ALSA-2025:8918

[ALSA-2025:8918] Moderate: grafana-pcp security update

Type:

security

Severity:

moderate

Release date:

2025-07-02

Description:

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.  

Security Fix(es):  

  * net/[http:](http:) Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	grafana-pcp-5.1.1-10.el8_10.aarch64.rpm	2b9b40e5c725a6dfcaa05f0b4448c1befdb19ab2e9e74b77489436a7be0ee488
ppc64le	grafana-pcp-5.1.1-10.el8_10.ppc64le.rpm	399da2df9d9533dad9df27ae23b389bd67f718e59136504e30801ef30ee2ac09
s390x	grafana-pcp-5.1.1-10.el8_10.s390x.rpm	17e4548a4252ab54e4423f30841639c1bad3024ed8893dd68dffcacbf08fbd48
x86_64	grafana-pcp-5.1.1-10.el8_10.x86_64.rpm	1bacb4e57262990c2dff66023ede08f9513a8d1a3bddcaf5b89fb7a4240f99a3

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.