ALSA-2026:2914

[ALSA-2026:2914] Important: grafana security update

Type:

security

Severity:

important

Release date:

2026-02-19

Description:

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.   

Security Fix(es):  

  * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
  * grafana/grafana/pkg/services/dashboards: Grafana Dashboard Permissions Scope Bypass Enables Cross?Dashboard Privilege Escalation (CVE-2026-21721)
  * golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
  * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
  * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	grafana-10.2.6-22.el10_1.aarch64.rpm	2500e670f685b421ab1818b0b1cf55746cd3ca4d8d5eec56e8b08507e84ac09f
aarch64	grafana-selinux-10.2.6-22.el10_1.aarch64.rpm	f49b1f4de6fee3902298878e3f736f709b985b781b352858e7b1be4ad023b2bf
ppc64le	grafana-selinux-10.2.6-22.el10_1.ppc64le.rpm	4d17dfecc9c98c2e78a25c21c0eec2ccf390f45b18c93b02c1e4ef72192fcbca
ppc64le	grafana-10.2.6-22.el10_1.ppc64le.rpm	c5ff0b7cc38942d37e34e770e9ecac1244467f4c06c8053e4713e91892291056
s390x	grafana-10.2.6-22.el10_1.s390x.rpm	464b99144ec4e9806490a163919661d0813e279b3e38794c550ad96161f967c8
s390x	grafana-selinux-10.2.6-22.el10_1.s390x.rpm	f6d80d703f18aa6062a0ed8cb3d050bb270443bdc6897aff835ce90d0ddeaceb
x86_64	grafana-10.2.6-22.el10_1.x86_64.rpm	af5613c82f3dd77e97b00dc80901b250a8e5a34ed0a124ccf3860a7ccacf3b30
x86_64	grafana-selinux-10.2.6-22.el10_1.x86_64.rpm	c7e5f93609b393e11678bd44c089e64db9275bb2889bc8f6ea1ca6fefec3fd33
x86_64_v2	grafana-10.2.6-22.el10_1.x86_64_v2.rpm	a67dbec71766eed49f84e4c5f66119644c5983a62274ef24f28c9b4785b10e9d
x86_64_v2	grafana-selinux-10.2.6-22.el10_1.x86_64_v2.rpm	a77c1483eace69c304d66c41b2287d883ce79e1dbb4aebe2f360791aad5f3ee4

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.