[ALSA-2024:9472] Important: grafana-pcp security update
Type:
security
Severity:
important
Release date:
2024-11-18
Description:
The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 grafana-pcp-5.1.1-9.el9_5.aarch64.rpm ac414d342cf242205367aefc60e3b585cf1f56fab543b097311a802afc87960f
ppc64le grafana-pcp-5.1.1-9.el9_5.ppc64le.rpm 3cec3806f8e4c68b4209a84356073fea01b5f261dea2d4ebf6268a0975f20da6
s390x grafana-pcp-5.1.1-9.el9_5.s390x.rpm ca2e11da0c4fa812a32055a23a31c545dd2ed39aa7ed07ea258ca1ab76297757
x86_64 grafana-pcp-5.1.1-9.el9_5.x86_64.rpm 2e7fc9e805be501ecc4aa9878b95e5e1d6d6682d7a5fc943e6f331520412c6fc
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.