Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
172
security advisoryaccess controlUbuntuUbuntu 20.04 & 18.04 USN-5451-1 Moderate: InfluxDB Authentication Bypass
An InfluxDB vulnerability allowed attackers to login as any known database user.. =========================================================================Ubuntu Security Notice USN-5451-1 May 31, 2022 influxdb vulnerability ========================================================================= A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: An InfluxDB vulnerability allowed attackers to login as any known database user. Software Description: - influxdb: Scalable datastore for metrics, events, and real-time analytics Details: Ilya Averyanov discovered that an InfluxDB vulnerability allowed attackers to bypass authentication and gain access to any known database user. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 20.04 LTS: influxdb 1.6.4-1+deb10u1build0.20.04.1 Ubuntu 18.04 LTS: influxdb 1.1.1+dfsg1-4+deb9u1ubuntu1 After a standard system update you need to restart the influxdb service to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-5451-1 CVE-2019-20933 Package Information: https://launchpad.net/ubuntu/+source/influxdb/1.6.4-1+deb10u1build0.20.04.1 https://launchpad.net/ubuntu/+source/influxdb/1.1.1+dfsg1-4+deb9u1ubuntu1 . A security flaw in InfluxDB on Ubuntu systems permits unauthorized access, enabling attackers to authenticate as any registered user. Immediate updates are advised.. InfluxDB Access Control, Ubuntu Security, Database Vulnerability. . LinuxSecurity.com Team
May 31, 2022
Ubuntu
100
security advisorymoderateupdateSUSE: 2021:3729-1 Moderate: OpenStack and Ansible Security Fixes
An update that solves four vulnerabilities, contains one feature and has one errata is now available. . SUSE Security Update: Security update for ardana-ansible, ardana-monasca, crowbar-openstack, influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, python-eventlet, rubygem-redcarpet, rubygem-puma ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3729-1 Rating: moderate References: #1180837 #1185836 #1186868 #1189052 #1191681 SOC-11543 Cross-References: CVE-2020-26298 CVE-2021-21419 CVE-2021-22141 CVE-2021-41136 CVSS scores: CVE-2020-26298 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2020-26298 (SUSE): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVE-2021-21419 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-21419 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22141 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE-2021-41136 (NVD) : 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N CVE-2021-41136 (SUSE): 3.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that solves four vulnerabilities, contains one feature and has one errata is now available. Description: This update for ardana-ansible, ardana-monasca, crowbar-openstack, influxdb, kibana, openstack-cinder, openstack-ec2-api, openstack-heat-gbp, openstack-heat-templates, openstack-horizon-plugin-gbp-ui, openstack-keystone, openstack-neutron-gbp, openstack-nova, python-eventlet, rubygem-redcarpet, rubygem-puma contains the following fixes: Security fixes included in this update: kibana: CVE-2021-22141: Fixed URL redirection flaw (bsc#1186868). python-eventlet: CVE-2021-21419: Fixed improper handling of highly compressed data and memory allocation with excessive size value. (bsc#1185836) rubygem-redcarpet: CVE-2020-26298: Fixed XSS via HTML escaping when processing quotes. (bsc#1180837) rubygem-puma: CVE-2021-41136: Fixes build of the Java state machine for parsing HTTP. (bsc#1191681) Non-security fixes included in this update: Changes in ardana-ansible: * Patch service.py to skip blank lines. Changes in ardana-monasca: * Use specific TLS versions for monasca-thresh DB connections. (SOC-11543) Changes in crowbar-openstack: * keystone wakeup: get new session on any error. (bsc#1189052) Changes in influxdb: - Set GO111MODULE=auto to fix build with go1.16 and later where default is GO111MODULE=on Canges in kibana: - Fix an open redirect flaw. (CVE-2021-22141, bsc#1186868) Changes in openstack-cinder: * Fix typo in Dell EMC Unity driver documentation. * Drop lower-constraints job. * [stable-only] Cap bandit to v1.6.2 and fix constraints. Changes in openstack-ec2-api: * Remove jobs corresponds to obselete featuresets. * OpenDev Migration Patch. Changes in openstack-heat-gbp: * Add support for Wallaby. * Fix upstream gate. Changes in openstack-heat-templates: * [ussuri][goal] Update contributor documentation. * Fix zuul config for heat-templates-check. * Remove testr. Changes in openstack-horizon-plugin-gbp-ui: * Add support for Wallaby. * Fix upstream gate. Changes in openstack-keystone: * Retry update\_user when sqlalchemy raises StaleDataErrors. * Pin keystone-tempest-plugin for py27 compatibility. Changes in openstack-neutron-gbp: * Fix update router API. * Fix HA IP DBmigration. * Revert "Fix HA IP DB migration". * Fix HA IP DB migration. * Add network\_id column to apic\_ml2\_ha\_ipaddress\_to\_port\_owner table. * Use custom converter for extra attributes. * Validate network before creating or updating router. * Fix Data Migration query for HA IP table. * System security grp:Add system sg in port sg list. * Add vrf column to apic\_ml2\_ha\_ipaddress\_to\_port\_owner table. * [apic\_aim]: Fix HA IP UTs. * Fixing the exception msg for IPAddressGenerationFailure. * Enhancement regarding router/instance attachment to an external network floating ip and snat subnets. * Setting legacy-group-based-policy-dsvm-aim to non-voting gate. * Add support for Wallaby. * Bug fixes for gbp-validate. * [apic\_aim]: Filter endpoint details. * Bugfix: Policy Enforcement Pref. * Fix unit-tests for tenant-scope validation. * [AIM] Add Policy Enforcement Pref to network extension. Changes in openstack-nova: * [neutron] Get only ID and name of the SGs from Neutron. * Remove allocations before setting vm\_status to SHELVED\_OFFLOADED. * libvirt:driver:Disallow AIO=native when 'O\_DIRECT' is not available. * Update pci stat pools based on PCI device changes. * Use subqueryload() instead of joinedload() for (system\_)metadata. Changes in python-eventlet: Websocket: Limit maximum uncompressed frame length to 8MiB. (bsc#1185836 CVE-2021-21419) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-3729=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-3729=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (x86_64): influxdb-1.3.8-4.6.1 influxdb-debuginfo-1.3.8-4.6.1 kibana-4.6.6-4.12.1 kibana-debuginfo-4.6.6-4.12.1 ruby2.1-rubygem-puma-2.16.0-4.15.1 ruby2.1-rubygem-puma-debuginfo-2.16.0-4.15.1 ruby2.1-rubygem-redcarpet-3.2.3-4.3.1 ruby2.1-rubygem-redcarpet-debuginfo-3.2.3-4.3.1 rubygem-puma-debugsource-2.16.0-4.15.1 rubygem-redcarpet-debugsource-3.2.3-4.3.1 - SUSE OpenStack Cloud Crowbar 9 (noarch): crowbar-openstack-6.0+git.1630614261.26948f746-3.37.2 openstack-cinder-13.0.10~dev23-3.31.2 openstack-cinder-api-13.0.10~dev23-3.31.2 openstack-cinder-backup-13.0.10~dev23-3.31.2 openstack-cinder-scheduler-13.0.10~dev23-3.31.2 openstack-cinder-volume-13.0.10~dev23-3.31.2 openstack-ec2-api-7.1.1~dev6-3.3.2 openstack-ec2-api-api-7.1.1~dev6-3.3.2 openstack-ec2-api-metadata-7.1.1~dev6-3.3.2 openstack-ec2-api-s3-7.1.1~dev6-3.3.2 openstack-heat-gbp-12.0.1~dev4-3.6.1 openstack-heat-templates-0.0.0+git.1628179051.7d761bff-3.12.1 openstack-horizon-plugin-gbp-ui-12.0.1~dev5-3.6.1 openstack-keystone-14.2.1~dev7-3.25.2 openstack-neutron-gbp-14.0.1~dev19-3.28.1 openstack-nova-18.3.1~dev91-3.40.1 openstack-nova-api-18.3.1~dev91-3.40.1 openstack-nova-cells-18.3.1~dev91-3.40.1 openstack-nova-compute-18.3.1~dev91-3.40.1 openstack-nova-conductor-18.3.1~dev91-3.40.1 openstack-nova-console-18.3.1~dev91-3.40.1 openstack-nova-novncproxy-18.3.1~dev91-3.40.1 openstack-nova-placement-api-18.3.1~dev91-3.40.1 openstack-nova-scheduler-18.3.1~dev91-3.40.1 openstack-nova-serialproxy-18.3.1~dev91-3.40.1 openstack-nova-vncproxy-18.3.1~dev91-3.40.1 python-cinder-13.0.10~dev23-3.31.2 python-ec2api-7.1.1~dev6-3.3.2 python-eventlet-0.20.0-8.3.1 python-heat-gbp-12.0.1~dev4-3.6.1 python-horizon-plugin-gbp-ui-12.0.1~dev5-3.6.1 python-keystone-14.2.1~dev7-3.25.2 python-neutron-gbp-14.0.1~dev19-3.28.1 python-nova-18.3.1~dev91-3.40.1 - SUSE OpenStack Cloud 9 (x86_64): influxdb-1.3.8-4.6.1 influxdb-debuginfo-1.3.8-4.6.1 kibana-4.6.6-4.12.1 kibana-debuginfo-4.6.6-4.12.1 - SUSE OpenStack Cloud 9 (noarch): ardana-ansible-9.0+git.1628097238.f6cbb0e-3.29.1 ardana-monasca-9.0+git.1627995376.30bdf85-3.25.1 openstack-cinder-13.0.10~dev23-3.31.2 openstack-cinder-api-13.0.10~dev23-3.31.2 openstack-cinder-backup-13.0.10~dev23-3.31.2 openstack-cinder-scheduler-13.0.10~dev23-3.31.2 openstack-cinder-volume-13.0.10~dev23-3.31.2 openstack-ec2-api-7.1.1~dev6-3.3.2 openstack-ec2-api-api-7.1.1~dev6-3.3.2 openstack-ec2-api-metadata-7.1.1~dev6-3.3.2 openstack-ec2-api-s3-7.1.1~dev6-3.3.2 openstack-heat-gbp-12.0.1~dev4-3.6.1 openstack-heat-templates-0.0.0+git.1628179051.7d761bff-3.12.1 openstack-horizon-plugin-gbp-ui-12.0.1~dev5-3.6.1 openstack-keystone-14.2.1~dev7-3.25.2 openstack-neutron-gbp-14.0.1~dev19-3.28.1 openstack-nova-18.3.1~dev91-3.40.1 openstack-nova-api-18.3.1~dev91-3.40.1 openstack-nova-cells-18.3.1~dev91-3.40.1 openstack-nova-compute-18.3.1~dev91-3.40.1 openstack-nova-conductor-18.3.1~dev91-3.40.1 openstack-nova-console-18.3.1~dev91-3.40.1 openstack-nova-novncproxy-18.3.1~dev91-3.40.1 openstack-nova-placement-api-18.3.1~dev91-3.40.1 openstack-nova-scheduler-18.3.1~dev91-3.40.1 openstack-nova-serialproxy-18.3.1~dev91-3.40.1 openstack-nova-vncproxy-18.3.1~dev91-3.40.1 python-cinder-13.0.10~dev23-3.31.2 python-ec2api-7.1.1~dev6-3.3.2 python-eventlet-0.20.0-8.3.1 python-heat-gbp-12.0.1~dev4-3.6.1 python-horizon-plugin-gbp-ui-12.0.1~dev5-3.6.1 python-keystone-14.2.1~dev7-3.25.2 python-neutron-gbp-14.0.1~dev19-3.28.1 python-nova-18.3.1~dev91-3.40.1 venv-openstack-barbican-x86_64-7.0.1~dev24-3.25.1 venv-openstack-cinder-x86_64-13.0.10~dev23-3.28.1 venv-openstack-designate-x86_64-7.0.2~dev2-3.25.1 venv-openstack-glance-x86_64-17.0.1~dev30-3.23.1 venv-openstack-heat-x86_64-11.0.4~dev4-3.25.1 venv-openstack-horizon-x86_64-14.1.1~dev11-4.29.1 venv-openstack-ironic-x86_64-11.1.5~dev17-4.23.1 venv-openstack-keystone-x86_64-14.2.1~dev7-3.26.1 venv-openstack-magnum-x86_64-7.2.1~dev1-4.25.1 venv-openstack-manila-x86_64-7.4.2~dev60-3.31.1 venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.25.1 venv-openstack-monasca-x86_64-2.7.1~dev10-3.23.1 venv-openstack-neutron-x86_64-13.0.8~dev164-6.29.1 venv-openstack-nova-x86_64-18.3.1~dev91-3.29.1 venv-openstack-octavia-x86_64-3.2.3~dev7-4.25.1 venv-openstack-sahara-x86_64-9.0.2~dev15-3.25.1 venv-openstack-swift-x86_64-2.19.2~dev48-2.20.1 References: https://www.suse.com/security/cve/CVE-2020-26298.html https://www.suse.com/security/cve/CVE-2021-21419.html https://www.suse.com/security/cve/CVE-2021-22141.html https://www.suse.com/security/cve/CVE-2021-41136.html https://bugzilla.suse.com/1180837 https://bugzilla.suse.com/1185836 https://bugzilla.suse.com/1186868 https://bugzilla.suse.com/1189052 https://bugzilla.suse.com/1191681 . This release focuses on resolving multiple concerns within different SUSE OpenStack modules, boosting overall security and performance.. SUSE Update, OpenStack Security, Ansible Fixes, Security Patch. . LinuxSecurity.com Team
