SUSE-SU-2018:2536-1
Vulnerability Summary
Timeline
Description
Security update for grafana, kafka, logstash and monasca-installer This update for grafana, kafka, logstash and monasca-installer fixes the following issues: The following security issues have been fixed: grafana: - CVE-2018-12099: Fix Cross-Site-Scripting (XSS) vulnerabilities in dashboard links. (bsc#1096985) kafka: - CVE-2018-1288: Authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. (bsc#1102920) logstash: - CVE-2018-3817: Fix potential leak of sensitive data when logging warnings about deprecated options. (bsc#1090849) Additionally, the following non-security issues have been fixed: monasca-installer: - Add complete set of elasticsearch performance tunables. - Update to version Build_20180427_14.04 (bsc#1090192, bsc#1090343) - Fix bad elasticsearch-curator configuration. (bsc#1090192) - Enable bootstrap.memory_lock for Elasticsearch. (bsc#1090343) logstash: - Declare Gemfile as config to prevent loss of installed plugins when updating. - Stop installing prebuilt jruby for non-x86. kafka: - Update to version 0.10.2.2 (bsc#1102920, CVE-2018-1288) - Add noreplace directive for /etc/kafka/server.properties. - Reduce package ownership of tmpfiles.d to bare minium. (SLE12 SP2) - Set log rotation options. (bsc#1094448) - Disable jmxremote debugging. (bsc#1095603) - Increase open file limits. (bsc#1086909)
Affected Systems
- suse•grafana&distro=SUSE OpenStack Cloud 7
< 4.5.1-1.8.1
- suse•kafka&distro=SUSE OpenStack Cloud 7
< 0.10.2.2-5.1
- suse•logstash&distro=SUSE OpenStack Cloud 7
< 2.4.1-5.1
- suse•monasca-installer&distro=SUSE OpenStack Cloud 7
< 20180608_12.47-9.1
References (12)
- https://www.suse.com/support/update/announcement/2018/suse-su-20182536-1/
- https://bugzilla.suse.com/1086909
- https://bugzilla.suse.com/1090192
- https://bugzilla.suse.com/1090343
- https://bugzilla.suse.com/1090849
- https://bugzilla.suse.com/1094448
- https://bugzilla.suse.com/1095603
- https://bugzilla.suse.com/1096985
- https://bugzilla.suse.com/1102920
- https://www.suse.com/security/cve/CVE-2018-12099
- https://www.suse.com/security/cve/CVE-2018-1288
- https://www.suse.com/security/cve/CVE-2018-3817