[ALSA-2026:3035] Important: grafana-pcp security update
Type:
security
Severity:
important
Release date:
2026-02-26
Description:
The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): * crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729) * golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726) * crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 grafana-pcp-5.3.0-2.el10_1.aarch64.rpm 178276d05a00ea9e534dda357bfd593749053327a52e78b22a3db23625dc27c7
ppc64le grafana-pcp-5.3.0-2.el10_1.ppc64le.rpm e555e9cdb87823695db4396163771a8210b53b6c3c5dcf2f2e2cad5ac3f99b9d
s390x grafana-pcp-5.3.0-2.el10_1.s390x.rpm efecdca3ca5477a074b70006a5059ebafa1669632d092a425f0e1c06ab444a6d
x86_64 grafana-pcp-5.3.0-2.el10_1.x86_64.rpm 39b70716d1695b70ed000d1a24ffe21ae0c8b787a4ffffe1bc6e36f4a7a6d009
x86_64_v2 grafana-pcp-5.3.0-2.el10_1.x86_64_v2.rpm 53047a556024b078e4c554a5e8594830a11a2dc7f183a795882a5b725ee4f01a
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.