Issued:: 2024-11-12
Updated:: 2024-11-12

RHSA-2024:9473 - Security Advisory

Overview
Updated Packages

Synopsis

Important: grafana security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grafana is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)
dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 9 x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6 x86_64
Red Hat Enterprise Linux Server - AUS 9.6 x86_64
Red Hat Enterprise Linux for IBM z Systems 9 s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6 s390x
Red Hat Enterprise Linux for Power, little endian 9 ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6 ppc64le
Red Hat Enterprise Linux for ARM 64 9 aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6 s390x

Fixes

BZ - 2310528 - CVE-2024-34156 encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion
BZ - 2318052 - CVE-2024-47875 dompurify: nesting-based mutation XSS vulnerability

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 9

SRPM
grafana-10.2.6-7.el9_5.src.rpm	SHA-256: 89eba1d52938306c1ce428f1816dc70d6d98b250586d892990033eaf120cc6ed
x86_64
grafana-10.2.6-7.el9_5.x86_64.rpm	SHA-256: c6731f93cd5308b7b5b1cfba5dfe93514adc57195a5aa8d28b86548604e949a6
grafana-debuginfo-10.2.6-7.el9_5.x86_64.rpm	SHA-256: b239be876fcd2c4bacc80b6b3e67b654093d062a0f7fc4cf734efb8dbdacafad
grafana-debugsource-10.2.6-7.el9_5.x86_64.rpm	SHA-256: 5ac911ddb02c57ee1501424889c46a95801ddd81fae1d8bdaae86c3ce3e72560
grafana-selinux-10.2.6-7.el9_5.x86_64.rpm	SHA-256: f3e1108235eebc228ca2c078f80e43f58d7a5f908e52397b7f794e84016d7b3a

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.6

SRPM
grafana-10.2.6-7.el9_5.src.rpm	SHA-256: 89eba1d52938306c1ce428f1816dc70d6d98b250586d892990033eaf120cc6ed
x86_64
grafana-10.2.6-7.el9_5.x86_64.rpm	SHA-256: c6731f93cd5308b7b5b1cfba5dfe93514adc57195a5aa8d28b86548604e949a6
grafana-debuginfo-10.2.6-7.el9_5.x86_64.rpm	SHA-256: b239be876fcd2c4bacc80b6b3e67b654093d062a0f7fc4cf734efb8dbdacafad
grafana-debugsource-10.2.6-7.el9_5.x86_64.rpm	SHA-256: 5ac911ddb02c57ee1501424889c46a95801ddd81fae1d8bdaae86c3ce3e72560
grafana-selinux-10.2.6-7.el9_5.x86_64.rpm	SHA-256: f3e1108235eebc228ca2c078f80e43f58d7a5f908e52397b7f794e84016d7b3a

Red Hat Enterprise Linux Server - AUS 9.6

SRPM
grafana-10.2.6-7.el9_5.src.rpm	SHA-256: 89eba1d52938306c1ce428f1816dc70d6d98b250586d892990033eaf120cc6ed
x86_64
grafana-10.2.6-7.el9_5.x86_64.rpm	SHA-256: c6731f93cd5308b7b5b1cfba5dfe93514adc57195a5aa8d28b86548604e949a6
grafana-debuginfo-10.2.6-7.el9_5.x86_64.rpm	SHA-256: b239be876fcd2c4bacc80b6b3e67b654093d062a0f7fc4cf734efb8dbdacafad
grafana-debugsource-10.2.6-7.el9_5.x86_64.rpm	SHA-256: 5ac911ddb02c57ee1501424889c46a95801ddd81fae1d8bdaae86c3ce3e72560
grafana-selinux-10.2.6-7.el9_5.x86_64.rpm	SHA-256: f3e1108235eebc228ca2c078f80e43f58d7a5f908e52397b7f794e84016d7b3a

Red Hat Enterprise Linux for IBM z Systems 9

SRPM
grafana-10.2.6-7.el9_5.src.rpm	SHA-256: 89eba1d52938306c1ce428f1816dc70d6d98b250586d892990033eaf120cc6ed
s390x
grafana-10.2.6-7.el9_5.s390x.rpm	SHA-256: 7530f6b82a185653141fb07352c748b9c37050a0d6d6f9781150cbf739ae5b31
grafana-debuginfo-10.2.6-7.el9_5.s390x.rpm	SHA-256: 4d1a1e7e4ca9fab7cab7efb3d443a5428db33f481d83237303e731aa5ba4e43c
grafana-debugsource-10.2.6-7.el9_5.s390x.rpm	SHA-256: 704c61a80afb3066e7c772d6d96b20076d3605eba244bc3c26c74e1b27c97c67
grafana-selinux-10.2.6-7.el9_5.s390x.rpm	SHA-256: f42646664f15094aa15294ce638975ece61a63aff75cc3f7ce8994745b7326e8

