ELSA-2020-4682

ELSA-2020-4682 - grafana security, bug fix, and enhancement update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2020-11-10

Description

[6.7.4-3]
- apply patch for CVE-2020-13430 also to sources, not only to compiled webpack

[6.7.4-2]
- security fix for CVE-2020-13430

[6.7.4-1]
- update to 6.7.4 tagged upstream community sources, see CHANGELOG
- security fix for CVE-2020-13379

[6.7.3-1]
- update to 6.7.3 tagged upstream community sources, see CHANGELOG
- add scripts to list Go dependencies and bundled npmjs dependencies
- set Grafana version in Grafana UI and grafana-cli --version
- declare README.md as documentation of datasource plugins
- create grafana.db on first installation (fixes RH BZ #1805472)
- change permissions of /var/lib/grafana to 750 (CVE-2020-12458)
- change permissions of /var/lib/grafana/grafana.db to 640 and
user/group grafana:grafana (CVE-2020-12458)
- change permissions of grafana.ini and ldap.toml to 640 (CVE-2020-12459)

[6.6.2-1]
- added patch0 to set the version string correctly
- removed patch 004-xerrors.patch, its now upstream
- added several patches for golang vendored vrs build dep differences
- added patch to move grafana-cli binary to libexec dir
- update to 6.6.2 tagged upstream community sources, see CHANGELOG

