn equality rules (bsc#1178387).

1178512,CVE-2020-28196

This update for krb5 fixes the following security issue:

- CVE-2020-28196: Fixed an unbounded recursion via an ASN.1-encoded Kerberos message (bsc#1178512).

1177458,1177490,1177510

This update for systemd fixes the following issues:

- build-sys: optionally disable support of journal over the network (bsc#1177458)

- ask-password: prevent buffer overflow when reading from keyring (bsc#1177510)

- mount: don't propagate errors from mount_setup_unit() further up

- Rely on the new build option --disable-remote for journal_remote

This allows to drop the workaround that consisted in cleaning journal-upload files and

{sysusers.d,tmpfiles.d}/systemd-remote.conf manually when 'journal_remote' support was disabled.

- Move journal-{remote,upload}.conf.5.gz man pages into systemd-journal_remote sub package

- Make sure {sysusers.d,tmpfiles.d}/systemd-remote.conf are not shipped with --without=journal_remote (bsc#1177458)

These files were incorrectly packaged in the main package when systemd-journal_remote was disabled.

- Make use of %{_unitdir} and %{_sysusersdir}

- Remove mq-deadline selection from 60-io-scheduler.rules (bsc#1177490)

1174593,1177858,1178727

This update for pam and sudo fixes the following issue:

pam:

- pam_xauth: do not *free* a string which has been successfully passed to *putenv*. (bsc#1177858)

- Initialize the local variable *daysleft* to avoid a misleading warning for password expire days. (bsc#1178727)

- Run /usr/bin/xauth using the old user's and group's identifiers. (bsc#1174593)

sudo:

- Fix a problem with pam_xauth which checks effective and real uids to get the real identity of the user. (bsc#1174593)

Severity
Container Advisory ID : SUSE-CU-2020:698-1
Container Tags : ses/7/ceph/grafana:7.1.5 , ses/7/ceph/grafana:7.1.5.3.287 , ses/7/ceph/grafana:latest , ses/7/ceph/grafana:sle15.2.octopus
Container Release : 3.287
Severity : important
Type : security

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved