RHSA-2019:0019 - Security Advisory
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
The updated grafana package is now available for Red Hat Ceph Storage 3.2.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
The grafana package provides the Grafana metrics dashboard and graph editor.
- grafana: authentication bypass knowing only a username of an LDAP or OAuth user (CVE-2018-15727)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
- The grafana package has been upgraded to upstream version 5.2.4., which includes a number of bug fixes (BZ#1647494)
- Shrinking the cluster size no longer causes the Red Hat Ceph Storage Dashboard to display the error message Templating init failed (BZ#1653273)
For details on how to apply this update, which includes the changes described in this advisory, refer to:
- Red Hat Enterprise Linux Server 7 x86_64
- BZ - 1624088 - CVE-2018-15727 grafana: authentication bypass knowing only a username of an LDAP or OAuth user
- BZ - 1633825 - Add ceph FS support in ceph metrics
- BZ - 1647494 - Update grafana to latest for security fixes
- BZ - 1647496 - Remove golang dependency from grafana
- BZ - 1652427 - [ceph-metrics]Change password is not working
- BZ - 1653273 - Metrics dashboard is throwing "Templating init failed" error after rerunning metrics playbook
Red Hat Enterprise Linux Server 7