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.6

SRPM
grafana-10.2.6-7.el9_5.src.rpm	SHA-256: 89eba1d52938306c1ce428f1816dc70d6d98b250586d892990033eaf120cc6ed
s390x
grafana-10.2.6-7.el9_5.s390x.rpm	SHA-256: 7530f6b82a185653141fb07352c748b9c37050a0d6d6f9781150cbf739ae5b31
grafana-debuginfo-10.2.6-7.el9_5.s390x.rpm	SHA-256: 4d1a1e7e4ca9fab7cab7efb3d443a5428db33f481d83237303e731aa5ba4e43c
grafana-debugsource-10.2.6-7.el9_5.s390x.rpm	SHA-256: 704c61a80afb3066e7c772d6d96b20076d3605eba244bc3c26c74e1b27c97c67
grafana-selinux-10.2.6-7.el9_5.s390x.rpm	SHA-256: f42646664f15094aa15294ce638975ece61a63aff75cc3f7ce8994745b7326e8

Red Hat Enterprise Linux for Power, little endian 9

SRPM
grafana-10.2.6-7.el9_5.src.rpm	SHA-256: 89eba1d52938306c1ce428f1816dc70d6d98b250586d892990033eaf120cc6ed
ppc64le
grafana-10.2.6-7.el9_5.ppc64le.rpm	SHA-256: 4848f3ebe7889e639f605353db59b2143a16ce2e928ddf292d43eddfc03c4140
grafana-debuginfo-10.2.6-7.el9_5.ppc64le.rpm	SHA-256: d0e2eca68dabc8be44fb47fce7853609b84cf378bef45f755be40ca9ce948c3a
grafana-debugsource-10.2.6-7.el9_5.ppc64le.rpm	SHA-256: d07730f734ed41523886435d7f502cda9e9e2d835590344ad9b0fb93aa18bc8b
grafana-selinux-10.2.6-7.el9_5.ppc64le.rpm	SHA-256: 928aa64ea67d390ced0135572a88ad2969602542e75188fa2ba5fc34a3b2885d

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.6

SRPM
grafana-10.2.6-7.el9_5.src.rpm	SHA-256: 89eba1d52938306c1ce428f1816dc70d6d98b250586d892990033eaf120cc6ed
ppc64le
grafana-10.2.6-7.el9_5.ppc64le.rpm	SHA-256: 4848f3ebe7889e639f605353db59b2143a16ce2e928ddf292d43eddfc03c4140
grafana-debuginfo-10.2.6-7.el9_5.ppc64le.rpm	SHA-256: d0e2eca68dabc8be44fb47fce7853609b84cf378bef45f755be40ca9ce948c3a
grafana-debugsource-10.2.6-7.el9_5.ppc64le.rpm	SHA-256: d07730f734ed41523886435d7f502cda9e9e2d835590344ad9b0fb93aa18bc8b
grafana-selinux-10.2.6-7.el9_5.ppc64le.rpm	SHA-256: 928aa64ea67d390ced0135572a88ad2969602542e75188fa2ba5fc34a3b2885d

Red Hat Enterprise Linux for ARM 64 9

SRPM
grafana-10.2.6-7.el9_5.src.rpm	SHA-256: 89eba1d52938306c1ce428f1816dc70d6d98b250586d892990033eaf120cc6ed
aarch64
grafana-10.2.6-7.el9_5.aarch64.rpm	SHA-256: 4a06834c92eb83376235b7252c347fe1d048049d5585292e4aacc56f39feac25
grafana-debuginfo-10.2.6-7.el9_5.aarch64.rpm	SHA-256: 880da64caf2a4db4ab4470613a7fb34ae41cd2f599a451e7f6dd8c4f610d4345
grafana-debugsource-10.2.6-7.el9_5.aarch64.rpm	SHA-256: 0160421be2c5e1b926b8ed420bbd8efec6f44beece96917b7a61117710639e93
grafana-selinux-10.2.6-7.el9_5.aarch64.rpm	SHA-256: cecb556550e13d5de4d8199babde118c810e9dfbed20027fbcdadfffdd80994b

