Issued:: 2024-09-23
Updated:: 2024-09-23

RHSA-2024:6946 - Security Advisory

Overview
Updated Packages

Synopsis

Important: grafana-pcp security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

Security Fix(es):

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
Red Hat Enterprise Linux Server - AUS 9.4 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

BZ - 2310528 - CVE-2024-34156 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion

CVEs

CVE-2024-34156

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
grafana-pcp-5.1.1-3.el9_4.src.rpm	SHA-256: 2455cde19ba7f2ae602ade37f9f2870cd74883dd934174b275509eaa18564b52
x86_64
grafana-pcp-5.1.1-3.el9_4.x86_64.rpm	SHA-256: cb50b3d6ceacad8cd2da5c08fbc0c732075c9f62860c7065d7472560dd4f1729
grafana-pcp-debuginfo-5.1.1-3.el9_4.x86_64.rpm	SHA-256: d81c692fb201c0859976e28050fe8ae4f88165936573b17f7c670082a44445fd
grafana-pcp-debugsource-5.1.1-3.el9_4.x86_64.rpm	SHA-256: f5ba0f2ad81cbeaae825e440c636c0dda972c5df3852fd0ab4d078ea741411b3

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
grafana-pcp-5.1.1-3.el9_4.src.rpm	SHA-256: 2455cde19ba7f2ae602ade37f9f2870cd74883dd934174b275509eaa18564b52
x86_64
grafana-pcp-5.1.1-3.el9_4.x86_64.rpm	SHA-256: cb50b3d6ceacad8cd2da5c08fbc0c732075c9f62860c7065d7472560dd4f1729
grafana-pcp-debuginfo-5.1.1-3.el9_4.x86_64.rpm	SHA-256: d81c692fb201c0859976e28050fe8ae4f88165936573b17f7c670082a44445fd
grafana-pcp-debugsource-5.1.1-3.el9_4.x86_64.rpm	SHA-256: f5ba0f2ad81cbeaae825e440c636c0dda972c5df3852fd0ab4d078ea741411b3

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
grafana-pcp-5.1.1-3.el9_4.src.rpm	SHA-256: 2455cde19ba7f2ae602ade37f9f2870cd74883dd934174b275509eaa18564b52
x86_64
grafana-pcp-5.1.1-3.el9_4.x86_64.rpm	SHA-256: cb50b3d6ceacad8cd2da5c08fbc0c732075c9f62860c7065d7472560dd4f1729
grafana-pcp-debuginfo-5.1.1-3.el9_4.x86_64.rpm	SHA-256: d81c692fb201c0859976e28050fe8ae4f88165936573b17f7c670082a44445fd
grafana-pcp-debugsource-5.1.1-3.el9_4.x86_64.rpm	SHA-256: f5ba0f2ad81cbeaae825e440c636c0dda972c5df3852fd0ab4d078ea741411b3

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
grafana-pcp-5.1.1-3.el9_4.src.rpm	SHA-256: 2455cde19ba7f2ae602ade37f9f2870cd74883dd934174b275509eaa18564b52
s390x
grafana-pcp-5.1.1-3.el9_4.s390x.rpm	SHA-256: 3525c0fa3a363802035eef34e7bf2554b3758fd8cfeca73a899f3f73d0a466dd
grafana-pcp-debuginfo-5.1.1-3.el9_4.s390x.rpm	SHA-256: b048d4bc0eab3c18f0316083e67a8c3ec5751541d42cf2ca428ed61f6a253048
grafana-pcp-debugsource-5.1.1-3.el9_4.s390x.rpm	SHA-256: a23cf578bf12f1b158f091d7dc9d98fe073576483299b6ec781778af8510c721

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
grafana-pcp-5.1.1-3.el9_4.src.rpm	SHA-256: 2455cde19ba7f2ae602ade37f9f2870cd74883dd934174b275509eaa18564b52
s390x
grafana-pcp-5.1.1-3.el9_4.s390x.rpm	SHA-256: 3525c0fa3a363802035eef34e7bf2554b3758fd8cfeca73a899f3f73d0a466dd
grafana-pcp-debuginfo-5.1.1-3.el9_4.s390x.rpm	SHA-256: b048d4bc0eab3c18f0316083e67a8c3ec5751541d42cf2ca428ed61f6a253048
grafana-pcp-debugsource-5.1.1-3.el9_4.s390x.rpm	SHA-256: a23cf578bf12f1b158f091d7dc9d98fe073576483299b6ec781778af8510c721

Red Hat Enterprise Linux for Power, little endian 9

SRPM
grafana-pcp-5.1.1-3.el9_4.src.rpm	SHA-256: 2455cde19ba7f2ae602ade37f9f2870cd74883dd934174b275509eaa18564b52
ppc64le
grafana-pcp-5.1.1-3.el9_4.ppc64le.rpm	SHA-256: 279bd0f65299223e14ab8aacd55041229d435443fdf559f482c1d00038fc4f00
grafana-pcp-debuginfo-5.1.1-3.el9_4.ppc64le.rpm	SHA-256: 8d569e93aa06dec996c22ad45352f733d8c07dd4981e13767e8094b10959f176
grafana-pcp-debugsource-5.1.1-3.el9_4.ppc64le.rpm	SHA-256: 474dd973041846b629032b2480ce7ed28a59b8d1f1044fea89983878d8047f03

