Red Hat Product Errata RHSA-2023:2784 - Security Advisory
Issued:
2023-05-16
Updated:
2023-05-16

RHSA-2023:2784 - Security Advisory

Synopsis

Moderate: grafana security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grafana is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

  • golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)
  • golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664)
  • grafana: using email as a username can block other users from signing in (CVE-2022-39229)
  • golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.8 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.8 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64

Fixes

  • BZ - 2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
  • BZ - 2131149 - CVE-2022-39229 grafana: using email as a username can block other users from signing in
  • BZ - 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
  • BZ - 2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps

Red Hat Enterprise Linux for x86_64 8

SRPM
grafana-7.5.15-4.el8.src.rpm SHA-256: 5851702a2a438881c913d6a51275520946e463cf6bf492de8a85cb022cd1e1e5
x86_64
grafana-7.5.15-4.el8.x86_64.rpm SHA-256: 16157c3d8b3a77062e6a32f8a93f823e0008b7548ff821389850fab4d5fdbad4
grafana-debuginfo-7.5.15-4.el8.x86_64.rpm SHA-256: d2401bed4b408ae004bff39854fb39670357e20f9c912edee45c5c81de52adf2

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8

SRPM
grafana-7.5.15-4.el8.src.rpm SHA-256: 5851702a2a438881c913d6a51275520946e463cf6bf492de8a85cb022cd1e1e5
x86_64
grafana-7.5.15-4.el8.x86_64.rpm SHA-256: 16157c3d8b3a77062e6a32f8a93f823e0008b7548ff821389850fab4d5fdbad4
grafana-debuginfo-7.5.15-4.el8.x86_64.rpm SHA-256: d2401bed4b408ae004bff39854fb39670357e20f9c912edee45c5c81de52adf2

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.8

SRPM
grafana-7.5.15-4.el8.src.rpm SHA-256: 5851702a2a438881c913d6a51275520946e463cf6bf492de8a85cb022cd1e1e5
x86_64
grafana-7.5.15-4.el8.x86_64.rpm SHA-256: 16157c3d8b3a77062e6a32f8a93f823e0008b7548ff821389850fab4d5fdbad4
grafana-debuginfo-7.5.15-4.el8.x86_64.rpm SHA-256: d2401bed4b408ae004bff39854fb39670357e20f9c912edee45c5c81de52adf2

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
grafana-7.5.15-4.el8.src.rpm SHA-256: 5851702a2a438881c913d6a51275520946e463cf6bf492de8a85cb022cd1e1e5
s390x
grafana-7.5.15-4.el8.s390x.rpm SHA-256: 6951a1622d789c4c934638d882900850673dab1dc3d67bfb3aab764384cfb221
grafana-debuginfo-7.5.15-4.el8.s390x.rpm SHA-256: 3464769570f029a45e6c5c30c2ae45cb83eb62b69f30c72d6ef1b67a7e5626b7

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8

SRPM
grafana-7.5.15-4.el8.src.rpm SHA-256: 5851702a2a438881c913d6a51275520946e463cf6bf492de8a85cb022cd1e1e5
s390x
grafana-7.5.15-4.el8.s390x.rpm SHA-256: 6951a1622d789c4c934638d882900850673dab1dc3d67bfb3aab764384cfb221
grafana-debuginfo-7.5.15-4.el8.s390x.rpm SHA-256: 3464769570f029a45e6c5c30c2ae45cb83eb62b69f30c72d6ef1b67a7e5626b7

Red Hat Enterprise Linux for Power, little endian 8

SRPM
grafana-7.5.15-4.el8.src.rpm SHA-256: 5851702a2a438881c913d6a51275520946e463cf6bf492de8a85cb022cd1e1e5
ppc64le
grafana-7.5.15-4.el8.ppc64le.rpm SHA-256: e308838ce10b009f03e7c5cffc73ab0ff22854d7caacad7424371d3a6fe08f81
grafana-debuginfo-7.5.15-4.el8.ppc64le.rpm SHA-256: feb3f4385dd51f4b906e949b5a22778915b982ad0e1a05cb203ed4db03d3c6c3

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8

SRPM
grafana-7.5.15-4.el8.src.rpm SHA-256: 5851702a2a438881c913d6a51275520946e463cf6bf492de8a85cb022cd1e1e5
ppc64le
grafana-7.5.15-4.el8.ppc64le.rpm SHA-256: e308838ce10b009f03e7c5cffc73ab0ff22854d7caacad7424371d3a6fe08f81
grafana-debuginfo-7.5.15-4.el8.ppc64le.rpm SHA-256: feb3f4385dd51f4b906e949b5a22778915b982ad0e1a05cb203ed4db03d3c6c3

Red Hat Enterprise Linux Server - TUS 8.8

SRPM
grafana-7.5.15-4.el8.src.rpm SHA-256: 5851702a2a438881c913d6a51275520946e463cf6bf492de8a85cb022cd1e1e5
x86_64
grafana-7.5.15-4.el8.x86_64.rpm SHA-256: 16157c3d8b3a77062e6a32f8a93f823e0008b7548ff821389850fab4d5fdbad4
grafana-debuginfo-7.5.15-4.el8.x86_64.rpm SHA-256: d2401bed4b408ae004bff39854fb39670357e20f9c912edee45c5c81de52adf2

Red Hat Enterprise Linux for ARM 64 8

SRPM
grafana-7.5.15-4.el8.src.rpm SHA-256: 5851702a2a438881c913d6a51275520946e463cf6bf492de8a85cb022cd1e1e5
aarch64
grafana-7.5.15-4.el8.aarch64.rpm SHA-256: 69f5b980820160422d659f4d275efe93093cb22c69654e0c009e958dfd8e99ab
grafana-debuginfo-7.5.15-4.el8.aarch64.rpm SHA-256: cf789ad14a5b7cac0b9733790ff993042d66b4c7867b22851ffd38f564be7908

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8

SRPM
grafana-7.5.15-4.el8.src.rpm SHA-256: 5851702a2a438881c913d6a51275520946e463cf6bf492de8a85cb022cd1e1e5
aarch64
grafana-7.5.15-4.el8.aarch64.rpm SHA-256: 69f5b980820160422d659f4d275efe93093cb22c69654e0c009e958dfd8e99ab
grafana-debuginfo-7.5.15-4.el8.aarch64.rpm SHA-256: cf789ad14a5b7cac0b9733790ff993042d66b4c7867b22851ffd38f564be7908

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8

SRPM
grafana-7.5.15-4.el8.src.rpm SHA-256: 5851702a2a438881c913d6a51275520946e463cf6bf492de8a85cb022cd1e1e5
ppc64le
grafana-7.5.15-4.el8.ppc64le.rpm SHA-256: e308838ce10b009f03e7c5cffc73ab0ff22854d7caacad7424371d3a6fe08f81
grafana-debuginfo-7.5.15-4.el8.ppc64le.rpm SHA-256: feb3f4385dd51f4b906e949b5a22778915b982ad0e1a05cb203ed4db03d3c6c3

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8

SRPM
grafana-7.5.15-4.el8.src.rpm SHA-256: 5851702a2a438881c913d6a51275520946e463cf6bf492de8a85cb022cd1e1e5
x86_64
grafana-7.5.15-4.el8.x86_64.rpm SHA-256: 16157c3d8b3a77062e6a32f8a93f823e0008b7548ff821389850fab4d5fdbad4
grafana-debuginfo-7.5.15-4.el8.x86_64.rpm SHA-256: d2401bed4b408ae004bff39854fb39670357e20f9c912edee45c5c81de52adf2

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.