Errata des produits Red Hat RHSA-2023:6972 - Security Advisory
Publié :
2023-11-14
Mis à jour :
2023-11-14

RHSA-2023:6972 - Security Advisory

Synopsis

Moderate: grafana security and enhancement update

Type / Sévérité

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identifiez et remédiez aux systèmes concernés par cette alerte.

Voir les systèmes concernés

Sujet

An update for grafana is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

  • grafana: account takeover possible when using Azure AD OAuth (CVE-2023-3128)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes linked from the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Produits concernés

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10 s390x

Correctifs

  • BZ - 2193250 - Rebase to Grafana v9.2 in RHEL 8.9
  • BZ - 2213626 - CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth
  • BZ - 2224606 - grafana user is missing home directory in /etc/passwd

Red Hat Enterprise Linux for x86_64 8

SRPM
grafana-9.2.10-7.el8_9.src.rpm SHA-256: 08c6a326f97d0c1e88f7dd234e358badc1577313483d486fa57a80d6db47d0fa
x86_64
grafana-9.2.10-7.el8_9.x86_64.rpm SHA-256: 3862777dd9b3d950778e58c78346c404a8aa0294d4f1c39eea72b0838af6f85a
grafana-debuginfo-9.2.10-7.el8_9.x86_64.rpm SHA-256: b9071afc3e796f21770960aa8100f1f069c194c67a6901a76789ba2eafed4528
grafana-debugsource-9.2.10-7.el8_9.x86_64.rpm SHA-256: 96ed4863a4b748220a35f66029faf601877c0ec52d0182d32f58cc23c4a43350

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
grafana-9.2.10-7.el8_9.src.rpm SHA-256: 08c6a326f97d0c1e88f7dd234e358badc1577313483d486fa57a80d6db47d0fa
s390x
grafana-9.2.10-7.el8_9.s390x.rpm SHA-256: d70f1bd5492c541ae1bc8b6d20c45ca88d10dafa821e1b002b0afd5087b56fe3
grafana-debuginfo-9.2.10-7.el8_9.s390x.rpm SHA-256: 534d62cda97a9bdba0a742789ed6da1fb4b432119db55a2f29efa628f4b4228e
grafana-debugsource-9.2.10-7.el8_9.s390x.rpm SHA-256: 05bc814f3d198b9bb7425e0c3811402a8196fbc34945ee0f49ed5f35dfd23c80

Red Hat Enterprise Linux for Power, little endian 8

SRPM
grafana-9.2.10-7.el8_9.src.rpm SHA-256: 08c6a326f97d0c1e88f7dd234e358badc1577313483d486fa57a80d6db47d0fa
ppc64le
grafana-9.2.10-7.el8_9.ppc64le.rpm SHA-256: 2f164249cf767d80564cb3b54e14ce184adfe4767b199d9497f84577f01b83e1
grafana-debuginfo-9.2.10-7.el8_9.ppc64le.rpm SHA-256: 2f3a9e99a97cf56534dd67e0e5a5edb6c236ba3337e9f2c086f708c86f281713
grafana-debugsource-9.2.10-7.el8_9.ppc64le.rpm SHA-256: f68a042986edbeb475c85a27204b45eef84654a7fa28d25466f2e79af3facca5

Red Hat Enterprise Linux for ARM 64 8

SRPM
grafana-9.2.10-7.el8_9.src.rpm SHA-256: 08c6a326f97d0c1e88f7dd234e358badc1577313483d486fa57a80d6db47d0fa
aarch64
grafana-9.2.10-7.el8_9.aarch64.rpm SHA-256: 41975afcda420bbe6f2d87383052f7d78d3dc48931b4b43323d0ba67ae99e419
grafana-debuginfo-9.2.10-7.el8_9.aarch64.rpm SHA-256: ace8e9f2309cc887130dd63280bb16db0c0bfa6ef5b0f7eb609f9216bad76b78
grafana-debugsource-9.2.10-7.el8_9.aarch64.rpm SHA-256: 738a3525858146a033712e4858546dd78c4a7973e3bf3fd7ba052bd9386c344d

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 8.10

SRPM
grafana-9.2.10-7.el8_9.src.rpm SHA-256: 08c6a326f97d0c1e88f7dd234e358badc1577313483d486fa57a80d6db47d0fa
x86_64
grafana-9.2.10-7.el8_9.x86_64.rpm SHA-256: 3862777dd9b3d950778e58c78346c404a8aa0294d4f1c39eea72b0838af6f85a
grafana-debuginfo-9.2.10-7.el8_9.x86_64.rpm SHA-256: b9071afc3e796f21770960aa8100f1f069c194c67a6901a76789ba2eafed4528
grafana-debugsource-9.2.10-7.el8_9.x86_64.rpm SHA-256: 96ed4863a4b748220a35f66029faf601877c0ec52d0182d32f58cc23c4a43350

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 8.10

SRPM
grafana-9.2.10-7.el8_9.src.rpm SHA-256: 08c6a326f97d0c1e88f7dd234e358badc1577313483d486fa57a80d6db47d0fa
aarch64
grafana-9.2.10-7.el8_9.aarch64.rpm SHA-256: 41975afcda420bbe6f2d87383052f7d78d3dc48931b4b43323d0ba67ae99e419
grafana-debuginfo-9.2.10-7.el8_9.aarch64.rpm SHA-256: ace8e9f2309cc887130dd63280bb16db0c0bfa6ef5b0f7eb609f9216bad76b78
grafana-debugsource-9.2.10-7.el8_9.aarch64.rpm SHA-256: 738a3525858146a033712e4858546dd78c4a7973e3bf3fd7ba052bd9386c344d

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 8.10

SRPM
grafana-9.2.10-7.el8_9.src.rpm SHA-256: 08c6a326f97d0c1e88f7dd234e358badc1577313483d486fa57a80d6db47d0fa
ppc64le
grafana-9.2.10-7.el8_9.ppc64le.rpm SHA-256: 2f164249cf767d80564cb3b54e14ce184adfe4767b199d9497f84577f01b83e1
grafana-debuginfo-9.2.10-7.el8_9.ppc64le.rpm SHA-256: 2f3a9e99a97cf56534dd67e0e5a5edb6c236ba3337e9f2c086f708c86f281713
grafana-debugsource-9.2.10-7.el8_9.ppc64le.rpm SHA-256: f68a042986edbeb475c85a27204b45eef84654a7fa28d25466f2e79af3facca5

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 8.10

SRPM
grafana-9.2.10-7.el8_9.src.rpm SHA-256: 08c6a326f97d0c1e88f7dd234e358badc1577313483d486fa57a80d6db47d0fa
s390x
grafana-9.2.10-7.el8_9.s390x.rpm SHA-256: d70f1bd5492c541ae1bc8b6d20c45ca88d10dafa821e1b002b0afd5087b56fe3
grafana-debuginfo-9.2.10-7.el8_9.s390x.rpm SHA-256: 534d62cda97a9bdba0a742789ed6da1fb4b432119db55a2f29efa628f4b4228e
grafana-debugsource-9.2.10-7.el8_9.s390x.rpm SHA-256: 05bc814f3d198b9bb7425e0c3811402a8196fbc34945ee0f49ed5f35dfd23c80

Le contact Red Hat Security est secalert@redhat.com. Plus d'infos contact à https://access.redhat.com/security/team/contact/.