Nov 19, 2021
SuSE
87
security advisoryupdatecriticalDebian: DSA-4823-1 InfluxDB Authentication Bypass Update
It was discovered that incorrect validation of JWT tokens in InfluxDB, a time series, metrics, and analytics database, could result in authentication bypass. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4823-1
Jan 01, 2021
•Important
Debian
100
security advisoryauthenticationSUSESUSE: 2020:3896-1 Important: Crowbar, Grafana, InfluxDB Security
An update that solves 6 vulnerabilities, contains one feature and has one errata is now available. . SUSE Security Update: Security update for crowbar-core, crowbar-openstack, grafana, influxdb, openstack-heat-templates, openstack-nova, python-Jinja2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3896-1 Rating: important References: #1117080 #1125815 #1132174 #1132323 #1178243 #1178988 #1179161 SOC-11240 Cross-References: CVE-2016-10745 CVE-2018-17954 CVE-2019-10906 CVE-2019-20933 CVE-2019-8341 CVE-2020-24303 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains one feature and has one errata is now available. Description: This update for crowbar-core, crowbar-openstack, grafana, influxdb, openstack-heat-templates, openstack-nova, python-Jinja2 fixes the following issues: Security fixes included in this request: grafana: - CVE-2020-24303: Fixed an XXS with series overides. (bsc#1178243) influxdb: - CVE-2019-20933: Fixed an authentication bypass. (bsc#1178988) python-Jinja2: - CVE-2019-10906, CVE-2019-8341, CVE-2016-10745: "SandboxedEnvironment" securely handles "str.format_map" in order to prevent code execution through untrusted format strings. (bsc#1132323, bsc#1125815, bsc#1132174) Non-security fixes included in this request: Changes in crowbar-core.SUSE_SLE-12-SP3_Update_Products_Cloud8: - Update to version 5.0+git.1606840757.839a64745: * ntp: Do not use rate-limiting (bsc#1179161) Changes in crowbar-openstack.SUSE_SLE-12-SP3_Update_Products_Cloud8: - Update to version 5.0+git.1604938523.ded915845: * rabbitmq: Fix crm running check (SOC-11240) Changes in grafana.SUSE_SLE-12-SP3_Update_Products_Cloud8_Update: - Fix bsc#1178243 CVE-2020-24303 by adding 25401-Fix-XSS-vulnerability-with-series-overrides.patch Changes in influxdb.SUSE_SLE-12-SP3_Update_Products_Cloud8: - Add CVE-2019-20933.patch (bsc#1178988, CVE-2019-20933) to fix authentication bypass - Declare license files correctly Changes in openstack-heat-templates.SUSE_SLE-12-SP3_Update_Products_Cloud8_Update: - Update to version 0.0.0+git.1605509190.64f020b: * Fix software config on rdo * optimize size and time using --no-cache-dir * add template for servers using Octavia - Update to version 0.0.0+git.1604032742.c5733ee: * Move heat-templates-check job to zuul v3 Changes in openstack-nova-doc.SUSE_SLE-12-SP3_Update_Products_Cloud8_Update: - Update to version nova-16.1.9.dev77: * Follow up for cherry-pick check for merge patch Changes in openstack-nova.SUSE_SLE-12-SP3_Update_Products_Cloud8_Update: - Update to version nova-16.1.9.dev77: * Follow up for cherry-pick check for merge patch Changes in python-Jinja2.SUSE_SLE-12-SP3_Update_Products_Cloud8_Update: - add 0001-sandbox-str.format_map.patch (bsc#1132323, CVE-2019-10906, bsc#1125815, CVE-2019-8341) * "SandboxedEnvironment" securely handles "str.format_map" in order to prevent code execution through untrusted format strings. The sandbox already handled "str.format". - add 0001-SECURITY-support-sandboxing-in-format-expressions.patch (bsc#1132174, CVE-2016-10745) - Allows Recommends and Suggest in Fedora - Recommends only for SUSE Changes in rubygem-crowbar-client: - Update to 3.9.3 - Enable restricted commands for Cloud 7 (bsc#1117080, CVE-2018-17954) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack CloudCrowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-3896=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-3896=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-3896=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): crowbar-openstack-5.0+git.1604938523.ded915845-4.46.1 openstack-heat-templates-0.0.0+git.1605509190.64f020b-3.18.1 openstack-nova-16.1.9~dev77-3.42.1 openstack-nova-api-16.1.9~dev77-3.42.1 openstack-nova-cells-16.1.9~dev77-3.42.1 openstack-nova-compute-16.1.9~dev77-3.42.1 openstack-nova-conductor-16.1.9~dev77-3.42.1 openstack-nova-console-16.1.9~dev77-3.42.1 openstack-nova-consoleauth-16.1.9~dev77-3.42.1 openstack-nova-doc-16.1.9~dev77-3.42.1 openstack-nova-novncproxy-16.1.9~dev77-3.42.1 openstack-nova-placement-api-16.1.9~dev77-3.42.1 openstack-nova-scheduler-16.1.9~dev77-3.42.1 openstack-nova-serialproxy-16.1.9~dev77-3.42.1 openstack-nova-vncproxy-16.1.9~dev77-3.42.1 python-Jinja2-2.9.6-3.3.1 python-nova-16.1.9~dev77-3.42.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): crowbar-core-5.0+git.1606840757.839a64745-3.47.1 crowbar-core-branding-upstream-5.0+git.1606840757.839a64745-3.47.1 grafana-6.7.4-4.15.1 grafana-debuginfo-6.7.4-4.15.1 influxdb-1.3.4-4.3.1 influxdb-debuginfo-1.3.4-4.3.1 influxdb-debugsource-1.3.4-4.3.1 ruby2.1-rubygem-crowbar-client-3.9.3-3.15.1 - SUSE OpenStack Cloud 8 (noarch): openstack-heat-templates-0.0.0+git.1605509190.64f020b-3.18.1 openstack-nova-16.1.9~dev77-3.42.1 openstack-nova-api-16.1.9~dev77-3.42.1 openstack-nova-cells-16.1.9~dev77-3.42.1 openstack-nova-compute-16.1.9~dev77-3.42.1 openstack-nova-conductor-16.1.9~dev77-3.42.1 openstack-nova-console-16.1.9~dev77-3.42.1 openstack-nova-consoleauth-16.1.9~dev77-3.42.1 openstack-nova-doc-16.1.9~dev77-3.42.1 openstack-nova-novncproxy-16.1.9~dev77-3.42.1 openstack-nova-placement-api-16.1.9~dev77-3.42.1 openstack-nova-scheduler-16.1.9~dev77-3.42.1 openstack-nova-serialproxy-16.1.9~dev77-3.42.1 openstack-nova-vncproxy-16.1.9~dev77-3.42.1 python-Jinja2-2.9.6-3.3.1 python-nova-16.1.9~dev77-3.42.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.30.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.31.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.28.1 venv-openstack-cinder-x86_64-11.2.3~dev29-14.32.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.29.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.26.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.29.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.31.1 venv-openstack-ironic-x86_64-9.1.8~dev8-12.31.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.32.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.30.1 venv-openstack-manila-x86_64-5.1.1~dev5-12.35.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.26.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.26.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.26.1 venv-openstack-neutron-x86_64-11.0.9~dev69-13.34.1 venv-openstack-nova-x86_64-16.1.9~dev77-11.32.1 venv-openstack-octavia-x86_64-1.0.6~dev3-12.31.1 venv-openstack-sahara-x86_64-7.0.5~dev4-11.30.