[ALSA-2020:4682] Moderate: grafana security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2021-11-12
Description:
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. The following packages have been upgraded to a later upstream version: grafana (6.7.4). (BZ#1807323) Security Fix(es): * grafana: XSS vulnerability via a column style on the "Dashboard > Table Panel" screen (CVE-2018-18624) * grafana: arbitrary file read via MySQL data source (CVE-2019-19499) * grafana: stored XSS (CVE-2020-11110) * grafana: XSS annotation popup vulnerability (CVE-2020-12052) * grafana: XSS via column.title or cellLinkTooltip (CVE-2020-12245) * grafana: information disclosure through world-readable /var/lib/grafana/grafana.db (CVE-2020-12458) * grafana: information disclosure through world-readable grafana configuration files (CVE-2020-12459) * grafana: XSS via the OpenTSDB datasource (CVE-2020-13430) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
x86_64 grafana-prometheus-6.7.4-3.el8.x86_64.rpm 0c02c31ec3b25adbfbdcf07381492ee5ab1e8785e6c720f68d7c1b6a66aad45e
x86_64 grafana-elasticsearch-6.7.4-3.el8.x86_64.rpm 28142b8263b12377d54fc721c40627e2377813e7187307a3cd41bc8da81c502c
x86_64 grafana-stackdriver-6.7.4-3.el8.x86_64.rpm 3f058e69f074dcaf3708f589df9042d45dd63c36f7f873f0d21dbdb11f1b375a
x86_64 grafana-influxdb-6.7.4-3.el8.x86_64.rpm 4c451ecb0110fbbeff246a7677486c9f0af9979cbc368fc90b7f664717e65499
x86_64 grafana-mysql-6.7.4-3.el8.x86_64.rpm 5aa292e8638322196e0a181d76cb15826ddbc080924d25fd5dcfcbd3e8f56d58
x86_64 grafana-azure-monitor-6.7.4-3.el8.x86_64.rpm 6510ab1fad0167e0e7a2d6b0f20c6703f32482a344bae12d4fc6db034b9cc3f8
x86_64 grafana-cloudwatch-6.7.4-3.el8.x86_64.rpm 90f52b9d5a79cca87945c7d874f7c41df3cf87d2975a38a42bb6155728748c24
x86_64 grafana-opentsdb-6.7.4-3.el8.x86_64.rpm 91a4ee720fa0ae4f18b0476cf0bc8ffdf7cbba9c43c95de9a86c499097d33d23
x86_64 grafana-mssql-6.7.4-3.el8.x86_64.rpm 9907b385319886f9825aac007804930af8589dfdbb0b57cb4a14a3e4c731090a
x86_64 grafana-loki-6.7.4-3.el8.x86_64.rpm d5f1d49c82be86fe4f992c6e69b894479de5dd2c50a163ac72e5456fa948991f
x86_64 grafana-6.7.4-3.el8.x86_64.rpm e04f3102b5c67711ac1dd0afb6ebbdb0d7b115df9bd03c409cc40bd030241cd3
x86_64 grafana-postgres-6.7.4-3.el8.x86_64.rpm e9a5ea828cd31cda6f7bdd424581693afddf4c4f849857d88c48a9636fef8879
x86_64 grafana-graphite-6.7.4-3.el8.x86_64.rpm fa0591ddca9cbb7a4e2be92e19f102d84665f8206dde32da1827e884fa0b27cc
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.