SUSE-SU-2025:0623-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-20250623-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0623-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:0623-1
Related
Published
2025-02-21T11:00:07Z
Modified
2025-05-02T04:36:17.013658Z
Upstream
  • CVE-2024-11741
Summary
Security update for grafana
Details

This update for grafana fixes the following issues:

grafana was updated from version 10.4.13 to 10.4.15:

  • Security issues fixed:
    • CVE-2024-45339: Fixed vulnerability when creating log files (bsc#1236559)
    • CVE-2024-11741: Fixed the Grafana Alerting VictorOps integration (bsc#1236734)
    • CVE-2025-21613: Removed vulnerable library github.com/go-git/go-git/v5 (bsc#1235574)
    • CVE-2024-28180: Fixed improper handling of highly compressed data (bsc#1235206)
  • Other bugs fixed and changes:
    • Alerting: Do not fetch Orgs if the user is authenticated by apikey/sa or render key
    • Added provisioning directories
    • Use /bin/bash in wrapper scripts
References

Affected packages

SUSE:Linux Enterprise Module for Package Hub 15 SP6 / grafana

Package

Name
grafana
Purl
pkg:rpm/suse/grafana&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.4.15-150200.3.64.1

Ecosystem specific 

{
    "binaries": [
        {
            "grafana": "10.4.15-150200.3.64.1"
        }
    ]
}

openSUSE:Leap 15.6 / grafana

Package

Name
grafana
Purl
pkg:rpm/opensuse/grafana&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
10.4.15-150200.3.64.1

Ecosystem specific 

{
    "binaries": [
        {
            "grafana": "10.4.15-150200.3.64.1"
        }
    ]
}