Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -4 articles for you...
217
security advisorycriticalgrafanaOracle Linux 8 ELSA-2022-5717 Critical: Grafana OAuth Account Takeover
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-5717 https://linux.oracle.com/errata/ELSA-2022-5717.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: grafana-7.5.11-3.el8_6.x86_64.rpm aarch64: grafana-7.5.11-3.el8_6.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol8/SRPMS-updates/grafana-7.5.11-3.el8_6.src.rpm Related CVEs: CVE-2022-31107 Description of changes: [7.5.11-3] - resolve CVE-2022-31107 grafana: OAuth account takeover _______________________________________________ El-errata mailing list
Jul 27, 2022
•Critical
Oracle
98
security advisoryupdatered hatRed Hat Enterprise Linux 8 RHSA-2022-5718-01 Critical: OAuth Issue
An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: grafana security update Advisory ID: RHSA-2022:5718-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5718 Issue date: 2022-07-26 CVE Names: CVE-2022-31107 ==================================================================== 1. Summary: An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream EUS (v.8.4) - aarch64, ppc64le, s390x, x86_64 3. Description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * grafana: OAuth account takeover (CVE-2022-31107) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2104367 - CVE-2022-31107 grafana: OAuth account takeover 6. Package List: Red Hat Enterprise Linux AppStream EUS(v.8.4): Source: grafana-7.3.6-5.el8_4.src.rpm aarch64: grafana-7.3.6-5.el8_4.aarch64.rpm grafana-debuginfo-7.3.6-5.el8_4.aarch64.rpm ppc64le: grafana-7.3.6-5.el8_4.ppc64le.rpm grafana-debuginfo-7.3.6-5.el8_4.ppc64le.rpm s390x: grafana-7.3.6-5.el8_4.s390x.rpm grafana-debuginfo-7.3.6-5.el8_4.s390x.rpm x86_64: grafana-7.3.6-5.el8_4.x86_64.rpm grafana-debuginfo-7.3.6-5.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-31107 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYuFjz9zjgjWX9erEAQiR/Q/+MvAeGRr9zpOmP6dW0prqWnHUzcIgTyfA MdGsfAu2PACuEEGC6i8BGN/0fJmYNIkW7sAnUBKApfkIrEPNz1dyb7yN8jh3v9ld AbaFsLs94UXUEoYVofAk/UKSv6EpPRqPN0qGNTlhOu3SImoWo7XpdMdHpvS7v7kL 3ChC2ANxXk6lyKiHKQeYi95eAxZMFv9EYW5MxJrn6U43wR7C9QFwq+oEXHbZ7VGB DW4vLtxOvxUeLyFXLaR5bn51A/uEVdQfgcF4vzfNbde4UahTIzKr9nAK2NhU0qAl 5Qr6uiyaihgwBhhN+5khEiNAxdjhWyGWoB9xvYOjXgl2rhG+cB7zSFUd70w0BNjl nPGDjQ8QhMm7AopA/RE8UTDlriqfwtUuzKlRTnbLOnJ3G8AWMDX5uRU1Z7D/s2nN Q7+l7rAOBUmhFt7i9fTwr5BjTbIJCptm+C4X5y3DEOnAqJsa2vW1pSlFRiK5U5NB udAURq+yl8yhO0Jku3PtaHc5qjx6J9Qj9/MiGr3RoFiFOK1Qmo3Lr9CneQ1t5ZyI 8age5JpSy8XsvZblF/bqm0Dz/7a+yUN/MrDgZFh5VJE5KpqV2JyzNDK5Mvdv3FtN XBXPltOuIjy5sdSErFFyfG81i+eFMvhEogjj57JkG7nbTkReaH9FDh3eg9tfnqrY feVwq9+bIKk=ZIpt -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 27, 2022
•Important
Red Hat
217
security advisorycriticalsoftware updateOracle Linux 9 ELSA-2022-5716: Grafana OAuth Account Takeover Fix
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-5716 https://linux.oracle.com/errata/ELSA-2022-5716.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: grafana-7.5.11-5.el9_0.x86_64.rpm aarch64: grafana-7.5.11-5.el9_0.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates/grafana-7.5.11-5.el9_0.src.rpm Related CVEs: CVE-2022-31107 Description of changes: [7.5.11-5] - resolve CVE-2022-31107 grafana: OAuth account takeover _______________________________________________ El-errata mailing list
Jul 27, 2022
•Important
Oracle
98
security advisoryimportantsecurity impactRed Hat Enterprise Linux 8 RHSA-2022:5717-01 Important OAuth Fix
An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: grafana security update Advisory ID: RHSA-2022:5717-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:5717 Issue date: 2022-07-26 CVE Names: CVE-2022-31107 ==================================================================== 1. Summary: An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * grafana: OAuth account takeover (CVE-2022-31107) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2104367 - CVE-2022-31107 grafana: OAuth account takeover 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: grafana-7.5.11-3.el8_6.src.rpm aarch64: grafana-7.5.11-3.el8_6.aarch64.rpm grafana-debuginfo-7.5.11-3.el8_6.aarch64.rpm ppc64le: grafana-7.5.11-3.el8_6.ppc64le.rpm grafana-debuginfo-7.5.11-3.el8_6.ppc64le.rpm s390x: grafana-7.5.11-3.el8_6.s390x.rpm grafana-debuginfo-7.5.11-3.el8_6.s390x.rpm x86_64: grafana-7.5.11-3.el8_6.x86_64.rpm grafana-debuginfo-7.5.11-3.el8_6.