Related CVEs

CVE-2020-12458

CVE-2020-12245

CVE-2019-19499

CVE-2020-13430

CVE-2018-18624

CVE-2020-11110

CVE-2020-12052

CVE-2020-12459

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	grafana-6.7.4-3.el8.src.rpm	b8408356e52f71a7c03f9a240d1255ce4b7429ee90fd753ac1d0d28eb2c70aeb	-	ol8_aarch64_appstream
	grafana-6.7.4-3.el8.aarch64.rpm	0863d7b7d879c3208260957db59df75479b6b9eb6ff7d2fce1b65288ebbc5c88	-	ol8_aarch64_appstream
	grafana-azure-monitor-6.7.4-3.el8.aarch64.rpm	ab7b21853aa9396446f6acaebc934d5d280f843d03d3bd11ef278b7c3ee8b97c	-	ol8_aarch64_appstream
	grafana-cloudwatch-6.7.4-3.el8.aarch64.rpm	731f7026df36db3b1dd5921cd33dbe760df7e876eaf1f46d9e7307b20c45b3f5	-	ol8_aarch64_appstream
	grafana-elasticsearch-6.7.4-3.el8.aarch64.rpm	602fd3b40f10ae49b17a9d01a02472cd256628e238ba2fb9ae79f243e2edd9a7	-	ol8_aarch64_appstream
	grafana-graphite-6.7.4-3.el8.aarch64.rpm	a2ab92b392fbd0e9ebb8764385d8e88424bc326eb20827bede5cfb462197eaa8	-	ol8_aarch64_appstream
	grafana-influxdb-6.7.4-3.el8.aarch64.rpm	f63c1ac20729ab8778723ccf1a0815805708aa5eec1a85816aba1cfb56826eda	-	ol8_aarch64_appstream
	grafana-loki-6.7.4-3.el8.aarch64.rpm	de7c728cb055619f96d926c8432dbb526640555d6b7d5ef125907ac0d745526b	-	ol8_aarch64_appstream
	grafana-mssql-6.7.4-3.el8.aarch64.rpm	7e9db73054e16147b4c5702761e78b3885a8586a5c5f3dca44367b95d3d23bbc	-	ol8_aarch64_appstream
	grafana-mysql-6.7.4-3.el8.aarch64.rpm	0ba9e0e6f21a4cb0a872fb8c6b9e4226179b098c64192b3cd501b2e1ee6cd0a1	-	ol8_aarch64_appstream
	grafana-opentsdb-6.7.4-3.el8.aarch64.rpm	60aa5e11934f357bc9b42c7477cc127ca404f2a12357a673d87e4ca310f126f1	-	ol8_aarch64_appstream
	grafana-postgres-6.7.4-3.el8.aarch64.rpm	35106584c1c54d248ddc3355a00e6017972cf2c6bf8ff60423e357671b5a61d2	-	ol8_aarch64_appstream
	grafana-prometheus-6.7.4-3.el8.aarch64.rpm	07a441020cbf8721ca71ddfe324ebf16df01fe01129652fb367e86e8f891b359	-	ol8_aarch64_appstream
	grafana-stackdriver-6.7.4-3.el8.aarch64.rpm	138a5bd9d408e777120b471760226fed0ba92e3e22af20aece33ec94d89b7d5c	-	ol8_aarch64_appstream
Oracle Linux 8 (x86_64)	grafana-6.7.4-3.el8.src.rpm	b8408356e52f71a7c03f9a240d1255ce4b7429ee90fd753ac1d0d28eb2c70aeb	-	ol8_x86_64_appstream
	grafana-6.7.4-3.el8.x86_64.rpm	09a71bb8f96a2e588955fea8de440718764252304af762b0c15eb25ca4a25a8f	-	ol8_x86_64_appstream
	grafana-azure-monitor-6.7.4-3.el8.x86_64.rpm	049ddb8c8b737661c0a6b0b0e0d5ccf0cc316fad6e8b0b9238540273fe230891	-	ol8_x86_64_appstream
	grafana-cloudwatch-6.7.4-3.el8.x86_64.rpm	5fcfc526d3d0a3c41ed1d4f0badea9ebe254f1994bf8015d787cd08525f13370	-	ol8_x86_64_appstream
	grafana-elasticsearch-6.7.4-3.el8.x86_64.rpm	8fa2bb7b38450ef67f0e2def3d9e13d47c96f940a3fa82d8e33cc3fb1fe22ea9	-	ol8_x86_64_appstream
	grafana-graphite-6.7.4-3.el8.x86_64.rpm	bd04ab9a033897219525546260d26f69d742d39d42f92fd690510eea4f747173	-	ol8_x86_64_appstream
	grafana-influxdb-6.7.4-3.el8.x86_64.rpm	08bf3d06f7d0f0fefadf9b34ea8a022ac1ef36c9e71c82564aa0617687b35624	-	ol8_x86_64_appstream
	grafana-loki-6.7.4-3.el8.x86_64.rpm	7b68fe3c963c77279a56c0f6838143f0e0953df82f5a1b82d1d9f32a54bb5632	-	ol8_x86_64_appstream
	grafana-mssql-6.7.4-3.el8.x86_64.rpm	35330a9f9f2fe42e54b0b65f78df6d1096517f4918b75ebc6957c635de3de179	-	ol8_x86_64_appstream
	grafana-mysql-6.7.4-3.el8.x86_64.rpm	feb8353e0c4c43a04c5f50faea40bbb1f7b05280d504ee5628be05413c409ef0	-	ol8_x86_64_appstream
	grafana-opentsdb-6.7.4-3.el8.x86_64.rpm	f5d04b2331c259771b5036586f72220536a288730f9cb689c4394c4a45f2ffba	-	ol8_x86_64_appstream
	grafana-postgres-6.7.4-3.el8.x86_64.rpm	32dcc2c537fb9aff2d3040951043f40f266303775e73f08a9cdd40dfbc5e33a8	-	ol8_x86_64_appstream
	grafana-prometheus-6.7.4-3.el8.x86_64.rpm	eb0709a8b35688845fd2b11e3da9fc8dfdf2b3d3c9537b671619c4405612134b	-	ol8_x86_64_appstream
	grafana-stackdriver-6.7.4-3.el8.x86_64.rpm	08ad9256cf8a0bfade677f73f4a7a81620332c612f021489d87bcfb065b7f126	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team