Stay Connected:

ELSA-2020-4682

ELSA-2020-4682 - grafana security, bug fix, and enhancement update

Type:SECURITY
Severity:MODERATE
Release Date:2020-11-10

Description


[6.7.4-3]
- apply patch for CVE-2020-13430 also to sources, not only to compiled webpack

[6.7.4-2]
- security fix for CVE-2020-13430

[6.7.4-1]
- update to 6.7.4 tagged upstream community sources, see CHANGELOG
- security fix for CVE-2020-13379

[6.7.3-1]
- update to 6.7.3 tagged upstream community sources, see CHANGELOG
- add scripts to list Go dependencies and bundled npmjs dependencies
- set Grafana version in Grafana UI and grafana-cli --version
- declare README.md as documentation of datasource plugins
- create grafana.db on first installation (fixes RH BZ #1805472)
- change permissions of /var/lib/grafana to 750 (CVE-2020-12458)
- change permissions of /var/lib/grafana/grafana.db to 640 and
user/group grafana:grafana (CVE-2020-12458)
- change permissions of grafana.ini and ldap.toml to 640 (CVE-2020-12459)

[6.6.2-1]
- added patch0 to set the version string correctly
- removed patch 004-xerrors.patch, its now upstream
- added several patches for golang vendored vrs build dep differences
- added patch to move grafana-cli binary to libexec dir
- update to 6.6.2 tagged upstream community sources, see CHANGELOG


Related CVEs


CVE-2019-19499
CVE-2020-12052
CVE-2020-12245
CVE-2020-12458
CVE-2020-12459
CVE-2018-18624
CVE-2020-11110
CVE-2020-13430

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) grafana-6.7.4-3.el8.src.rpmcfbb542c192328636d86768d3d75034a-
grafana-6.7.4-3.el8.aarch64.rpmeb5bfee9c74964571f0f7d51cd43f1b3-
grafana-azure-monitor-6.7.4-3.el8.aarch64.rpm7b5737503ce04e1058d2da6c9aae7e95-
grafana-cloudwatch-6.7.4-3.el8.aarch64.rpma5fc6cb4b7da5978fa300ddcedc4dc95-
grafana-elasticsearch-6.7.4-3.el8.aarch64.rpm4d5f8cd4f32bf10448b943047fc4dc30-
grafana-graphite-6.7.4-3.el8.aarch64.rpmaea3d5a09bd034e69ef479efcfaa1a7d-
grafana-influxdb-6.7.4-3.el8.aarch64.rpmccb4eb4fc1bf9a50e2bcf74861a38c23-
grafana-loki-6.7.4-3.el8.aarch64.rpma124c323a6ed631516c313ad3eb091a0-
grafana-mssql-6.7.4-3.el8.aarch64.rpm512de79077636b40d99167536fa69743-
grafana-mysql-6.7.4-3.el8.aarch64.rpm705d0bdf111b7c70a69c6c0b19d3e71a-
grafana-opentsdb-6.7.4-3.el8.aarch64.rpmab06a30e188523a7930c42d73b45cca7-
grafana-postgres-6.7.4-3.el8.aarch64.rpm99db2d692bfe685e4634c26f9bd5c5fb-
grafana-prometheus-6.7.4-3.el8.aarch64.rpmad140bdb4323eb7b345575c403838921-
grafana-stackdriver-6.7.4-3.el8.aarch64.rpmb6768f30df150878406d2066961c5776-
Oracle Linux 8 (x86_64) grafana-6.7.4-3.el8.src.rpmcfbb542c192328636d86768d3d75034a-
grafana-6.7.4-3.el8.x86_64.rpmbbf4e807fbc8083f0f397b1284a3d7ec-
grafana-azure-monitor-6.7.4-3.el8.x86_64.rpm0c9588878df1c5aba0e157da67d94d27-
grafana-cloudwatch-6.7.4-3.el8.x86_64.rpm9cf05bc5ee938327f309d1c731315e86-
grafana-elasticsearch-6.7.4-3.el8.x86_64.rpme4b167727da92339bb7d690082d57591-
grafana-graphite-6.7.4-3.el8.x86_64.rpmdf09aee5a64c29d40c3321607182df2c-
grafana-influxdb-6.7.4-3.el8.x86_64.rpmfe7c3b2c19c05057c235a75ad0246b01-
grafana-loki-6.7.4-3.el8.x86_64.rpm75ae64882bc9ad3146678ade52997393-
grafana-mssql-6.7.4-3.el8.x86_64.rpm3a46cb9ac2d6022b3a41548889073294-
grafana-mysql-6.7.4-3.el8.x86_64.rpm7c5ee666142017a3332b9014a7f388e4-
grafana-opentsdb-6.7.4-3.el8.x86_64.rpme9a0a92813b3c66964207c7101b95097-
grafana-postgres-6.7.4-3.el8.x86_64.rpm06001c54085413cc94eaa7b8c600782d-
grafana-prometheus-6.7.4-3.el8.x86_64.rpmf735278b57c783c1dc11c2f72f49e17c-
grafana-stackdriver-6.7.4-3.el8.x86_64.rpm89d7bd42298266716020264b07eb24eb-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights