[ALSA-2023:2784] Moderate: grafana security update
Type:
security
Severity:
moderate
Release date:
2023-05-19
Description:
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * grafana: using email as a username can block other users from signing in (CVE-2022-39229) * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 grafana-7.5.15-4.el8.aarch64.rpm a8081caaeeeee25ec2a06e6117dd57f803b1592c0086ffc9658a2b57959e5fa7
ppc64le grafana-7.5.15-4.el8.ppc64le.rpm 5665f081014768b95f5ae923607a4ae4544e87bdc1289c91e1a2fed40c669cf2
s390x grafana-7.5.15-4.el8.s390x.rpm e8151cd3199d241ef2f1d4be520baa86cbc6edd9d778f6ec810ccbf3277c19ed
x86_64 grafana-7.5.15-4.el8.x86_64.rpm 1a3651fd3a7bdb252af218a34bd7906e3aa1c886c692433071b585131a89e8cf
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.