Issued:: 2022-07-26
Updated:: 2022-07-26

RHSA-2022:5717 - Security Advisory

Overview
Updated Packages

Synopsis

Important: grafana security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grafana is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Description

Grafana is an open source, feature rich metrics dashboard and graph editor for
Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

grafana: OAuth account takeover (CVE-2022-31107)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
Red Hat Enterprise Linux Server - AUS 8.6 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
Red Hat Enterprise Linux Server - TUS 8.8 x86_64
Red Hat Enterprise Linux Server - TUS 8.6 x86_64
Red Hat Enterprise Linux for ARM 64 8 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

BZ - 2104367 - CVE-2022-31107 grafana: OAuth account takeover

CVEs

CVE-2022-31107

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
x86_64
grafana-7.5.11-3.el8_6.x86_64.rpm	SHA-256: 6ff7832cd1ceb82c8bd94cf4a147365d7d8c5ccfd9e974237f39637f0055f376
grafana-debuginfo-7.5.11-3.el8_6.x86_64.rpm	SHA-256: 4da630144e6a5109a91633013d20aa405d27e0c082885a2e70cd83d804f5f747

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
x86_64
grafana-7.5.11-3.el8_6.x86_64.rpm	SHA-256: 6ff7832cd1ceb82c8bd94cf4a147365d7d8c5ccfd9e974237f39637f0055f376
grafana-debuginfo-7.5.11-3.el8_6.x86_64.rpm	SHA-256: 4da630144e6a5109a91633013d20aa405d27e0c082885a2e70cd83d804f5f747

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
x86_64
grafana-7.5.11-3.el8_6.x86_64.rpm	SHA-256: 6ff7832cd1ceb82c8bd94cf4a147365d7d8c5ccfd9e974237f39637f0055f376
grafana-debuginfo-7.5.11-3.el8_6.x86_64.rpm	SHA-256: 4da630144e6a5109a91633013d20aa405d27e0c082885a2e70cd83d804f5f747

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
x86_64
grafana-7.5.11-3.el8_6.x86_64.rpm	SHA-256: 6ff7832cd1ceb82c8bd94cf4a147365d7d8c5ccfd9e974237f39637f0055f376
grafana-debuginfo-7.5.11-3.el8_6.x86_64.rpm	SHA-256: 4da630144e6a5109a91633013d20aa405d27e0c082885a2e70cd83d804f5f747

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
s390x
grafana-7.5.11-3.el8_6.s390x.rpm	SHA-256: 476aaf697e953f496109016e56321c1316e81473e9f0ed1d22a8da64168addab
grafana-debuginfo-7.5.11-3.el8_6.s390x.rpm	SHA-256: a0fd2357354bc10e33378e16191c0c2a5c9fbcd17cca621b7eb6257b37440630

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
s390x
grafana-7.5.11-3.el8_6.s390x.rpm	SHA-256: 476aaf697e953f496109016e56321c1316e81473e9f0ed1d22a8da64168addab
grafana-debuginfo-7.5.11-3.el8_6.s390x.rpm	SHA-256: a0fd2357354bc10e33378e16191c0c2a5c9fbcd17cca621b7eb6257b37440630

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
s390x
grafana-7.5.11-3.el8_6.s390x.rpm	SHA-256: 476aaf697e953f496109016e56321c1316e81473e9f0ed1d22a8da64168addab
grafana-debuginfo-7.5.11-3.el8_6.s390x.rpm	SHA-256: a0fd2357354bc10e33378e16191c0c2a5c9fbcd17cca621b7eb6257b37440630

Red Hat Enterprise Linux for Power, little endian 8

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
ppc64le
grafana-7.5.11-3.el8_6.ppc64le.rpm	SHA-256: af977d079657558cceb541b5229a27a055a6680a4e0b30da628421575f11cf73
grafana-debuginfo-7.5.11-3.el8_6.ppc64le.rpm	SHA-256: 62785f2194bffdacfa9141fd2f3e91e25f34d0b148bc073687a0bd56e277cf55

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
ppc64le
grafana-7.5.11-3.el8_6.ppc64le.rpm	SHA-256: af977d079657558cceb541b5229a27a055a6680a4e0b30da628421575f11cf73
grafana-debuginfo-7.5.11-3.el8_6.ppc64le.rpm	SHA-256: 62785f2194bffdacfa9141fd2f3e91e25f34d0b148bc073687a0bd56e277cf55

