[ALSA-2024:6946] Important: grafana-pcp security update
Type:
security
Severity:
important
Release date:
2024-09-24
Description:
The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 grafana-pcp-5.1.1-3.el9_4.aarch64.rpm d304fa97b7c03d1d4976ebda115a375d7bb50945fc68fc5e3e67d1e1a6611621
ppc64le grafana-pcp-5.1.1-3.el9_4.ppc64le.rpm 48ce823750b0fc79f93d328eaee0d79740975f25bbf54efd64cb20f74e51ecaf
s390x grafana-pcp-5.1.1-3.el9_4.s390x.rpm a952716b1fcf60c9ad31298104ee6a06aeafe1c1e5309aea987873a40d33eb69
x86_64 grafana-pcp-5.1.1-3.el9_4.x86_64.rpm 1c97f5bc357614489f6e7f38941f7dec438a5c80153723723e9962c20790e83f
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.