Re: Grafana version

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Finally following up on this. I missed the replies. Thank you for this. Is there any clues as to what image the original is derived from? I guess I’m looking to see if there’s a drop in replacement that would get me around these security alerts without having to build my own.

FYI, this one gets flagged as well, which seems to affect the community version:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27358

-jeremy

> On Tuesday, Jan 11, 2022 at 6:22 AM, Alfonso Martinez Hidalgo <almartin@xxxxxxxxxx (mailto:almartin@xxxxxxxxxx)> wrote:
> Hi Jeremy,
>
> Thanks for the heads up!
>
> I cannot open the provided links.
>
> AFAIK you can set a custom grafana image by running:
>
> ceph config set mgr mgr/cephadm/container_image_grafana <url-to-your-image>
>
> and then re-deploying the service. Plase see:
> https://docs.ceph.com/en/pacific/cephadm/services/monitoring/#using-custom-images
>
> Regards,
> On Tue, Jan 4, 2022 at 4:14 AM Jeremy Hansen <jeremy@xxxxxxxxxx (mailto:jeremy@xxxxxxxxxx)> wrote:
> > I’m running 16.2.7 Pacific with Cephadm. Is there a way to upgrade an individual component without breaking orchestration? I’m just trying to clean up security issues and my scanner found problems with the version of Grafana Ceph deploys:
> >
> > CVE
> > CVE-2021-28148 (https://gsa.la1.clx.corp/cve/CVE-2021-28148)
> >
> > CERT
> >
> > DFN-CERT-2021-1741 (https://gsa.la1.clx.corp/dfncert/DFN-CERT-2021-1741)DFN-CERT-2021-1739 (https://gsa.la1.clx.corp/dfncert/DFN-CERT-2021-1739)CB-K21/0293 (https://gsa.la1.clx.corp/certbund/CB-K21%2F0293)
> >
> > Summary
> > Grafana is prone to a denial of service (DoS) vulnerability.
> >
> > Detection Result
> > Installed version: 6.7.4 Fixed version: 6.7.6 Installation path / port: /
> >
> > Thanks
> > -jeremy
> >
> > _______________________________________________
> > ceph-users mailing list -- ceph-users@xxxxxxx (mailto:ceph-users@xxxxxxx)
> > To unsubscribe send an email to ceph-users-leave@xxxxxxx (mailto:ceph-users-leave@xxxxxxx)
>
>
> --
>
> Alfonso Martínez
>
>
> Senior Software Engineer, Ceph Storage
>
>
> Red Hat (https://www.redhat.com)
>
>
>
>
>
>
>
>
>
>
>
>


_______________________________________________
ceph-users mailing list -- ceph-users@xxxxxxx
To unsubscribe send an email to ceph-users-leave@xxxxxxx
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Ceph Dev]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux