Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2020-1659

Опубликовано: 05 мая 2020
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2020-1659: grafana security, bug fix, and enhancement update (MODERATE)

[6.3.6-1]

  • add weak depenency on grafana-pcp
  • add patch to mute shellcheck SC1090 for grafana-cli
  • update to 6.3.6 upstream community sources, see CHANGELOG

[6.3.5-1]

  • drop uaparser patch now its upstream
  • add xerrors patch, see https://github.com/golang/go/issues/32246
  • use vendor sources on rawhide until modules are fully supported
  • update to latest upstream community sources, see CHANGELOG

[6.3.4-1]

  • include fix for CVE-2019-15043
  • add patch for uaparser on 32bit systems
  • update to latest upstream community sources, see CHANGELOG

[6.2.5-1]

  • update to latest upstream community sources, see CHANGELOG

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

grafana

6.3.6-1.el8

grafana-azure-monitor

6.3.6-1.el8

grafana-cloudwatch

6.3.6-1.el8

grafana-elasticsearch

6.3.6-1.el8

grafana-graphite

6.3.6-1.el8

grafana-influxdb

6.3.6-1.el8

grafana-loki

6.3.6-1.el8

grafana-mssql

6.3.6-1.el8

grafana-mysql

6.3.6-1.el8

grafana-opentsdb

6.3.6-1.el8

grafana-postgres

6.3.6-1.el8

grafana-prometheus

6.3.6-1.el8

grafana-stackdriver

6.3.6-1.el8

Oracle Linux x86_64

grafana

6.3.6-1.el8

grafana-azure-monitor

6.3.6-1.el8

grafana-cloudwatch

6.3.6-1.el8

grafana-elasticsearch

6.3.6-1.el8

grafana-graphite

6.3.6-1.el8

grafana-influxdb

6.3.6-1.el8

grafana-loki

6.3.6-1.el8

grafana-mssql

6.3.6-1.el8

grafana-mysql

6.3.6-1.el8

grafana-opentsdb

6.3.6-1.el8

grafana-postgres

6.3.6-1.el8

grafana-prometheus

6.3.6-1.el8

grafana-stackdriver

6.3.6-1.el8

Связанные CVE

CVE-2019-15043

Ссылки на источники

Связанные уязвимости

ubuntu логотип

CVE-2019-15043

CVSS3: 7.5
ubuntu
почти 6 лет назад

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.

redhat логотип

CVE-2019-15043

CVSS3: 4.3
redhat
почти 6 лет назад

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.

nvd логотип

CVE-2019-15043

CVSS3: 7.5
nvd
почти 6 лет назад

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.

debian логотип

CVE-2019-15043

CVSS3: 7.5
debian
почти 6 лет назад

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow u ...

github логотип

GHSA-c6x5-653c-4grh

CVSS3: 7.5
github
около 3 лет назад

In Grafana 2.x through 6.x before 6.3.4, parts of the HTTP API allow unauthenticated use. This makes it possible to run a denial of service attack against the server running Grafana.