[ALSA-2022:8250] Moderate: grafana-pcp security update
Release date:
The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): * golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705) * golang: io/fs: stack exhaustion in Glob (CVE-2022-30630) * golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631) * golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632) * golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635) * golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 grafana-pcp-3.2.0-3.el9.aarch64.rpm c2ff690b1887fe0f8ddb73ede3db978addc5f7e8a53d3b9be2d42629e416409a
ppc64le grafana-pcp-3.2.0-3.el9.ppc64le.rpm ed9b0ee720680fefef4e3e9abc23eea4406d1551754dca5f902e954d0558fa95
s390x grafana-pcp-3.2.0-3.el9.s390x.rpm 2923a16af2b40a408f83362bd9652420b172807e92f0a05f3905490d04032f3a
x86_64 grafana-pcp-3.2.0-3.el9.x86_64.rpm e15a7b876ccef351315221d600cfee655fc871a6cd4fcc1a7d681f949c850631
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.