SUSE: 2024:1530-2 Moderate: Grafana And Mybatis Security Advisory
suse
June 24, 2024
* bsc#1219912 * bsc#1222155 * jsc#MSQA-760 Cross-References:
Summary
## This update for grafana and mybatis fixes the following issues: grafana was updated to version 9.5.18: * Grafana now requires Go 1.20 * Security issues fixed: * CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155) * CVE-2023-6152: Add email verification when updating user email (bsc#1219912) * Other non-security related changes: * Version 9.5.17: * [FEATURE] Alerting: Backport use Alertmanager API v2 * Version 9.5.16: * [BUGFIX] Annotations: Split cleanup into separate queries and deletes to avoid deadlocks on MySQL * Version 9.5.15: * [FEATURE] Alerting: Attempt to retry retryable errors * Version 9.5.14: * [BUGFIX] Alerting: Fix state manager to not keep datasource_uid and ref_id labels in state after Error
References
* bsc#1219912
* bsc#1222155
* jsc#MSQA-760
Cross-
* CVE-2023-6152
* CVE-2024-1313
CVSS scores:
* CVE-2023-6152 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
* CVE-2024-1313 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Affected Products:
* openSUSE Leap 15.6
* SUSE Linux Enterprise Desktop 15 SP6
* SUSE Linux Enterprise Real Time 15 SP6
* SUSE Linux Enterprise Server 15 SP6
* SUSE Linux Enterprise Server for SAP Applications 15 SP6
* SUSE Package Hub 15 15-SP6
An update that solves two vulnerabilities and contains one feature can now be
installed.
##
* https://www.suse.com/security/cve/CVE-2023-6152.html
* https://www.suse.com/security/cve/CVE-2024-1313.html
* https://bugzilla.suse.com/show_bug.cgi?id=1219912
PREVIOUS
NEXT
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!