[ALSA-2023:5863] Moderate: grafana security update
Type:
security
Severity:
moderate
Release date:
2023-10-19
Description:
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) A AlmaLinux Security Bulletin which addresses further details about this flaw is available in the References section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 grafana-7.5.15-5.el8_8.alma.1.aarch64.rpm 9e13caa191c8893cb74816188b0d17c8ea14da0d7fc1f10f52b801a0a264241e
ppc64le grafana-7.5.15-5.el8_8.alma.1.ppc64le.rpm 17e00ea66488e77e718829fcfb0a80b1d2e8d35a9e9049438fc0b1c06eb1ad95
s390x grafana-7.5.15-5.el8_8.alma.1.s390x.rpm 9a8b319eedc9291db41b655b48955e8a89ad3e444105c9355c0b4e951d7b6e58
x86_64 grafana-7.5.15-5.el8_8.alma.1.x86_64.rpm d65be35ee8a09a73abe6d5bec57314cda73ef04db5fdc4df9e4d2132913cfb04
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.