[ALSA-2024:9473] Important: grafana security update
Type:
security
Severity:
important
Release date:
2024-11-18
Description:
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156) * dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 grafana-selinux-10.2.6-7.el9_5.aarch64.rpm 139ac279199ee04b3d03929274c0de9cd6114b27ea00d6f76071818adc6ca14d
aarch64 grafana-10.2.6-7.el9_5.aarch64.rpm e6aed252aa52049375d2253a72b002d8392d991e6d2baf703a9d86a496b4e00f
ppc64le grafana-selinux-10.2.6-7.el9_5.ppc64le.rpm afbc4709e87fd3204b43bf0b8776d1d28fc27b8e8055433f75f2769120b21959
ppc64le grafana-10.2.6-7.el9_5.ppc64le.rpm da2d82e4fcb26f9ce8d9d3ea617b4e549bcb3d41022db588c13638723f24720a
s390x grafana-10.2.6-7.el9_5.s390x.rpm ba0548bd3dde3ad8c5b1f1b329525947398c069d43a02c3387fb05b0c3f6c26d
s390x grafana-selinux-10.2.6-7.el9_5.s390x.rpm ef86fe87d2e11405e02d5eb6af560bb895b519cb72d50712c36489d0d11792f6
x86_64 grafana-selinux-10.2.6-7.el9_5.x86_64.rpm 4983e17da92e39f35cd5652bd8682687ffe887141ae1bfa703658b21ce7dd97b
x86_64 grafana-10.2.6-7.el9_5.x86_64.rpm 9afa5ab669325b79c836354b2ac99cd6687bb2c11cc67586fb339651ee1742b8
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.