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.30.1 - SUSE OpenStack Cloud 8 (x86_64): grafana-6.7.4-4.15.1 grafana-debuginfo-6.7.4-4.15.1 influxdb-1.3.4-4.3.1 influxdb-debuginfo-1.3.4-4.3.1 influxdb-debugsource-1.3.4-4.3.1 - HPE Helion Openstack 8 (noarch): openstack-heat-templates-0.0.0+git.1605509190.64f020b-3.18.1 openstack-nova-16.1.9~dev77-3.42.1 openstack-nova-api-16.1.9~dev77-3.42.1 openstack-nova-cells-16.1.9~dev77-3.42.1 openstack-nova-compute-16.1.9~dev77-3.42.1 openstack-nova-conductor-16.1.9~dev77-3.42.1 openstack-nova-console-16.1.9~dev77-3.42.1 openstack-nova-consoleauth-16.1.9~dev77-3.42.1 openstack-nova-doc-16.1.9~dev77-3.42.1 openstack-nova-novncproxy-16.1.9~dev77-3.42.1 openstack-nova-placement-api-16.1.9~dev77-3.42.1 openstack-nova-scheduler-16.1.9~dev77-3.42.1 openstack-nova-serialproxy-16.1.9~dev77-3.42.1 openstack-nova-vncproxy-16.1.9~dev77-3.42.1 python-Jinja2-2.9.6-3.3.1 python-nova-16.1.9~dev77-3.42.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.30.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.31.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.28.1 venv-openstack-cinder-x86_64-11.2.3~dev29-14.32.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.29.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.26.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.29.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.31.1 venv-openstack-ironic-x86_64-9.1.8~dev8-12.31.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.32.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.30.1 venv-openstack-manila-x86_64-5.1.1~dev5-12.35.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.26.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.26.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.26.1 venv-openstack-neutron-x86_64-11.0.9~dev69-13.34.1 venv-openstack-nova-x86_64-16.1.9~dev77-11.32.1 venv-openstack-octavia-x86_64-1.0.6~dev3-12.31.1 venv-openstack-sahara-x86_64-7.0.5~dev4-11.30.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.30.1 - HPE Helion Openstack 8 (x86_64): grafana-6.7.4-4.15.1 grafana-debuginfo-6.7.4-4.15.1 influxdb-1.3.4-4.3.1 influxdb-debuginfo-1.3.4-4.3.1 influxdb-debugsource-1.3.4-4.3.1 References: https://www.suse.com/security/cve/CVE-2016-10745.html https://www.suse.com/security/cve/CVE-2018-17954.html https://www.suse.com/security/cve/CVE-2019-10906.html https://www.suse.com/security/cve/CVE-2019-20933.html https://www.suse.com/security/cve/CVE-2019-8341.html https://www.suse.com/security/cve/CVE-2020-24303.html https://bugzilla.suse.com/1117080 https://bugzilla.suse.com/1125815 https://bugzilla.suse.com/1132174 https://bugzilla.suse.com/1132323 https://bugzilla.suse.com/1178243 https://bugzilla.suse.com/1178988 https://bugzilla.suse.com/1179161 . A significant patch addresses various problems in crowbar-core, grafana, and influxdb within the SUSE OpenStack Cloud 8 environment.. SUSE OpenStack Security,Grafana Update,InfluxDB Fix. . Severity: Important. LinuxSecurity.com Team
Dec 21, 2020
•Important
SuSE
197
security advisorysecurity issueupdateDebian: DLA-2501-2 Urgent: InfluxDB User Access Flaw Detected
An issue has been found in influxdb, a scalable datastore for metrics, events, and real-time analytics. By using a JWT token with an empty shared secret, one is able to bypass . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-2501-1
Dec 20, 2020
•Important
Debian LTS
100
security advisorymoderateSUSESUSE: 2020:3624-1 Moderate: Crowbar, Grafana, InfluxDB Updates
