[ALSA-2023:5867] Moderate: grafana security update
Type:
security
Severity:
moderate
Release date:
2023-10-19
Description:
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) * golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-39325) A AlmaLinux Security Bulletin which addresses further details about this flaw is available in the References section. For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 grafana-9.0.9-4.el9_2.alma.1.aarch64.rpm b09a8851157a8a8a97bab7549784240eb582ae60c57417c11fa80136c668b572
ppc64le grafana-9.0.9-4.el9_2.alma.1.ppc64le.rpm 884e624f2e9726e007e8fe0bf3979742c1f3f7721d4ad524ca40139ce283810c
s390x grafana-9.0.9-4.el9_2.alma.1.s390x.rpm b9795802046374bb7a9882f6d65c851678f4ede64ab8870d9360e8a661cd3939
x86_64 grafana-9.0.9-4.el9_2.alma.1.x86_64.rpm 08583c3d4e7c5e3bb668461b99c0d85cd2f6c372eb8285d597f574eb564885bd
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.