Issued:: 2024-05-22
Updated:: 2024-05-22

RHSA-2024:3265 - Security Advisory

Overview
Updated Packages

Synopsis

Important: grafana security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grafana is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Grafana is an open source, feature rich metrics dashboard and graph editor for
Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads (CVE-2024-1394)
grafana: vulnerable to authorization bypass (CVE-2024-1313)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

BZ - 2262921 - CVE-2024-1394 golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads
BZ - 2271903 - CVE-2024-1313 grafana: vulnerable to authorization bypass

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
grafana-9.2.10-16.el8_10.src.rpm	SHA-256: fb0e40d56fd6d935c2727d8606d7641c967eba1aed6e64ad66d99a3ea1ed16d7
x86_64
grafana-9.2.10-16.el8_10.x86_64.rpm	SHA-256: 3787e32fdba6e8308582305f222a984a3c7390b45963ef2999cd2365d1c31184
grafana-debuginfo-9.2.10-16.el8_10.x86_64.rpm	SHA-256: cbc5f1843a1e27efefa98e88f6a20e0438cc6c8b86db5c0ba4fc3a078b2fb74f
grafana-debugsource-9.2.10-16.el8_10.x86_64.rpm	SHA-256: 03bf041145e4011cc4d25830c77ab28c3d7cd8e1010cedc6cc668049f9ad67d8
grafana-selinux-9.2.10-16.el8_10.x86_64.rpm	SHA-256: 5d6d96f6a8c7b6b4923de469907e59e16c10f3aa90c0e6c47918642a37ea1c51

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
grafana-9.2.10-16.el8_10.src.rpm	SHA-256: fb0e40d56fd6d935c2727d8606d7641c967eba1aed6e64ad66d99a3ea1ed16d7
s390x
grafana-9.2.10-16.el8_10.s390x.rpm	SHA-256: 67f5743d33ae2fbeff7d51e4fbae65f8cd3c05ff747ad53a687aeb59b9d7516b
grafana-debuginfo-9.2.10-16.el8_10.s390x.rpm	SHA-256: ce14c619c2873bd208627f6f144be2fa79f1eb17776169114c26d14cb167b378
grafana-debugsource-9.2.10-16.el8_10.s390x.rpm	SHA-256: 330a06b6b94be32c99687f07a8dc92f5916c49d6c4a5d4b58db047f87b224e6b
grafana-selinux-9.2.10-16.el8_10.s390x.rpm	SHA-256: a4d7812b0b5c09453fc1a6cdb4fc92f7ccec7e5fe329b910133d35f81a99bb69

Red Hat Enterprise Linux for Power, little endian 8

SRPM
grafana-9.2.10-16.el8_10.src.rpm	SHA-256: fb0e40d56fd6d935c2727d8606d7641c967eba1aed6e64ad66d99a3ea1ed16d7
ppc64le
grafana-9.2.10-16.el8_10.ppc64le.rpm	SHA-256: 093c6d35e0172ff4d019ede72b20c21d97408135e2a6eb0a262e2026cb5d8be7
grafana-debuginfo-9.2.10-16.el8_10.ppc64le.rpm	SHA-256: ac6720eb0331f079daa154aff96f65e7592597b373acfe22660f34afbc5c84a9
grafana-debugsource-9.2.10-16.el8_10.ppc64le.rpm	SHA-256: 76ea97423cd8ccadb99342b46486730c886dcf2a1f5a40d275d6e6b93eacd34f
grafana-selinux-9.2.10-16.el8_10.ppc64le.rpm	SHA-256: 3b616fe4b3e3ba69e5c06526b9c0090ab0ebfa1d4dfe511545d98d3725b438e9

Red Hat Enterprise Linux for ARM 64 8

SRPM
grafana-9.2.10-16.el8_10.src.rpm	SHA-256: fb0e40d56fd6d935c2727d8606d7641c967eba1aed6e64ad66d99a3ea1ed16d7
aarch64
grafana-9.2.10-16.el8_10.aarch64.rpm	SHA-256: 7a499f4525d3704dbf9ce1553768def5522ca4495bc0cf3e9dc5f98363a7392a
grafana-debuginfo-9.2.10-16.el8_10.aarch64.rpm	SHA-256: a90bb14e857a9b767caa62d9f98fb96b3384339048eaf8958739f32e07e55e6a
grafana-debugsource-9.2.10-16.el8_10.aarch64.rpm	SHA-256: 5c77a407dd35b5f12954d5761a4a65f638fd40bd0e10e1da60ee13b0aecd84b2
grafana-selinux-9.2.10-16.el8_10.aarch64.rpm	SHA-256: 2c2f8d5eaaebf2ec2658dfa00bafa653335af0fe917f90bbb7a6fd733124d255

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation