Red Hat Product Errata RHSA-2023:5864 - Security Advisory
Issued:
2023-10-18
Updated:
2023-10-18

RHSA-2023:5864 - Security Advisory

Synopsis

Moderate: grafana security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grafana is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

  • grafana: golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
  • HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2242803 - CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
  • BZ - 2243296 - CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM
grafana-7.5.11-4.el8_6.src.rpm SHA-256: 9063f89bd039f8f91546f8b562e4c13488a1bf2af0ef7841ed6a6731337ba43a
x86_64
grafana-7.5.11-4.el8_6.x86_64.rpm SHA-256: 86dd4193abd26a6ace33de721c3a4c2789c8c3c0d88180273d15f9b2b5039f57
grafana-debuginfo-7.5.11-4.el8_6.x86_64.rpm SHA-256: 3aa53e7e6a3b34c9ae9583a0536b80aa56f6cbfbe9d5e9f3ffb36ddcb6afae99

Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension 8.6

SRPM
grafana-7.5.11-4.el8_6.src.rpm SHA-256: 9063f89bd039f8f91546f8b562e4c13488a1bf2af0ef7841ed6a6731337ba43a
x86_64
grafana-7.5.11-4.el8_6.x86_64.rpm SHA-256: 86dd4193abd26a6ace33de721c3a4c2789c8c3c0d88180273d15f9b2b5039f57
grafana-debuginfo-7.5.11-4.el8_6.x86_64.rpm SHA-256: 3aa53e7e6a3b34c9ae9583a0536b80aa56f6cbfbe9d5e9f3ffb36ddcb6afae99

Red Hat Enterprise Linux Server - AUS 8.6

SRPM
grafana-7.5.11-4.el8_6.src.rpm SHA-256: 9063f89bd039f8f91546f8b562e4c13488a1bf2af0ef7841ed6a6731337ba43a
x86_64
grafana-7.5.11-4.el8_6.x86_64.rpm SHA-256: 86dd4193abd26a6ace33de721c3a4c2789c8c3c0d88180273d15f9b2b5039f57
grafana-debuginfo-7.5.11-4.el8_6.x86_64.rpm SHA-256: 3aa53e7e6a3b34c9ae9583a0536b80aa56f6cbfbe9d5e9f3ffb36ddcb6afae99

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM
grafana-7.5.11-4.el8_6.src.rpm SHA-256: 9063f89bd039f8f91546f8b562e4c13488a1bf2af0ef7841ed6a6731337ba43a
s390x
grafana-7.5.11-4.el8_6.s390x.rpm SHA-256: a1c46f7939f8528dab834796046b13d4595dee9bb2a79037f997d9e92f255d29
grafana-debuginfo-7.5.11-4.el8_6.s390x.rpm SHA-256: 2c1f8bacec10be2faa82b9730caa59c9bc47e04c2dfd4a14cceb9cc02b5e99db

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM
grafana-7.5.11-4.el8_6.src.rpm SHA-256: 9063f89bd039f8f91546f8b562e4c13488a1bf2af0ef7841ed6a6731337ba43a
ppc64le
grafana-7.5.11-4.el8_6.ppc64le.rpm SHA-256: f414893ebb3e50b4dec156752cc8cfe7c675d6c61995eb4b1bc302def63886d6
grafana-debuginfo-7.5.11-4.el8_6.ppc64le.rpm SHA-256: 52318c97ba169109dad1aae092de76936d802e553f080ad49a9ed4dd5192f426

Red Hat Enterprise Linux Server - TUS 8.6

SRPM
grafana-7.5.11-4.el8_6.src.rpm SHA-256: 9063f89bd039f8f91546f8b562e4c13488a1bf2af0ef7841ed6a6731337ba43a
x86_64
grafana-7.5.11-4.el8_6.x86_64.rpm SHA-256: 86dd4193abd26a6ace33de721c3a4c2789c8c3c0d88180273d15f9b2b5039f57
grafana-debuginfo-7.5.11-4.el8_6.x86_64.rpm SHA-256: 3aa53e7e6a3b34c9ae9583a0536b80aa56f6cbfbe9d5e9f3ffb36ddcb6afae99

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM
grafana-7.5.11-4.el8_6.src.rpm SHA-256: 9063f89bd039f8f91546f8b562e4c13488a1bf2af0ef7841ed6a6731337ba43a
aarch64
grafana-7.5.11-4.el8_6.aarch64.rpm SHA-256: b9976456d6567f3c8148fc45edc93c1c88084e4cbfb8e4be9bd2ebbd8a7f3f0f
grafana-debuginfo-7.5.11-4.el8_6.aarch64.rpm SHA-256: da515fa98ba3950cfebe50e2b126a39b1763a36442a3d09ee8a260e0afa17fe5

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM
grafana-7.5.11-4.el8_6.src.rpm SHA-256: 9063f89bd039f8f91546f8b562e4c13488a1bf2af0ef7841ed6a6731337ba43a
ppc64le
grafana-7.5.11-4.el8_6.ppc64le.rpm SHA-256: f414893ebb3e50b4dec156752cc8cfe7c675d6c61995eb4b1bc302def63886d6
grafana-debuginfo-7.5.11-4.el8_6.ppc64le.rpm SHA-256: 52318c97ba169109dad1aae092de76936d802e553f080ad49a9ed4dd5192f426

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM
grafana-7.5.11-4.el8_6.src.rpm SHA-256: 9063f89bd039f8f91546f8b562e4c13488a1bf2af0ef7841ed6a6731337ba43a
x86_64
grafana-7.5.11-4.el8_6.x86_64.rpm SHA-256: 86dd4193abd26a6ace33de721c3a4c2789c8c3c0d88180273d15f9b2b5039f57
grafana-debuginfo-7.5.11-4.el8_6.x86_64.rpm SHA-256: 3aa53e7e6a3b34c9ae9583a0536b80aa56f6cbfbe9d5e9f3ffb36ddcb6afae99

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.