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
grafana-pcp-5.1.1-3.el9_4.src.rpm	SHA-256: 2455cde19ba7f2ae602ade37f9f2870cd74883dd934174b275509eaa18564b52
ppc64le
grafana-pcp-5.1.1-3.el9_4.ppc64le.rpm	SHA-256: 279bd0f65299223e14ab8aacd55041229d435443fdf559f482c1d00038fc4f00
grafana-pcp-debuginfo-5.1.1-3.el9_4.ppc64le.rpm	SHA-256: 8d569e93aa06dec996c22ad45352f733d8c07dd4981e13767e8094b10959f176
grafana-pcp-debugsource-5.1.1-3.el9_4.ppc64le.rpm	SHA-256: 474dd973041846b629032b2480ce7ed28a59b8d1f1044fea89983878d8047f03

Red Hat Enterprise Linux for ARM 64 9

SRPM
grafana-pcp-5.1.1-3.el9_4.src.rpm	SHA-256: 2455cde19ba7f2ae602ade37f9f2870cd74883dd934174b275509eaa18564b52
aarch64
grafana-pcp-5.1.1-3.el9_4.aarch64.rpm	SHA-256: ebc73823e65ca92bc61d5c48d47262fe249d388bc587ed7e941765cf14c38eef
grafana-pcp-debuginfo-5.1.1-3.el9_4.aarch64.rpm	SHA-256: 8138a921fa83b98275051ab3b1e394444ebbee6442b801ad5e7f78580e50c121
grafana-pcp-debugsource-5.1.1-3.el9_4.aarch64.rpm	SHA-256: 0f36130cbafc717b20c35a01b2f8bb2ea1a4e22b5721b85d2b345172e118378c

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
grafana-pcp-5.1.1-3.el9_4.src.rpm	SHA-256: 2455cde19ba7f2ae602ade37f9f2870cd74883dd934174b275509eaa18564b52
aarch64
grafana-pcp-5.1.1-3.el9_4.aarch64.rpm	SHA-256: ebc73823e65ca92bc61d5c48d47262fe249d388bc587ed7e941765cf14c38eef
grafana-pcp-debuginfo-5.1.1-3.el9_4.aarch64.rpm	SHA-256: 8138a921fa83b98275051ab3b1e394444ebbee6442b801ad5e7f78580e50c121
grafana-pcp-debugsource-5.1.1-3.el9_4.aarch64.rpm	SHA-256: 0f36130cbafc717b20c35a01b2f8bb2ea1a4e22b5721b85d2b345172e118378c

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
grafana-pcp-5.1.1-3.el9_4.src.rpm	SHA-256: 2455cde19ba7f2ae602ade37f9f2870cd74883dd934174b275509eaa18564b52
ppc64le
grafana-pcp-5.1.1-3.el9_4.ppc64le.rpm	SHA-256: 279bd0f65299223e14ab8aacd55041229d435443fdf559f482c1d00038fc4f00
grafana-pcp-debuginfo-5.1.1-3.el9_4.ppc64le.rpm	SHA-256: 8d569e93aa06dec996c22ad45352f733d8c07dd4981e13767e8094b10959f176
grafana-pcp-debugsource-5.1.1-3.el9_4.ppc64le.rpm	SHA-256: 474dd973041846b629032b2480ce7ed28a59b8d1f1044fea89983878d8047f03

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
grafana-pcp-5.1.1-3.el9_4.src.rpm	SHA-256: 2455cde19ba7f2ae602ade37f9f2870cd74883dd934174b275509eaa18564b52
x86_64
grafana-pcp-5.1.1-3.el9_4.x86_64.rpm	SHA-256: cb50b3d6ceacad8cd2da5c08fbc0c732075c9f62860c7065d7472560dd4f1729
grafana-pcp-debuginfo-5.1.1-3.el9_4.x86_64.rpm	SHA-256: d81c692fb201c0859976e28050fe8ae4f88165936573b17f7c670082a44445fd
grafana-pcp-debugsource-5.1.1-3.el9_4.x86_64.rpm	SHA-256: f5ba0f2ad81cbeaae825e440c636c0dda972c5df3852fd0ab4d078ea741411b3

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
grafana-pcp-5.1.1-3.el9_4.src.rpm	SHA-256: 2455cde19ba7f2ae602ade37f9f2870cd74883dd934174b275509eaa18564b52
aarch64
grafana-pcp-5.1.1-3.el9_4.aarch64.rpm	SHA-256: ebc73823e65ca92bc61d5c48d47262fe249d388bc587ed7e941765cf14c38eef
grafana-pcp-debuginfo-5.1.1-3.el9_4.aarch64.rpm	SHA-256: 8138a921fa83b98275051ab3b1e394444ebbee6442b801ad5e7f78580e50c121
grafana-pcp-debugsource-5.1.1-3.el9_4.aarch64.rpm	SHA-256: 0f36130cbafc717b20c35a01b2f8bb2ea1a4e22b5721b85d2b345172e118378c

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
grafana-pcp-5.1.1-3.el9_4.src.rpm	SHA-256: 2455cde19ba7f2ae602ade37f9f2870cd74883dd934174b275509eaa18564b52
s390x
grafana-pcp-5.1.1-3.el9_4.s390x.rpm	SHA-256: 3525c0fa3a363802035eef34e7bf2554b3758fd8cfeca73a899f3f73d0a466dd
grafana-pcp-debuginfo-5.1.1-3.el9_4.s390x.rpm	SHA-256: b048d4bc0eab3c18f0316083e67a8c3ec5751541d42cf2ca428ed61f6a253048
grafana-pcp-debugsource-5.1.1-3.el9_4.s390x.rpm	SHA-256: a23cf578bf12f1b158f091d7dc9d98fe073576483299b6ec781778af8510c721

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation