Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -3 articles for you...
100
security advisoryremote code executionSQL injectionSUSE: 2022:0355-1 Important: Elasticsearch And Kafka Security Fixes
An update that fixes four vulnerabilities is now available. . SUSE Security Update: Security update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-log-metrics, openstack-monasca-log-persister, openstack-monasca-log-transformer, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-monasca-thresh, openstack-monasca-thresh-kit, spark, spark-kit, venv-openstack-monasca, zookeeper, zookeeper-kit ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0355-1 Rating: important References: #1193662 #1194842 #1194843 #1194844 Cross-References: CVE-2021-4104 CVE-2022-23302 CVE-2022-23305 CVE-2022-23307 CVSS scores: CVE-2021-4104 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-4104 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-23302 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-23302 (SUSE): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H CVE-2022-23305 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23305 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-23307 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: HPE Helion Openstack 8 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud Crowbar 8 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for elasticsearch, elasticsearch-kit, kafka, kafka-kit, logstash, openstack-monasca-agent, openstack-monasca-log-metrics, openstack-monasca-log-persister, openstack-monasca-log-transformer, openstack-monasca-persister-java,openstack-monasca-persister-java-kit, openstack-monasca-thresh, openstack-monasca-thresh-kit, spark, spark-kit, venv-openstack-monasca, zookeeper, zookeeper-kit fixes the following issues: - CVE-2021-4104: Fixed remote code execution through JMS API via the ldap JNDI parser (bsc#1193662). - CVE-2022-23302: Fixed remote code execution in Log4j 1.x when application is configured to use JMSSink (bsc#1194842). - CVE-2022-23305: Fixed SQL injection in Log4j 1.x when application is configured to use JDBCAppender (bsc#1194843). - CVE-2022-23307: Fixed deserialization flaw in the Chainsaw component of Log4j 1 that could lead to malicious code execution (bsc#1194844). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2022-355=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2022-355=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2022-355=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (noarch): elasticsearch-2.4.2-5.6.1 openstack-monasca-agent-2.2.6~dev4-3.27.1 openstack-monasca-log-metrics-0.0.1-3.3.1 openstack-monasca-log-persister-0.0.1-5.3.1 openstack-monasca-log-transformer-0.0.1-4.3.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.9.1 openstack-monasca-thresh-2.1.1-4.6.1 python-monasca-agent-2.2.6~dev4-3.27.1 spark-1.6.3-8.12.1 zookeeper-server-3.4.10-3.15.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): kafka-0.10.2.2-5.12.1 logstash-2.4.1-5.10.1 storm-1.2.3-3.11.2 storm-nimbus-1.2.3-3.11.2 storm-supervisor-1.2.3-3.11.2 - SUSE OpenStack Cloud 8 (noarch): elasticsearch-2.4.2-5.6.1 openstack-monasca-agent-2.2.6~dev4-3.27.1 openstack-monasca-log-metrics-0.0.1-3.3.1 openstack-monasca-log-persister-0.0.1-5.3.1 openstack-monasca-log-transformer-0.0.1-4.3.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.9.1 openstack-monasca-thresh-2.1.1-4.6.1 python-monasca-agent-2.2.6~dev4-3.27.1 spark-1.6.3-8.12.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.40.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.41.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.38.1 venv-openstack-cinder-x86_64-11.2.3~dev29-14.42.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.39.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.36.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.39.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.43.1 venv-openstack-horizon-x86_64-12.0.5~dev6-14.46.1 venv-openstack-ironic-x86_64-9.1.8~dev8-12.41.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.43.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.40.1 venv-openstack-manila-x86_64-5.1.1~dev5-12.45.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.36.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.43.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.36.1 venv-openstack-neutron-x86_64-11.0.9~dev69-13.46.1 venv-openstack-nova-x86_64-16.1.9~dev92-11.44.1 venv-openstack-octavia-x86_64-1.0.6~dev3-12.41.1 venv-openstack-sahara-x86_64-7.0.5~dev4-11.40.1 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.31.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.40.1 zookeeper-server-3.4.10-3.15.1 - SUSE OpenStack Cloud 8 (x86_64): kafka-0.10.2.2-5.12.1 logstash-2.4.1-5.10.1 storm-1.2.3-3.11.2 storm-nimbus-1.2.3-3.11.2 storm-supervisor-1.2.3-3.11.2 - HPE Helion Openstack 8 (noarch): elasticsearch-2.4.2-5.6.1 openstack-monasca-agent-2.2.6~dev4-3.27.1 openstack-monasca-log-metrics-0.0.1-3.3.1 openstack-monasca-log-persister-0.0.1-5.3.1 openstack-monasca-log-transformer-0.0.1-4.3.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.9.1 openstack-monasca-thresh-2.1.1-4.6.1 python-monasca-agent-2.2.6~dev4-3.27.1 spark-1.6.3-8.12.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.40.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.41.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.38.1 venv-openstack-cinder-x86_64-11.2.3~dev29-14.42.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.39.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.36.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.39.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.43.1 venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.46.1 venv-openstack-ironic-x86_64-9.1.8~dev8-12.41.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.43.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.40.1 venv-openstack-manila-x86_64-5.1.1~dev5-12.45.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.36.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.43.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.36.1 venv-openstack-neutron-x86_64-11.0.9~dev69-13.46.1 venv-openstack-nova-x86_64-16.1.9~dev92-11.44.1 venv-openstack-octavia-x86_64-1.0.6~dev3-12.41.1 venv-openstack-sahara-x86_64-7.0.5~dev4-11.40.1 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.31.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.40.1 zookeeper-server-3.4.10-3.15.1 - HPE Helion Openstack 8 (x86_64): kafka-0.10.2.2-5.12.1 logstash-2.4.1-5.10.1 storm-1.2.3-3.11.2 storm-nimbus-1.2.3-3.11.2 storm-supervisor-1.2.3-3.11.2 References: https://www.suse.com/security/cve/CVE-2021-4104.html https://www.suse.com/security/cve/CVE-2022-23302.html https://www.suse.com/security/cve/CVE-2022-23305.html https://www.suse.com/security/cve/CVE-2022-23307.html https://bugzilla.suse.com/1193662 https://bugzilla.suse.com/1194842 https://bugzilla.suse.com/1194843 https://bugzilla.suse.com/1194844 . Keep your SUSE systems secure and efficient by updating Elasticsearch, Kafka, and Logstash to fix critical vulnerabilities with these detailed instructions. SUSE Security Update, Elasticsearch Patch, Kafka Vulnerabilities, Logstash Fix. . Severity: Important. LinuxSecurity.com Team
Feb 09, 2022
•Important
SuSE
100
security advisoryremote code executionimportantSUSE: 2021:4211-1 Critical: Elasticsearch Remote Code Execution
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for logstash ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4190-1 Rating: important References: #1193662 Cross-References: CVE-2021-4104 CVSS scores: CVE-2021-4104 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for logstash fixes the following issues: Fixed vulnerability related to log4j version 1.2.x - CVE-2021-4104: Fixed remote code execution through the JMS API via the ldap JNDI parser (bsc#1193662) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2021-4190=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2021-4190=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2021-4190=1 Package List: - SUSE OpenStack Cloud Crowbar 8 (x86_64): kafka-0.10.2.2-5.9.1 logstash-2.4.1-5.7.1 - SUSE OpenStack Cloud Crowbar 8 (noarch): elasticsearch-2.4.2-5.3.1 openstack-monasca-agent-2.2.6~dev4-3.21.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.6.1 openstack-monasca-thresh-2.1.1-4.3.1 python-monasca-agent-2.2.6~dev4-3.21.1 zookeeper-server-3.4.10-3.9.1 - SUSE OpenStack Cloud 8 (noarch): elasticsearch-2.4.2-5.3.1 openstack-monasca-agent-2.2.6~dev4-3.21.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.6.1 openstack-monasca-thresh-2.1.1-4.3.1 python-monasca-agent-2.2.6~dev4-3.21.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.34.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.35.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.32.1 venv-openstack-cinder-x86_64-11.2.3~dev29-14.36.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.33.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.30.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.33.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.37.1 venv-openstack-horizon-x86_64-12.0.5~dev6-14.40.1 venv-openstack-ironic-x86_64-9.1.8~dev8-12.35.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.37.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.34.1 venv-openstack-manila-x86_64-5.1.1~dev5-12.39.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.30.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.34.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.30.1 venv-openstack-neutron-x86_64-11.0.9~dev69-13.40.1 venv-openstack-nova-x86_64-16.1.9~dev92-11.38.1 venv-openstack-octavia-x86_64-1.0.6~dev3-12.35.1 venv-openstack-sahara-x86_64-7.0.5~dev4-11.34.1 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.25.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.34.1 zookeeper-server-3.4.10-3.9.1 - SUSE OpenStack Cloud 8 (x86_64): kafka-0.10.2.2-5.9.1 logstash-2.4.1-5.7.1 - HPE Helion Openstack 8 (x86_64): kafka-0.10.2.2-5.9.1 logstash-2.4.1-5.7.1 - HPE Helion Openstack 8 (noarch): elasticsearch-2.4.2-5.3.1 openstack-monasca-agent-2.2.6~dev4-3.21.1 openstack-monasca-persister-java-1.7.1~a0~dev2-3.6.1 openstack-monasca-thresh-2.1.1-4.3.1 python-monasca-agent-2.2.6~dev4-3.21.1 venv-openstack-aodh-x86_64-5.1.1~dev7-12.34.1 venv-openstack-barbican-x86_64-5.0.2~dev3-12.35.1 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.32.1 venv-openstack-cinder-x86_64-11.2.3~dev29-14.36.1 venv-openstack-designate-x86_64-5.0.3~dev7-12.33.1 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.30.1 venv-openstack-glance-x86_64-15.0.3~dev3-12.33.1 venv-openstack-heat-x86_64-9.0.8~dev22-12.37.1 venv-openstack-horizon-hpe-x86_64-12.0.5~dev6-14.40.1 venv-openstack-ironic-x86_64-9.1.8~dev8-12.35.1 venv-openstack-keystone-x86_64-12.0.4~dev11-11.37.1 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.34.1 venv-openstack-manila-x86_64-5.1.1~dev5-12.39.1 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.30.1 venv-openstack-monasca-x86_64-2.2.2~dev1-11.34.1 venv-openstack-murano-x86_64-4.0.2~dev2-12.30.1 venv-openstack-neutron-x86_64-11.0.9~dev69-13.40.1 venv-openstack-nova-x86_64-16.1.9~dev92-11.38.1 venv-openstack-octavia-x86_64-1.0.6~dev3-12.35.1 venv-openstack-sahara-x86_64-7.0.5~dev4-11.34.1 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.25.1 venv-openstack-trove-x86_64-8.0.2~dev2-11.34.1 zookeeper-server-3.4.10-3.9.1 References: https://www.suse.com/security/cve/CVE-2021-4104.html https://bugzilla.suse.com/1193662 . Addresses significant remote command execution vulnerability in logstash for SUSE OpenStack Cloud through crucial security patch.. SUSE OpenStack Security Update, Logstash Remote Code Execution, Patch Instructions. . Severity: Important. LinuxSecurity.com Team
Dec 24, 2021
•Important
SuSE
100
security advisoryremote code executionimportantSUSE: 2021:4160-1 Important: Logstash and Elasticsearch Remote Code Exploit
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for logstash, elasticsearch, kafka, zookeeper, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-thresh ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:4160-1 Rating: important References: #1193662 Cross-References: CVE-2021-4104 CVSS scores: CVE-2021-4104 (SUSE): 6.4 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for logstash, elasticsearch, kafka, zookeeper, openstack-monasca-agent, openstack-monasca-persister-java, openstack-monasca-thresh fixes the following issues: Fixed vulnerability related to log4j version 1.2.x: - CVE-2021-4104: Fixed remote code execution through the JMS API via the ldap JNDI parser (bsc#1193662) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2021-4160=1 - SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2021-4160=1 Package List: - SUSE OpenStack Cloud Crowbar 9 (noarch): elasticsearch-2.4.2-6.3.1 openstack-monasca-agent-2.8.2~dev5-3.12.1 openstack-monasca-persister-java-1.12.1~dev9-12.2 openstack-monasca-thresh-2.1.1-5.3.1 python-monasca-agent-2.8.2~dev5-3.12.1 zookeeper-server-3.4.13-3.6.1 - SUSE OpenStack Cloud Crowbar 9 (x86_64): kafka-0.10.2.2-3.2.1 logstash-2.4.1-7.3.1 - SUSE OpenStack Cloud 9(x86_64): kafka-0.10.2.2-3.2.1 logstash-2.4.1-7.3.1 - SUSE OpenStack Cloud 9 (noarch): elasticsearch-2.4.2-6.3.1 openstack-monasca-agent-2.8.2~dev5-3.12.1 openstack-monasca-persister-java-1.12.1~dev9-12.2 openstack-monasca-thresh-2.1.1-5.3.1 python-monasca-agent-2.8.2~dev5-3.12.1 venv-openstack-barbican-x86_64-7.0.1~dev24-3.27.1 venv-openstack-cinder-x86_64-13.0.10~dev23-3.30.1 venv-openstack-designate-x86_64-7.0.2~dev2-3.27.1 venv-openstack-glance-x86_64-17.0.1~dev30-3.25.1 venv-openstack-heat-x86_64-11.0.4~dev4-3.27.1 venv-openstack-horizon-x86_64-14.1.1~dev11-4.31.1 venv-openstack-ironic-x86_64-11.1.5~dev17-4.25.1 venv-openstack-keystone-x86_64-14.2.1~dev7-3.28.1 venv-openstack-magnum-x86_64-7.2.1~dev1-4.27.1 venv-openstack-manila-x86_64-7.4.2~dev60-3.33.1 venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.27.1 venv-openstack-monasca-x86_64-2.7.1~dev10-3.27.1 venv-openstack-neutron-x86_64-13.0.8~dev164-6.31.1 venv-openstack-nova-x86_64-18.3.1~dev91-3.31.1 venv-openstack-octavia-x86_64-3.2.3~dev7-4.27.1 venv-openstack-sahara-x86_64-9.0.2~dev15-3.27.1 venv-openstack-swift-x86_64-2.19.2~dev48-2.22.1 zookeeper-server-3.4.13-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-4104.html https://bugzilla.suse.com/1193662 . SUSE has released a security update that rectifies critical weaknesses in components like logstash and elasticsearch, significantly fortifying the overall security posture.. Logstash Update, Elasticsearch Security, Remote Code Exploit. . Severity: Important. LinuxSecurity.com Team
Dec 22, 2021
•Important
SuSE
198
security advisoryhigh severityinformation disclosureArch Linux 6.6.1-1 Advisory: Logstash High Severity Info Disclosure
The package logstash before version 6.6.1-1 is vulnerable to information disclosure. . Arch Linux Security Advisory ASA-201902-28 ========================================= Severity: High Date : 2019-02-25 CVE-ID : CVE-2019-7612 Package : logstash Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-913 Summary ====== The package logstash before version 6.6.1-1 is vulnerable to information disclosure. Resolution ========= Upgrade to 6.6.1-1. # pacman -Syu "logstash> =6.6.1-1" The problem has been fixed upstream in version 6.6.1. Workaround ========= None. Description ========== A sensitive data disclosure flaw was found in the way Logstash logs malformed URLs. If a malformed URL is specified as part of the Logstash configuration, the credentials for the URL could be inadvertently logged as part of the error message. Impact ===== A local attacker is able to obtain URL credentials by reading the error log. References ========= https://discuss.elastic.co/t/elastic-stack-6-6-1-and-5-6-15-security-update/169077 https://security.archlinux.org/CVE-2019-7612 . Arch Linux Security Advisory ASA-202204-15: elasticsearch vulnerability permits unauthorized access to sensitive data. Immediate update advised.. Logstash Information Disclosure, Arch Linux Security, Data Leak Mitigation. . LinuxSecurity.com Team
Feb 26, 2019
ArchLinux
100
security advisorymoderateSUSESUSE: 2018:2536-1 Moderate: Grafana, Kafka, Logstash Security Fixes
An update that solves three vulnerabilities and has 5 fixes is now available. . SUSE Security Update: Security update for grafana, kafka, logstash and monasca-installer ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2536-1 Rating: moderate References: #1086909 #1090192 #1090343 #1090849 #1094448 #1095603 #1096985 #1102920 Cross-References: CVE-2018-12099 CVE-2018-1288 CVE-2018-3817 Affected Products: SUSE OpenStack Cloud 7 ______________________________________________________________________________ An update that solves three vulnerabilities and has 5 fixes is now available. Description: This update for grafana, kafka, logstash and monasca-installer fixes the following issues: The following security issues have been fixed: grafana: - CVE-2018-12099: Fix Cross-Site-Scripting (XSS) vulnerabilities in dashboard links. (bsc#1096985) kafka: - CVE-2018-1288: Authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. (bsc#1102920) logstash: - CVE-2018-3817: Fix potential leak of sensitive data when logging warnings about deprecated options. (bsc#1090849) Additionally, the following non-security issues have been fixed: monasca-installer: - Add complete set of elasticsearch performance tunables. - Update to version Build_20180427_14.04 (bsc#1090192, bsc#1090343) - Fix bad elasticsearch-curator configuration. (bsc#1090192) - Enable bootstrap.memory_lock for Elasticsearch. (bsc#1090343) logstash: - Declare Gemfile as config to prevent loss of installed plugins when updating. - Stop installing prebuilt jruby for non-x86. kafka: - Update to version 0.10.2.2 (bsc#1102920, CVE-2018-1288) - Add noreplace directive for /etc/kafka/server.properties. - Reducepackage ownership of tmpfiles.d to bare minium. (SLE12 SP2) - Set log rotation options. (bsc#1094448) - Disable jmxremote debugging. (bsc#1095603) - Increase open file limits. (bsc#1086909) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud 7: zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1771=1 Package List: - SUSE OpenStack Cloud 7 (x86_64): grafana-4.5.1-1.8.1 kafka-0.10.2.2-5.1 logstash-2.4.1-5.1 - SUSE OpenStack Cloud 7 (noarch): monasca-installer-20180608_12.47-9.1 References: https://www.suse.com/security/cve/CVE-2018-12099.html https://www.suse.com/security/cve/CVE-2018-1288.html https://www.suse.com/security/cve/CVE-2018-3817.html https://bugzilla.suse.com/1086909 https://bugzilla.suse.com/1090192 https://bugzilla.suse.com/1090343 https://bugzilla.suse.com/1090849 https://bugzilla.suse.com/1094448 https://bugzilla.suse.com/1095603 https://bugzilla.suse.com/1096985 https://bugzilla.suse.com/1102920 . SUSE security update resolves critical issues in grafana, kafka, logstash, and monasca-installer software.. SUSE Update, Grafana Security, Kafka Issues, Logstash Fixes. . LinuxSecurity.com Team
Aug 28, 2018
SuSE
100
security advisorymoderatesecurity issueSUSE: 2018:2317-1 Moderate: Multiple Security Issues Resolved
An update that solves two vulnerabilities and has 5 fixes is now available. . SUSE Security Update: Security update for grafana, kafka, logstash, openstack-monasca-installer ______________________________________________________________________________ Announcement ID: SUSE-SU-2018:2317-1 Rating: moderate References: #1090336 #1090849 #1094448 #1095603 #1096985 #1097847 #1101366 Cross-References: CVE-2018-12099 CVE-2018-3817 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ An update that solves two vulnerabilities and has 5 fixes is now available. Description: This update for grafana, kafka, logstash, openstack-monasca-installer fixes the following issues: Security issues fixed: - CVE-2018-12099: grafana: Fix XSS vulnerabilities in dashboard links (bsc#1096985). - CVE-2018-3817: logstash: Fix inadvertently logging of sensitive information (bsc#1090849). Bug fixes: - bsc#1095603: Disable jmxremote debugging. - bsc#1097847: Make time series database schema setup conditional. - bsc#1094448: Set log rotation options. - bsc#1090336: Add complete set of elasticsearch performance tunables. - bsc#1101366: Fix build issues with s390x, ppc64le and aarch64. - Fix various spec errors affecting Leap 15 and Tumbleweed Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1553=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2018-1553=1 - HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2018-1553=1 PackageList: - SUSE OpenStack Cloud Crowbar 8 (noarch): openstack-monasca-installer-20180622_15.06-3.6.1 - SUSE OpenStack Cloud Crowbar 8 (x86_64): grafana-4.5.1-4.3.1 grafana-debuginfo-4.5.1-4.3.1 grafana-debugsource-4.5.1-4.3.1 kafka-0.9.0.1-5.3.1 logstash-2.4.1-5.4.1 - SUSE OpenStack Cloud 8 (noarch): openstack-monasca-installer-20180622_15.06-3.6.1 - SUSE OpenStack Cloud 8 (x86_64): grafana-4.5.1-4.3.1 grafana-debuginfo-4.5.1-4.3.1 grafana-debugsource-4.5.1-4.3.1 kafka-0.9.0.1-5.3.1 logstash-2.4.1-5.4.1 - HPE Helion Openstack 8 (noarch): openstack-monasca-installer-20180622_15.06-3.6.1 - HPE Helion Openstack 8 (x86_64): grafana-4.5.1-4.3.1 grafana-debuginfo-4.5.1-4.3.1 grafana-debugsource-4.5.1-4.3.1 kafka-0.9.0.1-5.3.1 logstash-2.4.1-5.4.1 References: https://www.suse.com/security/cve/CVE-2018-12099.html https://www.suse.com/security/cve/CVE-2018-3817.html https://bugzilla.suse.com/1090336 https://bugzilla.suse.com/1090849 https://bugzilla.suse.com/1094448 https://bugzilla.suse.com/1095603 https://bugzilla.suse.com/1096985 https://bugzilla.suse.com/1097847 https://bugzilla.suse.com/1101366 . The SUSE Security Update resolves various vulnerabilities affecting grafana, kafka, logstash, and openstack-monasca-installer.. SUSE OpenStack, Grafana Security, Kafka Update, Logstash Fix, OpenStack Installer. . LinuxSecurity.com Team
Aug 14, 2018
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!