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.6

SRPM
grafana-10.2.6-7.el9_5.src.rpm	SHA-256: 89eba1d52938306c1ce428f1816dc70d6d98b250586d892990033eaf120cc6ed
aarch64
grafana-10.2.6-7.el9_5.aarch64.rpm	SHA-256: 4a06834c92eb83376235b7252c347fe1d048049d5585292e4aacc56f39feac25
grafana-debuginfo-10.2.6-7.el9_5.aarch64.rpm	SHA-256: 880da64caf2a4db4ab4470613a7fb34ae41cd2f599a451e7f6dd8c4f610d4345
grafana-debugsource-10.2.6-7.el9_5.aarch64.rpm	SHA-256: 0160421be2c5e1b926b8ed420bbd8efec6f44beece96917b7a61117710639e93
grafana-selinux-10.2.6-7.el9_5.aarch64.rpm	SHA-256: cecb556550e13d5de4d8199babde118c810e9dfbed20027fbcdadfffdd80994b

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.6

SRPM
grafana-10.2.6-7.el9_5.src.rpm	SHA-256: 89eba1d52938306c1ce428f1816dc70d6d98b250586d892990033eaf120cc6ed
ppc64le
grafana-10.2.6-7.el9_5.ppc64le.rpm	SHA-256: 4848f3ebe7889e639f605353db59b2143a16ce2e928ddf292d43eddfc03c4140
grafana-debuginfo-10.2.6-7.el9_5.ppc64le.rpm	SHA-256: d0e2eca68dabc8be44fb47fce7853609b84cf378bef45f755be40ca9ce948c3a
grafana-debugsource-10.2.6-7.el9_5.ppc64le.rpm	SHA-256: d07730f734ed41523886435d7f502cda9e9e2d835590344ad9b0fb93aa18bc8b
grafana-selinux-10.2.6-7.el9_5.ppc64le.rpm	SHA-256: 928aa64ea67d390ced0135572a88ad2969602542e75188fa2ba5fc34a3b2885d

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.6

SRPM
grafana-10.2.6-7.el9_5.src.rpm	SHA-256: 89eba1d52938306c1ce428f1816dc70d6d98b250586d892990033eaf120cc6ed
x86_64
grafana-10.2.6-7.el9_5.x86_64.rpm	SHA-256: c6731f93cd5308b7b5b1cfba5dfe93514adc57195a5aa8d28b86548604e949a6
grafana-debuginfo-10.2.6-7.el9_5.x86_64.rpm	SHA-256: b239be876fcd2c4bacc80b6b3e67b654093d062a0f7fc4cf734efb8dbdacafad
grafana-debugsource-10.2.6-7.el9_5.x86_64.rpm	SHA-256: 5ac911ddb02c57ee1501424889c46a95801ddd81fae1d8bdaae86c3ce3e72560
grafana-selinux-10.2.6-7.el9_5.x86_64.rpm	SHA-256: f3e1108235eebc228ca2c078f80e43f58d7a5f908e52397b7f794e84016d7b3a

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.6

SRPM
grafana-10.2.6-7.el9_5.src.rpm	SHA-256: 89eba1d52938306c1ce428f1816dc70d6d98b250586d892990033eaf120cc6ed
aarch64
grafana-10.2.6-7.el9_5.aarch64.rpm	SHA-256: 4a06834c92eb83376235b7252c347fe1d048049d5585292e4aacc56f39feac25
grafana-debuginfo-10.2.6-7.el9_5.aarch64.rpm	SHA-256: 880da64caf2a4db4ab4470613a7fb34ae41cd2f599a451e7f6dd8c4f610d4345
grafana-debugsource-10.2.6-7.el9_5.aarch64.rpm	SHA-256: 0160421be2c5e1b926b8ed420bbd8efec6f44beece96917b7a61117710639e93
grafana-selinux-10.2.6-7.el9_5.aarch64.rpm	SHA-256: cecb556550e13d5de4d8199babde118c810e9dfbed20027fbcdadfffdd80994b

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.6

SRPM
grafana-10.2.6-7.el9_5.src.rpm	SHA-256: 89eba1d52938306c1ce428f1816dc70d6d98b250586d892990033eaf120cc6ed
s390x
grafana-10.2.6-7.el9_5.s390x.rpm	SHA-256: 7530f6b82a185653141fb07352c748b9c37050a0d6d6f9781150cbf739ae5b31
grafana-debuginfo-10.2.6-7.el9_5.s390x.rpm	SHA-256: 4d1a1e7e4ca9fab7cab7efb3d443a5428db33f481d83237303e731aa5ba4e43c
grafana-debugsource-10.2.6-7.el9_5.s390x.rpm	SHA-256: 704c61a80afb3066e7c772d6d96b20076d3605eba244bc3c26c74e1b27c97c67
grafana-selinux-10.2.6-7.el9_5.s390x.rpm	SHA-256: f42646664f15094aa15294ce638975ece61a63aff75cc3f7ce8994745b7326e8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation