ALSA-2026:19352

[ALSA-2026:19352] Important: grafana security update

Type:

security

Severity:

important

Release date:

2026-05-26

Description:

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.   

Security Fix(es):  

  * grafana: Grafana: Information disclosure of data-source passwords via public dashboards (CVE-2026-27877)
  * golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282)
  * crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	grafana-10.2.6-22.el9_8.aarch64.rpm	0e61e4b3232fd1afe98ab55f134a6ef7cbbb42a551d7f20a9c68a8770f85eed7
aarch64	grafana-selinux-10.2.6-22.el9_8.aarch64.rpm	d42d5dbac763570a13ff9e5894d66246d6062ac176259dcdfae92fd13a312e4b
ppc64le	grafana-selinux-10.2.6-22.el9_8.ppc64le.rpm	a91ec0736d3aec06b09ee255542b9eb85cdedf85fec0246fb37e60ce118135ee
ppc64le	grafana-10.2.6-22.el9_8.ppc64le.rpm	d48bc1853182433adaba1c5b7cab3b604cdcec817cf408a264ecce2903ebbe99
s390x	grafana-selinux-10.2.6-22.el9_8.s390x.rpm	807eb05e0c1005ad1b1fcab49c11721ea9c8342a04bad2e343650fe657af4735
s390x	grafana-10.2.6-22.el9_8.s390x.rpm	eead7566c4819529d0e647dd7bdc4a0828ebf0e5a8c407451a86bc834b85b215
x86_64	grafana-selinux-10.2.6-22.el9_8.x86_64.rpm	82215c65588dcec00cfa1e8edcc065d57b858e473b91afb67b71779728e3e9e4
x86_64	grafana-10.2.6-22.el9_8.x86_64.rpm	bf3d78f48e180238482f38c372a1ba898891248eb7f780d3294f033743d3a12f

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.