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2022-31107 https://access.redhat.com/security/updates/classification#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYuAeoNzjgjWX9erEAQizoQ/+ONabfmKlX0xTg/9wkoBe1tcYg9xkXCYc 4ftLJwqAjeRi+gNX1jEkisonRwvfej79t8r8RH2aSqXyAdrSLmrz9HvaArP/nUuk Qk2aLcB1qQQm9/p5zirocUBwiG9K19DOlC6IjWWSp/qkY2WDgpAk2NhgGum5k5S4 GrA+HyThXiwy5718Z2xuaNbBRuqY/6tLDhKkJTtjNP8RtJMZQIUaZMi8HupW+CTr HV1844EfYrxgJkJpOBBWdAgRSqcXCLTefC8nR9GfVwNdJPk1yBbas3i2j0hlQ4Bn DU5tpmTHpusaPgs8M5H2JY6YZy/3ajvVFwpX5Psoe2PDgHAB84jC+/Kz/ApU0H0k csUg55s4EOXgHr2gsR/vp2eqAa8tdliN8q8ymYn8hTwerYhR2qAxhoO7jlncb9B3 fZAFUzrcdid/kWNsIdsqlmyeqPPpcBHVoqvVkBa4pTMUxwMgvOKt3VEwFhYnS3jb /vGC02XAokuxEbl4kg/tXMsoxr8OFanRs88qWjmvQ9pK/dXLICexIoLZW2aYP1Lk ieDB2rGKV6BH053oJCUa93fvYb4RtDS+50M8BLUM49reeBPctNsX/Pn8Iwkyxryo G2pZKxs9FwV/eqyUvRi+GlsgQXb59889T47/Q2MtfG8R36N1n8XRtfUrBA2L3k1P 04kRVtbm36s=T2F5 -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jul 26, 2022
•Important
Red Hat
89
security advisoryFedoramemory corruptionFedora 20: 2015-4554 Moderate: Rest OAuth Memory Corruption
CVE-2015-2675 rest: memory corruption when using oauth because of implicit declaration of rest_proxy_call_get_url. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2015-4554 2015-03-26 16:38:36 -------------------------------------------------------------------------------- Name : rest Product : Fedora 20 Version : 0.7.93 Release : 1.fc20 URL : https://www.gnome.org/ Summary : A library for access to RESTful web services Description : This library was designed to make it easier to access web services that claim to be "RESTful". A RESTful service should have urls that represent remote objects, which methods can then be called on. The majority of services don't actually adhere to this strict definition. Instead, their RESTful end point usually has an API that is just simpler to use compared to other types of APIs they may support (XML-RPC, for instance). It is this kind of API that this library is attempting to support. -------------------------------------------------------------------------------- Update Information: CVE-2015-2675 rest: memory corruption when using oauth because of implicit declaration of rest_proxy_call_get_url -------------------------------------------------------------------------------- ChangeLog: * Wed Mar 18 2015 Kalev Lember - 0.7.93-1 - Update to 0.7.93 - Tighten deps with the _isa macro - Don't manually require pkgconfig; rpmbuild generates this automatically - Use license macro for the COPYING file * Fri Jan 9 2015 Debarshi Ray 0.7.92-6 - Backport upstream patch to fix a memory error (GNOME #742644) * Wed Sep 3 2014 Peter Robinson 0.7.92-5 - Update to 0.7.92 * Sun Aug 17 2014 Fedora Release Engineering - 0.7.91-5 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild * Wed Aug 6 2014 Peter Robinson 0.7.91-4 - Drop old patch that doesn't appear to be needed any more and causes build issues * Tue Jul 22 2014 Kalev Lember - 0.7.91-3 - Rebuilt forgobject-introspection 1.41.4 * Sun Jun 8 2014 Fedora Release Engineering - 0.7.91-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild * Tue Mar 11 2014 Richard Hughes - 0.7.91-1 - Update to 0.7.91 -------------------------------------------------------------------------------- References: [ 1 ] Bug #1112497 - Please update to librest 0.7.91 in f20 https://bugzilla.redhat.com/show_bug.cgi?id=1112497 [ 2 ] Bug #1204682 - rest: memory corruption when using oauth because of implicit declaration of rest_proxy_call_get_url [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1204682 -------------------------------------------------------------------------------- This update can be installed with the "yum" update program. Use su -c 'yum update rest' at the command line. For more information, refer to "Managing Software with yum", available at . All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list
Apr 18, 2015
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!