Red Hat Product Errata RHSA-2022:0002 - Security Advisory
Issued:
2022-01-03
Updated:
2022-01-03

RHSA-2022:0002 - Security Advisory

Synopsis

Important: grafana security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grafana is now available for Red Hat Enterprise Linux 8.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

  • golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4 x86_64

Fixes

  • BZ - 2030801 - CVE-2021-44716 golang: net/http: limit growth of header canonicalization cache

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.4

SRPM
grafana-7.3.6-4.el8_4.src.rpm SHA-256: 0c7797071ba324e225484d51edf9383a8fa8113479f1efa66ab9158f979f46a2
x86_64
grafana-7.3.6-4.el8_4.x86_64.rpm SHA-256: 26cef130c6efd76bac387a39a02f7ddae0d49ced0cb6550adba5dc1c2da5c170
grafana-debuginfo-7.3.6-4.el8_4.x86_64.rpm SHA-256: f41cd44bad47a6850a534629c1c6d53e7453b63ec063d4a77be4b313c0e1dc36

Red Hat Enterprise Linux Server - AUS 8.4

SRPM
grafana-7.3.6-4.el8_4.src.rpm SHA-256: 0c7797071ba324e225484d51edf9383a8fa8113479f1efa66ab9158f979f46a2
x86_64
grafana-7.3.6-4.el8_4.x86_64.rpm SHA-256: 26cef130c6efd76bac387a39a02f7ddae0d49ced0cb6550adba5dc1c2da5c170
grafana-debuginfo-7.3.6-4.el8_4.x86_64.rpm SHA-256: f41cd44bad47a6850a534629c1c6d53e7453b63ec063d4a77be4b313c0e1dc36

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.4

SRPM
grafana-7.3.6-4.el8_4.src.rpm SHA-256: 0c7797071ba324e225484d51edf9383a8fa8113479f1efa66ab9158f979f46a2
s390x
grafana-7.3.6-4.el8_4.s390x.rpm SHA-256: 3e03a9a453d4ffc48011d4b327f81ce45d3310436da64797169f0b849a943669
grafana-debuginfo-7.3.6-4.el8_4.s390x.rpm SHA-256: 2a883524a678628f3e585c6fd58068aa7a75ce18d3cb15b4d9aeffb21271537e

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.4

SRPM
grafana-7.3.6-4.el8_4.src.rpm SHA-256: 0c7797071ba324e225484d51edf9383a8fa8113479f1efa66ab9158f979f46a2
ppc64le
grafana-7.3.6-4.el8_4.ppc64le.rpm SHA-256: 8c824327c67bc7a3dd84d379694319abf62b97b4df603e25b4311fd46cd6b16c
grafana-debuginfo-7.3.6-4.el8_4.ppc64le.rpm SHA-256: c6e6f228c38ae32e64d14bc5250552011e24760e2abcbbab8d73eab939afeea3

Red Hat Enterprise Linux Server - TUS 8.4

SRPM
grafana-7.3.6-4.el8_4.src.rpm SHA-256: 0c7797071ba324e225484d51edf9383a8fa8113479f1efa66ab9158f979f46a2
x86_64
grafana-7.3.6-4.el8_4.x86_64.rpm SHA-256: 26cef130c6efd76bac387a39a02f7ddae0d49ced0cb6550adba5dc1c2da5c170
grafana-debuginfo-7.3.6-4.el8_4.x86_64.rpm SHA-256: f41cd44bad47a6850a534629c1c6d53e7453b63ec063d4a77be4b313c0e1dc36

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.4

SRPM
grafana-7.3.6-4.el8_4.src.rpm SHA-256: 0c7797071ba324e225484d51edf9383a8fa8113479f1efa66ab9158f979f46a2
aarch64
grafana-7.3.6-4.el8_4.aarch64.rpm SHA-256: a09306e0c06d48036cba82100a526cda1fc41e1c2077576c152e1d6b6bef9d79
grafana-debuginfo-7.3.6-4.el8_4.aarch64.rpm SHA-256: 490216f4fedacd55b7e367e1136f5a0008f3be9572e179835ff321e593f9057c

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.4

SRPM
grafana-7.3.6-4.el8_4.src.rpm SHA-256: 0c7797071ba324e225484d51edf9383a8fa8113479f1efa66ab9158f979f46a2
ppc64le
grafana-7.3.6-4.el8_4.ppc64le.rpm SHA-256: 8c824327c67bc7a3dd84d379694319abf62b97b4df603e25b4311fd46cd6b16c
grafana-debuginfo-7.3.6-4.el8_4.ppc64le.rpm SHA-256: c6e6f228c38ae32e64d14bc5250552011e24760e2abcbbab8d73eab939afeea3

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.4

SRPM
grafana-7.3.6-4.el8_4.src.rpm SHA-256: 0c7797071ba324e225484d51edf9383a8fa8113479f1efa66ab9158f979f46a2
x86_64
grafana-7.3.6-4.el8_4.x86_64.rpm SHA-256: 26cef130c6efd76bac387a39a02f7ddae0d49ced0cb6550adba5dc1c2da5c170
grafana-debuginfo-7.3.6-4.el8_4.x86_64.rpm SHA-256: f41cd44bad47a6850a534629c1c6d53e7453b63ec063d4a77be4b313c0e1dc36

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.