openSUSE Security Update: Security update for grafana
______________________________________________________________________________
Announcement ID: openSUSE-SU-2020:1611-1
Rating: moderate
References: #1044444 #1044933 #1115960 #1170557
Cross-References: CVE-2018-19039 CVE-2019-15043 CVE-2020-12245
CVE-2020-13379
Affected Products:
openSUSE Backports SLE-15-SP1
______________________________________________________________________________
An update that fixes four vulnerabilities is now available.
Description:
This update for grafana fixes the following issues:
grafana was updated to version 7.1.5:
* Features / Enhancements
– Stats: Stop counting the same user multiple times.
– Field overrides: Filter by field name using regex.
– AzureMonitor: map more units.
– Explore: Don’t run queries on datasource change.
– Graph: Support setting field unit & override data source (automatic)
unit.
– Explore: Unification of logs/metrics/traces user interface
– Table: JSON Cell should try to convert strings to JSON
– Variables: enables cancel for slow query variables queries.
– TimeZone: unify the time zone pickers to one that can rule them all.
– Search: support URL query params.
– Grafana-UI: Add FileUpload.
– TablePanel: Sort numbers correctly.
* Bug fixes
– Alerting: remove LongToWide call in alerting.
– AzureMonitor: fix panic introduced in 7.1.4 when unit was
unspecified and alias was used.
– Variables: Fixes issue with All variable not being resolved.
– Templating: Fixes so texts show in picker not the values.
– Templating: Templating: Fix undefined result when using raw
interpolation format
– TextPanel: Fix content overflowing panel boundaries.
– StatPanel: Fix stat panel display name not showing when explicitly
set.
– Query history: Fix search filtering if null value.
– Flux: Ensure connections to InfluxDB are closed.
– Dashboard: Fix for viewer can enter panel edit mode by modifying url
(but cannot not save anything).
– Prometheus: Fix prom links in mixed mode.
– Sign In Use correct url for the Sign In button.
– StatPanel: Fixes issue with name showing for single series / field
results
– BarGauge: Fix space bug in single series mode.
– Auth: Fix POST request failures with anonymous access
– Templating: Fix recursive loop of template variable queries when
changing ad-hoc-variable
– Templating: Fixed recursive queries triggered when switching
dashboard settings view
– GraphPanel: Fix annotations overflowing panels.
– Prometheus: Fix performance issue in processing of histogram labels.
– Datasources: Handle URL parsing error.
– Security: Use Header.Set and Header.Del for X-Grafana-User header.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
– openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-1611=1
Package List:
– openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):
grafana-7.1.5-bp151.2.1
References:
https://www.suse.com/security/cve/CVE-2018-19039.html
https://www.suse.com/security/cve/CVE-2019-15043.html
https://www.suse.com/security/cve/CVE-2020-12245.html
https://www.suse.com/security/cve/CVE-2020-13379.html
https://bugzilla.suse.com/1044444
https://bugzilla.suse.com/1044933
https://bugzilla.suse.com/1115960
https://bugzilla.suse.com/1170557
—
To unsubscribe, e-mail: opensuse-security-announce+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-security-announce+help@opensuse.org