Red Hat Product Errata RHSA-2025:23746 - Security Advisory
Issued:
2025-12-22
Updated:
2025-12-22

RHSA-2025:23746 - Security Advisory

Synopsis

Moderate: grafana security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grafana is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

  • golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

  • BZ - 2407258 - CVE-2025-58183 golang: archive/tar: Unbounded allocation when parsing GNU sparse map

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
grafana-9.2.10-24.el9_4.src.rpm SHA-256: df67d4869a9a76f831d70359b8ec143692eac7096cd10fca79a89382804c0aac
x86_64
grafana-9.2.10-24.el9_4.x86_64.rpm SHA-256: 52d046b61a297eac635402431bd9b1d578423ff08dbd349928e2ba8994cebc00
grafana-debuginfo-9.2.10-24.el9_4.x86_64.rpm SHA-256: 04f43d1eaa1716d511090857b9cc8e27fdc1fcee7747c5b08cab079a6f1c128a
grafana-debugsource-9.2.10-24.el9_4.x86_64.rpm SHA-256: e143fd8ecffefe1ba2f09fe8f3507da20bb469b155a7d296bbaed454471cf01c
grafana-selinux-9.2.10-24.el9_4.x86_64.rpm SHA-256: 937a439451f6518ffbb20a65cac5b2573fc6b90c2fabc3ddd3b7b28c58018201

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
grafana-9.2.10-24.el9_4.src.rpm SHA-256: df67d4869a9a76f831d70359b8ec143692eac7096cd10fca79a89382804c0aac
x86_64
grafana-9.2.10-24.el9_4.x86_64.rpm SHA-256: 52d046b61a297eac635402431bd9b1d578423ff08dbd349928e2ba8994cebc00
grafana-debuginfo-9.2.10-24.el9_4.x86_64.rpm SHA-256: 04f43d1eaa1716d511090857b9cc8e27fdc1fcee7747c5b08cab079a6f1c128a
grafana-debugsource-9.2.10-24.el9_4.x86_64.rpm SHA-256: e143fd8ecffefe1ba2f09fe8f3507da20bb469b155a7d296bbaed454471cf01c
grafana-selinux-9.2.10-24.el9_4.x86_64.rpm SHA-256: 937a439451f6518ffbb20a65cac5b2573fc6b90c2fabc3ddd3b7b28c58018201

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
grafana-9.2.10-24.el9_4.src.rpm SHA-256: df67d4869a9a76f831d70359b8ec143692eac7096cd10fca79a89382804c0aac
s390x
grafana-9.2.10-24.el9_4.s390x.rpm SHA-256: b83c96b30a6862ca12fdb97f6f8078a1306b77c46fdbf86ebb6c24a7b288588a
grafana-debuginfo-9.2.10-24.el9_4.s390x.rpm SHA-256: 52c36199ba2ea67411f0594a261f5ad0e1ba62b6315c202906335b6dc095947f
grafana-debugsource-9.2.10-24.el9_4.s390x.rpm SHA-256: cbf74151e9299f18816c649c047992645221eeb25dfbefe5a79d4eb0b4ca7c4e
grafana-selinux-9.2.10-24.el9_4.s390x.rpm SHA-256: 5fff24034db84928cbff90cabab44bf51b55e9f0eaf851f5754c873df9322a5b

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
grafana-9.2.10-24.el9_4.src.rpm SHA-256: df67d4869a9a76f831d70359b8ec143692eac7096cd10fca79a89382804c0aac
ppc64le
grafana-9.2.10-24.el9_4.ppc64le.rpm SHA-256: 8bd049eb75abb95a74b6aea42ac2ebfaae63b4d5e096c065cdec9cdcdce53425
grafana-debuginfo-9.2.10-24.el9_4.ppc64le.rpm SHA-256: b2824d277f0fbb6fec68601b0ab5bb07f19a940592b9932b49199fdde95d41ed
grafana-debugsource-9.2.10-24.el9_4.ppc64le.rpm SHA-256: a4db8972f9c4a191099a518a0b403340908b27a168e4457aafe6a66022de0759
grafana-selinux-9.2.10-24.el9_4.ppc64le.rpm SHA-256: 5db7d5240ac713bcce7424761a063405714b71ecfd217927d554af417be8df3a

