Bugzilla – Bug 1115960
VUL-0: CVE-2018-19039: grafana: users with Editor or Admin permissions can exfiltrate files
Last modified: 2022-09-15 15:59:47 UTC
rh#1649697 A security issue was found that could allow any users with Editor or Admin permissions in Grafana to read any file that the Grafana process can read from the filesystem. Note, that in order to exploit this you would need to be logged in to the system as a legitimate user with Editor or Admin permissions. External References: https://community.grafana.com/t/grafana-5-3-3-and-4-6-5-security-update/11961 References: https://bugzilla.redhat.com/show_bug.cgi?id=1649697 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-19039 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19039
Can someone look into this for Cloud7, Cloud8 and SES5 ?
This is an autogenerated message for OBS integration: This bug (1115960) was mentioned in https://build.opensuse.org/request/show/714594 Factory / grafana
SUSE-OU-2019:2022-1: An update that solves one vulnerability and has two fixes is now available. Category: optional (low) Bug References: 1044444,1044933,1115960 CVE References: CVE-2018-19039 Sources used: SUSE Manager Tools 12 (src): grafana-6.2.1-1.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-OU-2019:2023-1: An update that solves one vulnerability and has two fixes is now available. Category: optional (low) Bug References: 1044444,1044933,1115960 CVE References: CVE-2018-19039 Sources used: SUSE Manager Tools 15 (src): grafana-6.2.1-1.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:2046-1: An update that solves three vulnerabilities and has 14 fixes is now available. Category: security (moderate) Bug References: 1115960,1120657,1121530,1122053,1122825,1124170,1128453,1131712,1131791,1131899,1132542,1132654,1132832,1132852,1132853,1132860,1134336 CVE References: CVE-2018-19039,CVE-2019-10876,CVE-2019-11068 Sources used: SUSE OpenStack Cloud Crowbar 9 (src): caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-3.3.5, crowbar-6.0+git.1561125496.b7508480-3.6.5, crowbar-core-6.0+git.1562154525.5e2983308-3.3.8, crowbar-ha-6.0+git.1560951093.4af1ee5-3.3.7, crowbar-openstack-6.0+git.1562153583.4735fcf34-3.3.7, documentation-suse-openstack-cloud-crowbar-deployment-9.20190621-3.3.7, documentation-suse-openstack-cloud-crowbar-operations-9.20190621-3.3.7, documentation-suse-openstack-cloud-supplement-9.20190621-3.3.7, galera-python-clustercheck-0.0+git.1562242499.36b8b64-6.3.5, grafana-5.3.3-3.3.1, openstack-ceilometer-11.0.2~dev13-3.3.9, openstack-cinder-13.0.6~dev12-3.3.8, openstack-dashboard-14.0.4~dev4-3.3.8, openstack-designate-7.0.1~dev20-3.3.8, openstack-heat-11.0.3~dev5-3.3.8, openstack-horizon-plugin-designate-ui-7.0.1~dev7-3.3.8, openstack-horizon-plugin-heat-ui-1.4.1~dev4-4.3.7, openstack-horizon-plugin-magnum-ui-5.0.2~dev9-3.3.8, openstack-horizon-plugin-monasca-ui-1.14.1~dev7-3.3.9, openstack