| Revision Date: | 2018-08-28 | Version: | 1 | | Title: | Security update for grafana, kafka, logstash and monasca-installer (Moderate) | | Description: |
This update for grafana, kafka, logstash and monasca-installer fixes the following issues:
The following security issues have been fixed:
grafana:
- CVE-2018-12099: Fix Cross-Site-Scripting (XSS) vulnerabilities in dashboard links. (bsc#1096985)
kafka:
- CVE-2018-1288: Authenticated Kafka users may perform action reserved for the Broker via a manually created fetch request interfering with data replication, resulting in data loss. (bsc#1102920)
logstash:
- CVE-2018-3817: Fix potential leak of sensitive data when logging warnings about deprecated options. (bsc#1090849)
Additionally, the following non-security issues have been fixed:
monasca-installer:
- Add complete set of elasticsearch performance tunables. - Update to version Build_20180427_14.04 (bsc#1090192, bsc#1090343) - Fix bad elasticsearch-curator configuration. (bsc#1090192) - Enable bootstrap.memory_lock for Elasticsearch. (bsc#1090343)
logstash:
- Declare Gemfile as config to prevent loss of installed plugins when updating. - Stop installing prebuilt jruby for non-x86.
kafka:
- Update to version 0.10.2.2 (bsc#1102920, CVE-2018-1288) - Add noreplace directive for /etc/kafka/server.properties. - Reduce package ownership of tmpfiles.d to bare minium. (SLE12 SP2) - Set log rotation options. (bsc#1094448) - Disable jmxremote debugging. (bsc#1095603) - Increase open file limits. (bsc#1086909)
| | Family: | unix | Class: | patch | | Status: | | Reference(s): | 1086909
1090192
1090343
1090849
1094448
1095603
1096985
1102920
CVE-2018-12099
CVE-2018-1288
CVE-2018-3817
SUSE-SU-2018:2536-1
| | Platform(s): | SUSE OpenStack Cloud 7
| Product(s): | | | Definition Synopsis | | SUSE OpenStack Cloud 7 is installed AND Package Information
grafana-4.5.1-1.8.1 is installed
OR kafka-0.10.2.2-5.1 is installed
OR logstash-2.4.1-5.1 is installed
OR monasca-installer-20180608_12.47-9.1 is installed
|
|