An update that fixes 5 vulnerabilities, contains one feature is now available. . SUSE Security Update: Security update for crowbar-openstack, grafana, influxdb, python-urllib3 ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:3624-1 Rating: moderate References: #1005886 #1170479 #1177120 #1178243 #1178988 SOC-11240 Cross-References: CVE-2016-8611 CVE-2019-20933 CVE-2019-9740 CVE-2020-24303 CVE-2020-26137 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that fixes 5 vulnerabilities, contains one feature is now available. Description: This update for crowbar-openstack, grafana, influxdb, python-urllib3 contains the following fixes: Security fixes included in this update: openstack-glance - CVE-2016-8611: Added rate limiting for glance api (bnc#1005886) grafana - CVE-2020-24303: Fixed an XSS via a query alias for the ElasticSearch datasource (#bnc#1178243) influxdb - CVE-2019-20933: Fixed an authentication bypass (bnc#1178988) python-urlib3 - CVE-2019-9740: Fixed a CRLF injection in urllib3 (bnc#1129071). - CVE-2020-26137: Fixed a CRLF injection via HTTP request method (bnc#1177120) memcached - CVE-2018-1000115: Fixed a issue where a UDP server allowed spoofed traffic amplification DoS (bnc#1083903). Non-security fixes included in this update: Changes in crowbar-openstack: - Update to version 4.0+git.1604938545.30c10db18: * rabbitmq: Fix crm running check (SOC-11240) Changes in grafana: - Fix bnc#1178243 CVE-2020-24303 by adding 25401-Fix-XSS-vulnerability-with-series-overrides.patch Changes in influxdb: - Add CVE-2019-20933.patch (bnc#1178988, CVE-2019-20933) to fix authentication bypass_ - Declare license files correctly - Version 1.2.4: * The stress toolinflux_stress will be removed in a subsequent release. * Remove the override of GOMAXPROCS. * Uncomment section headers from the default configuration file. * Improve write performance significantly. * Prune data in meta store for deleted shards. * Update latest dependencies with Godeps. * Introduce syntax for marking a partial response with chunking. * Use X-Forwarded-For IP address in HTTP logger if present. * Add support for secure transmission via collectd. * Switch logging to use structured logging everywhere. * [CLI feature request] USE retention policy for queries. * Add clear command to cli. * Adding ability to use parameters in queries in the v2 client using the Parameters map in the Query struct. * Allow add items to array config via ENV * Support subquery execution in the query language. * Verbose output for SSL connection errors. * Cache snapshotting performance improvements - Partially revert previous change to fix build for Leap Changes in python-urllib3: - Update urllib3-fix-test-urls.patch. Adjust to match upstream solution. - Add urllib3-fix-test-urls.patch. Fix tests failing on python checks for CVE-2019-9740. - Add urllib3-cve-2020-26137.patch. Don't allow control chars in request method. (bnc#1177120, CVE-2020-26137) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2020-3624=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): grafana-6.7.4-1.20.1 influxdb-1.2.4-5.1 influxdb-debuginfo-1.2.4-5.1 - SUSE OpenStack Cloud 7 (noarch): crowbar-openstack-4.0+git.1604938545.30c10db18-9.77.1 python-urllib3-1.16-3.12.1 References: https://www.suse.com/security/cve/CVE-2016-8611.html https://www.suse.com/security/cve/CVE-2019-20933.html https://www.suse.com/security/cve/CVE-2019-9740.html https://www.suse.com/security/cve/CVE-2020-24303.html https://www.suse.com/security/cve/CVE-2020-26137.html https://bugzilla.suse.com/1005886 https://bugzilla.suse.com/1170479 https://bugzilla.suse.com/1177120 https://bugzilla.suse.com/1178243 https://bugzilla.suse.com/1178988 . SUSE has released a security update addressing 5 vulnerabilities in crowbar-openstack, grafana, influxdb, and python-urllib3, while also introducing enhancements.. SUSE Security Update,Crowbar OpenStack,Grafana Fixes,InfluxDB Update,Python-urllib3 Patch. . LinuxSecurity.com Team
Dec 04, 2020
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!