-ironic-11.1.4~dev2-3.3.9, openstack-ironic-python-agent-3.3.2~dev13-3.3.6, openstack-keystone-14.1.1~dev7-3.3.9, openstack-magnum-7.1.1~dev24-3.3.8, openstack-manila-7.3.1~dev2-4.3.8, openstack-monasca-agent-2.8.1~dev10-3.3.6, openstack-monasca-notification-1.14.1~dev8-6.3.6, openstack-neutron-13.0.4~dev89-3.3.7, openstack-neutron-fwaas-13.0.2~dev14-3.3.7, openstack-neutron-gbp-5.0.1~dev443-3.3.6, openstack-neutron-lbaas-13.0.1~dev12-3.3.7, openstack-neutron-vpnaas-13.0.2~dev4-3.3.7, openstack-nova-18.2.2~dev9-3.3.8, openstack-octavia-3.1.2~dev2-3.3.6, python-barbican-tempest-plugin-0.1.0-4.3.1, python-cinderclient-4.0.2-3.3.7, python-ironicclient-2.5.2-4.3.7, python-manila-tempest-plugin-0.1.0-3.3.5, python-manilaclient-1.24.2-3.3.7, python-os-brick-2.5.7-3.3.7, python-oslo.db-4.40.2-3.3.8, python-proliantutils-2.8.4-1.1, supportutils-plugin-suse-openstack-cloud-9.0.1562324636.e7046a3-1.1 SUSE OpenStack Cloud 9 (src): ardana-ansible-9.0+git.1560211997.7ac9792-3.3.5, ardana-barbican-9.0+git.1559292830.208d258-3.3.5, ardana-cassandra-9.0+git.1557220194.6a90deb-3.3.3, ardana-ceilometer-9.0+git.1557219517.7b97993-3.3.5, ardana-cinder-9.0+git.1559039284.6fc1d47-3.3.5, ardana-cluster-9.0+git.1557219586.7c96a6d-3.3.5, ardana-cobbler-9.0+git.1557219626.b190680-3.3.5, ardana-db-9.0+git.1560868957.42bcb70-3.3.5, ardana-designate-9.0+git.1558588538.9211022-3.3.5, ardana-glance-9.0+git.1559033522.5e5be1c-3.3.5, ardana-heat-9.0+git.1559036788.b727b53-3.3.5, ardana-horizon-9.0+git.1557219807.6036a8e-3.3.5, ardana-input-model-9.0+git.1557220534.883f8c9-3.3.5, ardana-installer-ui-9.0+git.1559171053.476225c-3.3.6, ardana-ironic-9.0+git.1560365077.17250c6-3.3.5, ardana-keystone-9.0+git.1559292289.b5ed172-3.3.5, ardana-logging-9.0+git.1557219914.6d7ebb5-3.3.5, ardana-magnum-9.0+git.1557219960.226e32b-3.3.5, ardana-manila-9.0+git.1556646861.58ce24f-3.3.5, ardana-memcached-9.0+git.1557219995.cd49525-3.3.5, ardana-monasca-9.0+git.1556731170.c8210e0-3.3.5, ardana-monasca-transform-9.0+git.1557220073.7e88cfa-3.3.5, ardana-mq-9.0+git.1560214193.fc0378b-3.3.5, ardana-neutron-9.0+git.1560464557.d2f6200-3.3.5, ardana-nova-9.0+git.1559869848.7a706df-3.3.5, ardana-octavia-9.0+git.1560519270.e0a2620-3.3.5, ardana-opsconsole-9.0+git.1553642196.ba23382-3.3.5, ardana-opsconsole-ui-9.0+git.1555530925.206f1a8-4.3.7, ardana-osconfig-9.0+git.1560269313.7ddaff2-3.3.5, ardana-service-9.0+git.1560974342.47a5b12-3.3.5, ardana-service-ansible-9.0+git.1557220501.ebd3011-3.3.5, ardana-ses-9.0+git.1554740095.48252d3-3.3.5, ardana-spark-9.0+git.1557220247.e78d1c3-3.3.5, ardana-swift-9.0+git.1559038506.cc119d9-3.3.5, ardana-tempest-9.0+git.1560949748.f0bd816-3.3.5, ardana-tls-9.0+git.1557220381.5641a2e-3.3.5, caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-3.3.5, documentation-suse-openstack-cloud-deployment-9.20190621-3.3.7, documentation-suse-openstack-cloud-operations-9.20190621-3.3.7, documentation-suse-openstack-cloud-security-9.20190621-3.3.7, documentation-suse-openstack-cloud-supplement-9.20190621-3.3.7, galera-python-clustercheck-0.0+git.1562242499.36b8b64-6.3.5, grafana-5.3.3-3.3.1, openstack-ceilometer-11.0.2~dev13-3.3.9, openstack-cinder-13.0.6~dev12-3.3.8, openstack-dashboard-14.0.4~dev4-3.3.8, openstack-designate-7.0.1~dev20-3.3.8, openstack-heat-11.0.3~dev5-3.3.8, openstack-horizon-plugin-designate-ui-7.0.1~dev7-3.3.8, openstack-horizon-plugin-heat-ui-1.4.1~dev4-4.3.7, openstack-horizon-plugin-magnum-ui-5.0.2~dev9-3.3.8, openstack-horizon-plugin-monasca-ui-1.14.1~dev7-3.3.9, openstack-ironic-11.1.4~dev2-3.3.9, openstack-ironic-python-agent-3.3.2~dev13-3.3.6, openstack-keystone-14.1.1~dev7-3.3.9, openstack-magnum-7.1.1~dev24-3.3.8, openstack-manila-7.3.1~dev2-4.3.8, openstack-monasca-agent-2.8.1~dev10-3.3.6, openstack-monasca-notification-1.14.1~dev8-6.3.6, openstack-neutron-13.0.4~dev89-3.3.7, openstack-neutron-fwaas-13.0.2~dev14-3.3.7, openstack-neutron-gbp-5.0.1~dev443-3.3.6, openstack-neutron-lbaas-13.0.1~dev12-3.3.7, openstack-neutron-vpnaas-13.0.2~dev4-3.3.7, openstack-nova-18.2.2~dev9-3.3.8, openstack-octavia-3.1.2~dev2-3.3.6, python-ardana-configurationprocessor-9.0+git.1558039547.f0d0ddf-3.4.1, python-barbican-tempest-plugin-0.1.0-4.3.1, python-cinderclient-4.0.2-3.3.7, python-cinderlm-0.0.2+git.1541454501.6148725-3.3.5, python-ironicclient-2.5.2-4.3.7, python-manila-tempest-plugin-0.1.0-3.3.5, python-manilaclient-1.24.2-3.3.7, python-os-brick-2.5.7-3.3.7, python-oslo.db-4.40.2-3.3.8, python-proliantutils-2.8.4-1.1, supportutils-plugin-suse-openstack-cloud-9.0.1562324636.e7046a3-1.1, venv-openstack-barbican-7.0.1~dev18-3.2.1, venv-openstack-cinder-13.0.6~dev12-3.2.1, venv-openstack-designate-7.0.1~dev20-3.3.1, venv-openstack-glance-17.0.1~dev16-3.3.1, venv-openstack-heat-11.0.3~dev5-3.3.1, venv-openstack-horizon-14.0.4~dev4-4.3.2, venv-openstack-ironic-11.1.4~dev2-4.3.2, venv-openstack-keystone-14.1.1~dev7-3.3.1, venv-openstack-magnum-7.1.1~dev24-4.3.2, venv-openstack-manila-7.3.1~dev2-3.3.1, venv-openstack-monasca-2.7.1~dev10-3.3.1, venv-openstack-monasca-ceilometer-1.8.2~dev3-3.3.1, venv-openstack-neutron-13.0.4~dev89-6.3.1, venv-openstack-nova-18.2.2~dev9-3.3.1, venv-openstack-octavia-3.1.2~dev2-4.3.1, venv-openstack-sahara-9.0.2~dev9-3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
@Robert Can you agree that this has been addressed and can be closed? https://build.suse.de/package/show/Devel:Cloud:9/grafana shows SOC 9 was updated to 5.3.3 https://build.suse.de/package/show/Devel:Cloud:8/grafana is 4.6.5 as is https://build.suse.de/package/show/Devel:Cloud:7/grafana
SUSE-SU-2019:2671-1: An update that solves 6 vulnerabilities and has 17 fixes is now available. Category: security (moderate) Bug References: 1019074,1052286,1106515,1108033,1115960,1118159,1118900,1120657,1127558,1128954,1128987,1131053,1131961,1132860,1133719,1133722,1136784,1143475,1145796,1145867,1148383,1150895,1152916 CVE References: CVE-2016-10127,CVE-2018-15727,CVE-2018-19039,CVE-2018-558213,CVE-2019-15043,CVE-2019-5477 Sources used: SUSE OpenStack Cloud 7 (src): crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1, crowbar-openstack-4.0+git.1569429513.e7016b2b6-9.59.1, grafana-4.6.5-1.11.2, novnc-1.0.0-12.1, openstack-keystone-10.0.3~dev9-7.18.2, openstack-keystone-doc-10.0.3~dev9-7.18.2, openstack-neutron-9.4.2~dev21-7.32.1, openstack-neutron-doc-9.4.2~dev21-7.32.1, openstack-neutron-lbaas-9.2.2~dev11-4.18.3, openstack-neutron-lbaas-doc-9.2.2~dev11-4.18.3, openstack-nova-14.0.11~dev13-4.34.3, openstack-nova-doc-14.0.11~dev13-4.34.2, openstack-tempest-12.2.1~a0~dev177-4.6.3, python-pysaml2-4.0.2-3.11.3, python-urllib3-1.16-3.9.2, rubygem-chef-10.32.2-5.12.1, rubygem-easy_diff-1.0.0-3.3.1, sleshammer-0.7.0-0.18.12.3 SUSE Enterprise Storage 4 (src): crowbar-core-4.0+git.1570463621.40b11cd48-9.54.1, rubygem-chef-10.32.2-5.12.1, rubygem-easy_diff-1.0.0-3.3.1, sleshammer-0.7.0-0.18.12.3 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2019:2867-1: An update that solves 11 vulnerabilities and has 10 fixes is now available. Category: security (moderate) Bug References: 1019074,1096985,1106515,1115960,1116846,1118900,1120657,1125893,1126088,1132593,1132666,1136035,1141121,1141676,1143215,1145796,1146578,1148158,1148383,1150895,917802 CVE References: CVE-2015-3448,CVE-2016-10127,CVE-2018-15727,CVE-2018-19039,CVE-2018-558213,CVE-2019-13611,CVE-2019-15043,CVE-2019-2614,CVE-2019-2627,CVE-2019-2628,CVE-2019-5477 Sources used: SUSE OpenStack Cloud Crowbar 8 (src): crowbar-core-5.0+git.1569597589.1f025c557-3.32.2, crowbar-ha-5.0+git.1567673535.607aada-3.26.2, crowbar-openstack-5.0+git.1570141351.058c8bd44-4.31.2, crowbar-ui-1.2.0+git.1568396400.0344a727-3.12.3, galera-3-25.3.25-4.6.3, grafana-4.6.5-4.6.3, mariadb-10.2.25-4.14.2, mariadb-connector-c-3.1.2-3.12.3, novnc-1.0.0-3.6.3, openstack-cinder-11.2.3~dev16-3.21.4, openstack-cinder-doc-11.2.3~dev16-3.21.3, openstack-glance-15.0.3~dev3-3.12.4, openstack-glance-doc-15.0.3~dev3-3.12.3, openstack-heat-9.0.8~dev13-3.24.4, openstack-heat-doc-9.0.8~dev13-3.24.3, openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4, openstack-keystone-12.0.4~dev4-5.27.4, openstack-keystone-doc-12.0.4~dev4-5.27.3, openstack-monasca-installer-20190923_16.32-3.9.3, openstack-neutron-11.0.9~dev51-3.24.5, openstack-neutron-doc-11.0.9~dev51-3.24.4, openstack-neutron-gbp-7.3.1~dev56-3.9.4, openstack-neutron-lbaas-11.0.4~dev6-3.15.4, openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4, openstack-nova-16.1.9~dev7-3.29.3, openstack-nova-doc-16.1.9~dev7-3.29.3, python-amqp-2.2.2-3.6.3, python-ovs-2.7.2-3.6.1, python-pysaml2-4.0.2-5.3.3, python-urllib3-1.22-5.9.3, release-notes-suse-openstack-cloud-8.20190911-3.20.3, rubygem-easy_diff-1.0.0-3.4.2 SUSE OpenStack Cloud 8 (src): ardana-ansible-8.0+git.1566374355.c509923-3.67.3, ardana-glance-8.0+git.1566376789.be0fe01-3.17.3, ardana-horizon-8.0+git.1565816064.5d4f73f-3.18.3, ardana-input-model-8.0+git.1566517401.98450e6-3.33.3, ardana-manila-8.0+git.1568835837.2452e7a-1.21.3, ardana-neutron-8.0+git.1568220097.74ee4b4-3.33.3, ardana-nova-8.0+git.1566902754.c58ff69-3.35.3, ardana-octavia-8.0+git.1568373448.bcaee7e-3.20.3, ardana-tempest-8.0+git.1566471887.fd2fec7-3.27.3, galera-3-25.3.25-4.6.3, grafana-4.6.5-4.6.3, mariadb-10.2.25-4.14.2, mariadb-connector-c-3.1.2-3.12.3, novnc-1.0.0-3.6.3, openstack-cinder-11.2.3~dev16-3.21.4, openstack-cinder-doc-11.2.3~dev16-3.21.3, openstack-glance-15.0.3~dev3-3.12.4, openstack-glance-doc-15.0.3~dev3-3.12.3, openstack-heat-9.0.8~dev13-3.24.4, openstack-heat-doc-9.0.8~dev13-3.24.3, openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4, openstack-keystone-12.0.4~dev4-5.27.4, openstack-keystone-doc-12.0.4~dev4-5.27.3, openstack-monasca-installer-20190923_16.32-3.9.3, openstack-neutron-11.0.9~dev51-3.24.5, openstack-neutron-doc-11.0.9~dev51-3.24.4, openstack-neutron-gbp-7.3.1~dev56-3.9.4, openstack-neutron-lbaas-11.0.4~dev6-3.15.4, openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4, openstack-nova-16.1.9~dev7-3.29.3, openstack-nova-doc-16.1.9~dev7-3.29.3, python-amqp-2.2.2-3.6.3, python-ovs-2.7.2-3.6.1, python-pysaml2-4.0.2-5.3.3, python-python-engineio-2.0.2-3.3.3, python-urllib3-1.22-5.9.3, release-notes-suse-openstack-cloud-8.20190911-3.20.3, venv-openstack-aodh-5.1.1~dev7-12.20.2, venv-openstack-barbican-5.0.2~dev3-12.21.2, venv-openstack-ceilometer-9.0.8~dev7-12.18.2, venv-openstack-cinder-11.2.3~dev16-14.21.2, venv-openstack-designate-5.0.3~dev7-12.19.2, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.16.2, venv-openstack-glance-15.0.3~dev3-12.19.2, venv-openstack-heat-9.0.8~dev13-12.21.2, venv-openstack-horizon-12.0.4~dev6-14.26.2, venv-openstack-ironic-9.1.8~dev7-12.21.2, venv-openstack-keystone-12.0.4~dev4-11.22.3, venv-openstack-magnum-5.0.2_5.0.2_5.0.2~dev31-11.20.2, venv-openstack-manila-5.1.1~dev2-12.23.2, venv-openstack-monasca-2.2.2~dev1-11.18.2, venv-openstack-monasca-ceilometer-1.5.1_1.5.1_1.5.1~dev3-8.16.2, venv-openstack-murano-4.0.2~dev2-12.16.2, venv-openstack-neutron-11.0.9~dev51-13.24.3, venv-openstack-nova-16.1.9~dev7-11.22.3, venv-openstack-octavia-1.0.6~dev2-12.21.2, venv-openstack-sahara-7.0.4~dev1-11.20.2, venv-openstack-swift-2.15.2-11.13.3, venv-openstack-trove-8.0.1~dev13-11.20.2 HPE Helion Openstack 8 (src): ardana-ansible-8.0+git.1566374355.c509923-3.67.3, ardana-glance-8.0+git.1566376789.be0fe01-3.17.3, ardana-horizon-8.0+git.1565816064.5d4f73f-3.18.3, ardana-input-model-8.0+git.1566517401.98450e6-3.33.3, ardana-manila-8.0+git.1568835837.2452e7a-1.21.3, ardana-neutron-8.0+git.1568220097.74ee4b4-3.33.3, ardana-nova-8.0+git.1566902754.c58ff69-3.35.3, ardana-octavia-8.0+git.1568373448.bcaee7e-3.20.3, ardana-tempest-8.0+git.1566471887.fd2fec7-3.27.3, galera-3-25.3.25-4.6.3, grafana-4.6.5-4.6.3, mariadb-10.2.25-4.14.2, mariadb-connector-c-3.1.2-3.12.3, novnc-1.0.0-3.6.3, openstack-cinder-11.2.3~dev16-3.21.4, openstack-cinder-doc-11.2.3~dev16-3.21.3, openstack-glance-15.0.3~dev3-3.12.4, openstack-glance-doc-15.0.3~dev3-3.12.3, openstack-heat-9.0.8~dev13-3.24.4, openstack-heat-doc-9.0.8~dev13-3.24.3, openstack-horizon-plugin-neutron-vpnaas-ui-1.0.1~dev3-3.6.4, openstack-keystone-12.0.4~dev4-5.27.4, openstack-keystone-doc-12.0.4~dev4-5.27.3, openstack-monasca-installer-20190923_16.32-3.9.3, openstack-neutron-11.0.9~dev51-3.24.5, openstack-neutron-doc-11.0.9~dev51-3.24.4, openstack-neutron-gbp-7.3.1~dev56-3.9.4, openstack-neutron-lbaas-11.0.4~dev6-3.15.4, openstack-neutron-lbaas-doc-11.0.4~dev6-3.15.4, openstack-nova-16.1.9~dev7-3.29.3, openstack-nova-doc-16.1.9~dev7-3.29.3, python-amqp-2.2.2-3.6.3, python-pysaml2-4.0.2-5.3.3, python-python-engineio-2.0.2-3.3.3, python-urllib3-1.22-5.9.3, release-notes-hpe-helion-openstack-8.20190911-3.20.3, venv-openstack-aodh-5.1.1~dev7-12.20.2, venv-openstack-barbican-5.0.2~dev3-12.21.2, venv-openstack-ceilometer-9.0.8~dev7-12.18.2, venv-openstack-cinder-11.2.3~dev16-14.21.2, venv-openstack-designate-5.0.3~dev7-12.19.2, venv-openstack-freezer-5.0.0.0~xrc2~dev2-10.16.2, venv-openstack-glance-15.0.3~dev3-12.19.2, venv-openstack-heat-9.0.8~dev13-12.21.2, venv-openstack-horizon-hpe-12.0.4~dev6-14.26.2, venv-openstack-ironic-9.1.8~dev7-12.21.2, venv-openstack-keystone-12.0.4~dev4-11.22.3, venv-openstack-magnum-5.0.2_5.0.2_5.0.2~dev31-11.20.2, venv-openstack-manila-5.1.1~dev2-12.23.2, venv-openstack-monasca-2.2.2~dev1-11.18.2, venv-openstack-monasca-ceilometer-1.5.1_1.5.1_1.5.1~dev3-8.16.2, venv-openstack-murano-4.0.2~dev2-12.16.2, venv-openstack-neutron-11.0.9~dev51-13.24.3, venv-openstack-nova-16.1.9~dev7-11.22.3, venv-openstack-octavia-1.0.6~dev2-12.21.2, venv-openstack-sahara-7.0.4~dev1-11.20.2, venv-openstack-swift-2.15.2-11.13.3, venv-openstack-trove-8.0.1~dev13-11.20.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
ses5 is eol , rest is released
ses5 is NOT EOL. sorry for this. as far as I see however Grafana is not thart relevant for SES5, so we can skip it
SUSE-SU-2020:1273-1: An update that fixes 6 vulnerabilities is now available. Category: security (moderate) Bug References: 1096985,1106515,1115960,1139862,1148383,1167424 CVE References: CVE-2018-12099,CVE-2018-15727,CVE-2018-19039,CVE-2018-558213,CVE-2019-13068,CVE-2019-15043 Sources used: SUSE Enterprise Storage 5 (src): grafana-4.6.5-3.10.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
This is an autogenerated message for OBS integration: This bug (1115960) was mentioned in https://build.opensuse.org/request/show/838812 Backports:SLE-15 / grafana https://build.opensuse.org/request/show/838813 Backports:SLE-15-SP1 / grafana
openSUSE-SU-2020:1611-1: An update that fixes four vulnerabilities is now available. Category: security (moderate) Bug References: 1044444,1044933,1115960,1170557 CVE References: CVE-2018-19039,CVE-2019-15043,CVE-2020-12245,CVE-2020-13379 JIRA References: Sources used: openSUSE Backports SLE-15-SP1 (src): grafana-7.1.5-bp151.2.1
SUSE-SU-2021:1962-1: An update that fixes 23 vulnerabilities, contains two features is now available. Category: security (moderate) Bug References: 1044849,1048688,1115960,1148383,1170657,1171909,1172409,1172450,1174583,1178243,1179805,1181277,1181278,1181689,1181690,1182317,1182433,1183174,1183803,1184148,1185623,1186608,1186611 CVE References: CVE-2017-11481,CVE-2017-11499,CVE-2018-18623,CVE-2018-18624,CVE-2018-18625,CVE-2018-19039,CVE-2019-15043,CVE-2019-25025,CVE-2020-10743,CVE-2020-11110,CVE-2020-12052,CVE-2020-13379,CVE-2020-17516,CVE-2020-24303,CVE-2020-29651,CVE-2021-21238,CVE-2021-21239,CVE-2021-23336,CVE-2021-27358,CVE-2021-28658,CVE-2021-31542,CVE-2021-33203,CVE-2021-33571 JIRA References: SOC-10357,SOC-11453 Sources used: SUSE OpenStack Cloud Crowbar 9 (src): cassandra-3.11.10-3.3.3, crowbar-openstack-6.0+git.1616146717.a89ae0f4e-3.34.4, grafana-6.7.4-3.23.2, kibana-4.6.6-4.9.2, openstack-dashboard-14.1.1~dev11-3.24.6, openstack-ironic-11.1.5~dev17-3.25.5, openstack-neutron-13.0.8~dev164-3.37.4, openstack-neutron-gbp-12.0.1~dev29-3.25.3, openstack-nova-18.3.1~dev82-3.37.6, python-Django1-1.11.29-3.25.1, python-elementpath-1.3.1-1.3.2, python-py-1.5.4-3.3.2, python-pysaml2-4.5.0-4.6.2, python-xmlschema-1.0.18-1.3.2, rubygem-activerecord-session_store-0.1.2-4.3.2 SUSE OpenStack Cloud 9 (src): ardana-neutron-9.0+git.1615223676.777f0b3-3.25.2, ardana-swift-9.0+git.1618235096.90974ed-3.10.2, cassandra-3.11.10-3.3.3, grafana-6.7.4-3.23.2, kibana-4.6.6-4.9.2, openstack-dashboard-14.1.1~dev11-3.24.6, openstack-ironic-11.1.5~dev17-3.25.5, openstack-neutron-13.0.8~dev164-3.37.4, openstack-neutron-gbp-12.0.1~dev29-3.25.3, openstack-nova-18.3.1~dev82-3.37.6, python-Django1-1.11.29-3.25.1, python-elementpath-1.3.1-1.3.2, python-py-1.5.4-3.3.2, python-pysaml2-4.5.0-4.6.2, python-xmlschema-1.0.18-1.3.2, venv-openstack-barbican-7.0.1~dev24-3.23.1, venv-openstack-cinder-13.0.10~dev20-3.26.1, venv-openstack-designate-7.0.2~dev2-3.23.1, venv-openstack-glance-17.0.1~dev30-3.21.1, venv-openstack-heat-11.0.4~dev4-3.23.1, venv-openstack-horizon-14.1.1~dev11-4.27.3, venv-openstack-ironic-11.1.5~dev17-4.21.2, venv-openstack-keystone-14.2.1~dev4-3.24.3, venv-openstack-magnum-7.2.1~dev1-4.23.1, venv-openstack-manila-7.4.2~dev60-3.29.1, venv-openstack-monasca-2.7.1~dev10-3.21.1, venv-openstack-monasca-ceilometer-1.8.2~dev3-3.23.2, venv-openstack-neutron-13.0.8~dev164-6.27.3, venv-openstack-nova-18.3.1~dev82-3.27.3, venv-openstack-octavia-3.2.3~dev7-4.23.1, venv-openstack-sahara-9.0.2~dev15-3.23.1, venv-openstack-swift-2.19.2~dev48-2.18.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.