8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
An update that fixes four vulnerabilities is now available.
Description:
This update for grafana fixes the following issues:
grafana was updated to version 7.1.5:
* Features / Enhancements
- Stats: Stop counting the same user multiple times.
- Field overrides: Filter by field name using regex.
- AzureMonitor: map more units.
- Explore: Don't run queries on datasource change.
- Graph: Support setting field unit & override data source (automatic)
unit.
- Explore: Unification of logs/metrics/traces user interface
- Table: JSON Cell should try to convert strings to JSON
- Variables: enables cancel for slow query variables queries.
- TimeZone: unify the time zone pickers to one that can rule them all.
- Search: support URL query params.
- Grafana-UI: Add FileUpload.
- TablePanel: Sort numbers correctly.
* Bug fixes
- Alerting: remove LongToWide call in alerting.
- AzureMonitor: fix panic introduced in 7.1.4 when unit was
unspecified and alias was used.
- Variables: Fixes issue with All variable not being resolved.
- Templating: Fixes so texts show in picker not the values.
- Templating: Templating: Fix undefined result when using raw
interpolation format
- TextPanel: Fix content overflowing panel boundaries.
- StatPanel: Fix stat panel display name not showing when explicitly
set.
- Query history: Fix search filtering if null value.
- Flux: Ensure connections to InfluxDB are closed.
- Dashboard: Fix for viewer can enter panel edit mode by modifying url
(but cannot not save anything).
- Prometheus: Fix prom links in mixed mode.
- Sign In Use correct url for the Sign In button.
- StatPanel: Fixes issue with name showing for single series / field
results
- BarGauge: Fix space bug in single series mode.
- Auth: Fix POST request failures with anonymous access
- Templating: Fix recursive loop of template variable queries when
changing ad-hoc-variable
- Templating: Fixed recursive queries triggered when switching
dashboard settings view
- GraphPanel: Fix annotations overflowing panels.
- Prometheus: Fix performance issue in processing of histogram labels.
- Datasources: Handle URL parsing error.
- Security: Use Header.Set and Header.Del for X-Grafana-User header.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Backports SLE-15-SP1:
zypper in -t patch openSUSE-2020-1611=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Backports SLE | 15-SP1 | aarch64 | - opensuse backports sle | < 15-SP1 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):.aarch64.rpm |
openSUSE Backports SLE | 15-SP1 | ppc64le | - opensuse backports sle | < 15-SP1 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm |
openSUSE Backports SLE | 15-SP1 | s390x | - opensuse backports sle | < 15-SP1 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):.s390x.rpm |
openSUSE Backports SLE | 15-SP1 | x86_64 | - opensuse backports sle | < 15-SP1 (aarch64 ppc64le s390x x86_64): | - openSUSE Backports SLE-15-SP1 (aarch64 ppc64le s390x x86_64):.x86_64.rpm |
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P