• Home
  • Releases
  • Submit Vuln
  • Press
  • About
  • PGP
  • Contact
    • Contact
    • Submit Vuln
    • VDP
  • Tutorials
    • All Posts
    • Photoshop on Linux
    • macOS on Linux
  • Supporters
  • Projects
  • Training
Sick Codes - Security Research, Hardware & Software Hacking, Consulting, Linux, IoT, Cloud, Embedded, Arch, Tweaks & Tips!
  • Home
  • Releases
  • Submit Vuln
  • Press
  • About
  • PGP
  • Contact
    • Contact
    • Submit Vuln
    • VDP
  • Tutorials
    • All Posts
    • Photoshop on Linux
    • macOS on Linux
  • Supporters
  • Projects
  • Training
No Result
View All Result
Sick Codes - Security Research, Hardware & Software Hacking, Consulting, Linux, IoT, Cloud, Embedded, Arch, Tweaks & Tips!
  • Home
  • Releases
  • Submit Vuln
  • Press
  • About
  • PGP
  • Contact
    • Contact
    • Submit Vuln
    • VDP
  • Tutorials
    • All Posts
    • Photoshop on Linux
    • macOS on Linux
  • Supporters
  • Projects
  • Training
No Result
View All Result
Sick Codes - Security Research, Hardware & Software Hacking, Consulting, Linux, IoT, Cloud, Embedded, Arch, Tweaks & Tips!
No Result
View All Result
Home Security

Fix DIVD-2022-00002: Grafana versions 8.0.0-beta1 through 8.3.0 installed via dpkg/deb package. Mitigation:

by Sick Codes
January 21, 2022
in Security
0
Fix DIVD-2022-00002 - Grafana Upgrade Mitigation

Fix DIVD-2022-00002 - Grafana Upgrade Mitigation

In response to the amazing work by @j0v0x0 “Jordy Versmissen” from Detectify, the double-amazing Dutch Institute for Vulnerability Disclosure, known as DIVD CSIRT, contacted thousands of ISP/IP/Webmasters to resolve the issue.

This mitigation assists those who are on Ubuntu 18.04 20.04 etc., and used the .deb package to install Grafana.

This mitigation is GPLv2 and has ABSOLUTELY NO WARRANTY: your application may break.

apt update -y
apt upgrade -y

If after the above, your version remains the same and you cannot upgrade your Grafana, that means you may have installed it using the debian package and therefore have to manually update it, or add Grafan OSS repo as shown below to your Debian Sources.

For example:

grafana-server -v
# Version 8.0.5 (commit: cbb2aa5001, branch: HEAD)

apt update && apt upgrade -y

grafana-server -v
# Version 8.0.5 (commit: cbb2aa5001, branch: HEAD)

Same version, right? 8.0.5 == 8.0.5

This means you may have used the .deb package to install Grafana.

You could go to Grafana.com and wget the latest .deb but you’ll have to do this every single time!

Thefore, the most secure option is to simply add the Grafana package repo:

apt install -y apt-transport-https
apt install -y software-properties-common wget
wget -q -O - https://packages.grafana.com/gpg.key | apt-key add -
tee /etc/apt/sources.list.d/grafana.list <<< "deb https://packages.grafana.com/oss/deb stable main"
apt update -y
apt install grafana -y

Now let’s see if the newest version is available:

apt list | grep grafana

# WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

# grafana-enterprise/stable 7.0.0 amd64
# grafana/stable 8.3.4 amd64 [upgradable from: 8.0.5]

This lets you jump from 8.0.5 to 8.3.4.

apt upgrade -y

Now check the version:

grafana-server -v
# Version 8.3.4 (commit: a551d74b11, branch: HEAD)

Done!

Next Post
macOS recovery image on linux

How to create a macOS recovery USB installer without macOS (on Linux/Windows)

QNX QOpenCD Packages

Exploit: RTLO Injection URI Spoofing: WhatsApp, iMessage (Messages app), Instagram, Facebook Messenger. CVE-2020-20093, CVE-2020-20094, CVE-2020-20095, CVE-2020-20096

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

No Result
View All Result
  • Home
  • Releases
  • Submit Vuln
  • Press
  • About
  • PGP
  • Contact
    • Contact
    • Submit Vuln
    • VDP
  • Tutorials
    • All Posts
    • Photoshop on Linux
    • macOS on Linux
  • Supporters
  • Projects
  • Training

© 2017-2021 Sick.Codes

@sickcodes

@sickcodes

@sickcodes

Discord Server

sickcodes.slack.com

t.me/sickcodeschat

./contact_form