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
ppc64le
grafana-7.5.11-3.el8_6.ppc64le.rpm	SHA-256: af977d079657558cceb541b5229a27a055a6680a4e0b30da628421575f11cf73
grafana-debuginfo-7.5.11-3.el8_6.ppc64le.rpm	SHA-256: 62785f2194bffdacfa9141fd2f3e91e25f34d0b148bc073687a0bd56e277cf55

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
x86_64
grafana-7.5.11-3.el8_6.x86_64.rpm	SHA-256: 6ff7832cd1ceb82c8bd94cf4a147365d7d8c5ccfd9e974237f39637f0055f376
grafana-debuginfo-7.5.11-3.el8_6.x86_64.rpm	SHA-256: 4da630144e6a5109a91633013d20aa405d27e0c082885a2e70cd83d804f5f747

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
x86_64
grafana-7.5.11-3.el8_6.x86_64.rpm	SHA-256: 6ff7832cd1ceb82c8bd94cf4a147365d7d8c5ccfd9e974237f39637f0055f376
grafana-debuginfo-7.5.11-3.el8_6.x86_64.rpm	SHA-256: 4da630144e6a5109a91633013d20aa405d27e0c082885a2e70cd83d804f5f747

Red Hat Enterprise Linux for ARM 64 8

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
aarch64
grafana-7.5.11-3.el8_6.aarch64.rpm	SHA-256: 800eca7ccfa9aa8d906f39362dffca92cf1b7cf54325b72adb8487b935558ace
grafana-debuginfo-7.5.11-3.el8_6.aarch64.rpm	SHA-256: 3d068f13f8ca541bff490252bf72facd926fe55e790b4128229b20292287e05c

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
aarch64
grafana-7.5.11-3.el8_6.aarch64.rpm	SHA-256: 800eca7ccfa9aa8d906f39362dffca92cf1b7cf54325b72adb8487b935558ace
grafana-debuginfo-7.5.11-3.el8_6.aarch64.rpm	SHA-256: 3d068f13f8ca541bff490252bf72facd926fe55e790b4128229b20292287e05c

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
aarch64
grafana-7.5.11-3.el8_6.aarch64.rpm	SHA-256: 800eca7ccfa9aa8d906f39362dffca92cf1b7cf54325b72adb8487b935558ace
grafana-debuginfo-7.5.11-3.el8_6.aarch64.rpm	SHA-256: 3d068f13f8ca541bff490252bf72facd926fe55e790b4128229b20292287e05c

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
ppc64le
grafana-7.5.11-3.el8_6.ppc64le.rpm	SHA-256: af977d079657558cceb541b5229a27a055a6680a4e0b30da628421575f11cf73
grafana-debuginfo-7.5.11-3.el8_6.ppc64le.rpm	SHA-256: 62785f2194bffdacfa9141fd2f3e91e25f34d0b148bc073687a0bd56e277cf55

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
ppc64le
grafana-7.5.11-3.el8_6.ppc64le.rpm	SHA-256: af977d079657558cceb541b5229a27a055a6680a4e0b30da628421575f11cf73
grafana-debuginfo-7.5.11-3.el8_6.ppc64le.rpm	SHA-256: 62785f2194bffdacfa9141fd2f3e91e25f34d0b148bc073687a0bd56e277cf55

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
x86_64
grafana-7.5.11-3.el8_6.x86_64.rpm	SHA-256: 6ff7832cd1ceb82c8bd94cf4a147365d7d8c5ccfd9e974237f39637f0055f376
grafana-debuginfo-7.5.11-3.el8_6.x86_64.rpm	SHA-256: 4da630144e6a5109a91633013d20aa405d27e0c082885a2e70cd83d804f5f747

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
grafana-7.5.11-3.el8_6.src.rpm	SHA-256: b947dc05554cec96c08cf3a42d6f1a831f466332bd4e8cf75d6728f1a07d7b91
x86_64
grafana-7.5.11-3.el8_6.x86_64.rpm	SHA-256: 6ff7832cd1ceb82c8bd94cf4a147365d7d8c5ccfd9e974237f39637f0055f376
grafana-debuginfo-7.5.11-3.el8_6.x86_64.rpm	SHA-256: 4da630144e6a5109a91633013d20aa405d27e0c082885a2e70cd83d804f5f747

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.