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
grafana-9.2.10-24.el9_4.src.rpm SHA-256: df67d4869a9a76f831d70359b8ec143692eac7096cd10fca79a89382804c0aac
aarch64
grafana-9.2.10-24.el9_4.aarch64.rpm SHA-256: 07294ca35e92be1766d6a7d522bffeca38a631b927c61aea01877026292f22ec
grafana-debuginfo-9.2.10-24.el9_4.aarch64.rpm SHA-256: 22531c7fda4feda7b182b896239835b7d2112407a0115aa30cbd43667a4d9c3c
grafana-debugsource-9.2.10-24.el9_4.aarch64.rpm SHA-256: 8889b23510853920bf8878bdfbccaa7b309c42bcdcfb45152928039153fb7d35
grafana-selinux-9.2.10-24.el9_4.aarch64.rpm SHA-256: c7e2767b95b79bb0bb329f92e1f8a87fe69934dc9e98a4405ea4d5ddb56a5360

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
grafana-9.2.10-24.el9_4.src.rpm SHA-256: df67d4869a9a76f831d70359b8ec143692eac7096cd10fca79a89382804c0aac
ppc64le
grafana-9.2.10-24.el9_4.ppc64le.rpm SHA-256: 8bd049eb75abb95a74b6aea42ac2ebfaae63b4d5e096c065cdec9cdcdce53425
grafana-debuginfo-9.2.10-24.el9_4.ppc64le.rpm SHA-256: b2824d277f0fbb6fec68601b0ab5bb07f19a940592b9932b49199fdde95d41ed
grafana-debugsource-9.2.10-24.el9_4.ppc64le.rpm SHA-256: a4db8972f9c4a191099a518a0b403340908b27a168e4457aafe6a66022de0759
grafana-selinux-9.2.10-24.el9_4.ppc64le.rpm SHA-256: 5db7d5240ac713bcce7424761a063405714b71ecfd217927d554af417be8df3a

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
grafana-9.2.10-24.el9_4.src.rpm SHA-256: df67d4869a9a76f831d70359b8ec143692eac7096cd10fca79a89382804c0aac
x86_64
grafana-9.2.10-24.el9_4.x86_64.rpm SHA-256: 52d046b61a297eac635402431bd9b1d578423ff08dbd349928e2ba8994cebc00
grafana-debuginfo-9.2.10-24.el9_4.x86_64.rpm SHA-256: 04f43d1eaa1716d511090857b9cc8e27fdc1fcee7747c5b08cab079a6f1c128a
grafana-debugsource-9.2.10-24.el9_4.x86_64.rpm SHA-256: e143fd8ecffefe1ba2f09fe8f3507da20bb469b155a7d296bbaed454471cf01c
grafana-selinux-9.2.10-24.el9_4.x86_64.rpm SHA-256: 937a439451f6518ffbb20a65cac5b2573fc6b90c2fabc3ddd3b7b28c58018201

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
grafana-9.2.10-24.el9_4.src.rpm SHA-256: df67d4869a9a76f831d70359b8ec143692eac7096cd10fca79a89382804c0aac
aarch64
grafana-9.2.10-24.el9_4.aarch64.rpm SHA-256: 07294ca35e92be1766d6a7d522bffeca38a631b927c61aea01877026292f22ec
grafana-debuginfo-9.2.10-24.el9_4.aarch64.rpm SHA-256: 22531c7fda4feda7b182b896239835b7d2112407a0115aa30cbd43667a4d9c3c
grafana-debugsource-9.2.10-24.el9_4.aarch64.rpm SHA-256: 8889b23510853920bf8878bdfbccaa7b309c42bcdcfb45152928039153fb7d35
grafana-selinux-9.2.10-24.el9_4.aarch64.rpm SHA-256: c7e2767b95b79bb0bb329f92e1f8a87fe69934dc9e98a4405ea4d5ddb56a5360

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
grafana-9.2.10-24.el9_4.src.rpm SHA-256: df67d4869a9a76f831d70359b8ec143692eac7096cd10fca79a89382804c0aac
s390x
grafana-9.2.10-24.el9_4.s390x.rpm SHA-256: b83c96b30a6862ca12fdb97f6f8078a1306b77c46fdbf86ebb6c24a7b288588a
grafana-debuginfo-9.2.10-24.el9_4.s390x.rpm SHA-256: 52c36199ba2ea67411f0594a261f5ad0e1ba62b6315c202906335b6dc095947f
grafana-debugsource-9.2.10-24.el9_4.s390x.rpm SHA-256: cbf74151e9299f18816c649c047992645221eeb25dfbefe5a79d4eb0b4ca7c4e
grafana-selinux-9.2.10-24.el9_4.s390x.rpm SHA-256: 5fff24034db84928cbff90cabab44bf51b55e9f0eaf851f5754c873df9322a5b

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.