ALSA-2025:8916

[ALSA-2025:8916] Moderate: grafana-pcp security update

Type:

security

Severity:

moderate

Release date:

2025-07-02

Description:

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.  

Security Fix(es):  

  * net/[http:](http:) Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	grafana-pcp-5.1.1-11.el9_6.aarch64.rpm	8868b6d580cffaf3a41148687327d10570125cde3cead510376d447cb9fd4474
ppc64le	grafana-pcp-5.1.1-11.el9_6.ppc64le.rpm	f4e439306ac1ff3ab2888af47b30864b750e682b324983442aff55a51d2fab24
s390x	grafana-pcp-5.1.1-11.el9_6.s390x.rpm	0beac1f59603a59981764882a9f7e2951f96f00b94192b18e333f354457574d7
x86_64	grafana-pcp-5.1.1-11.el9_6.x86_64.rpm	cf50b756a5af9e6e8eecb5abf69ec310e546ec43d8b269a816fc9d6de90f4717

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.