Red Hat Product Errata RHSA-2025:8666 - Security Advisory
Issued:
2025-06-09
Updated:
2025-06-09

RHSA-2025:8666 - Security Advisory

Synopsis

Moderate: grafana security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grafana is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

  • net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

  • BZ - 2358493 - CVE-2025-22871 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

Red Hat Enterprise Linux for x86_64 10

SRPM
grafana-10.2.6-18.el10_0.src.rpm SHA-256: 234f0f4db7934a89bbcd4264aae4777515319e873aba666fa70cfdc51aa12c44
x86_64
grafana-10.2.6-18.el10_0.x86_64.rpm SHA-256: 1a85686dec414040133c0a98bad1fb656cbdcb5c2d77721d18bd632c36e072c4
grafana-debuginfo-10.2.6-18.el10_0.x86_64.rpm SHA-256: 8ac73db4946279bcce46106f1fdf441303be2736fbc891a4665173a6feba0174
grafana-debugsource-10.2.6-18.el10_0.x86_64.rpm SHA-256: 486a028c22c4dd5f863f840451403334d89f2b4683be01d6739113dade338084
grafana-selinux-10.2.6-18.el10_0.x86_64.rpm SHA-256: b82a4d5c8923829c773079b68ed3bdc0eeb7eb1e5333309cbab1dc0e70cee83a

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
grafana-10.2.6-18.el10_0.src.rpm SHA-256: 234f0f4db7934a89bbcd4264aae4777515319e873aba666fa70cfdc51aa12c44
x86_64
grafana-10.2.6-18.el10_0.x86_64.rpm SHA-256: 1a85686dec414040133c0a98bad1fb656cbdcb5c2d77721d18bd632c36e072c4
grafana-debuginfo-10.2.6-18.el10_0.x86_64.rpm SHA-256: 8ac73db4946279bcce46106f1fdf441303be2736fbc891a4665173a6feba0174
grafana-debugsource-10.2.6-18.el10_0.x86_64.rpm SHA-256: 486a028c22c4dd5f863f840451403334d89f2b4683be01d6739113dade338084
grafana-selinux-10.2.6-18.el10_0.x86_64.rpm SHA-256: b82a4d5c8923829c773079b68ed3bdc0eeb7eb1e5333309cbab1dc0e70cee83a

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
grafana-10.2.6-18.el10_0.src.rpm SHA-256: 234f0f4db7934a89bbcd4264aae4777515319e873aba666fa70cfdc51aa12c44
s390x
grafana-10.2.6-18.el10_0.s390x.rpm SHA-256: 8b3f54734d5e243d8997eaedf760e313e1bf3c69556e3b492fd1e37e2c7d13aa
grafana-debuginfo-10.2.6-18.el10_0.s390x.rpm SHA-256: 8bd5dafd10162cc44df4767fe3ef718a7450922974d46b4d344db5a5d45a5896
grafana-debugsource-10.2.6-18.el10_0.s390x.rpm SHA-256: cf512e8396fb85f2845b7db6658d3e2dbba4b843c7d883250483a4b8322e0372
grafana-selinux-10.2.6-18.el10_0.s390x.rpm SHA-256: 6edf7949b41d3c4b87db057c61ddb7d7790e76e6e74c2bb3357bf071497d9dc3

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
grafana-10.2.6-18.el10_0.src.rpm SHA-256: 234f0f4db7934a89bbcd4264aae4777515319e873aba666fa70cfdc51aa12c44
s390x
grafana-10.2.6-18.el10_0.s390x.rpm SHA-256: 8b3f54734d5e243d8997eaedf760e313e1bf3c69556e3b492fd1e37e2c7d13aa
grafana-debuginfo-10.2.6-18.el10_0.s390x.rpm SHA-256: 8bd5dafd10162cc44df4767fe3ef718a7450922974d46b4d344db5a5d45a5896
grafana-debugsource-10.2.6-18.el10_0.s390x.rpm SHA-256: cf512e8396fb85f2845b7db6658d3e2dbba4b843c7d883250483a4b8322e0372
grafana-selinux-10.2.6-18.el10_0.s390x.rpm SHA-256: 6edf7949b41d3c4b87db057c61ddb7d7790e76e6e74c2bb3357bf071497d9dc3

Red Hat Enterprise Linux for Power, little endian 10

SRPM
grafana-10.2.6-18.el10_0.src.rpm SHA-256: 234f0f4db7934a89bbcd4264aae4777515319e873aba666fa70cfdc51aa12c44
ppc64le
grafana-10.2.6-18.el10_0.ppc64le.rpm SHA-256: de14d2b9d3514c7f5559c11d6f6bcdcbd26ad38f94f4f8a224c4702975000dc6
grafana-debuginfo-10.2.6-18.el10_0.ppc64le.rpm SHA-256: 85bafcb528d3896d68540dcceb4157f09aceb933446257d0cfdbf69d64f33358
grafana-debugsource-10.2.6-18.el10_0.ppc64le.rpm SHA-256: 99e07d0926b747496428872da47013faf975418caf31f56203e735b9ae76be31
grafana-selinux-10.2.6-18.el10_0.ppc64le.rpm SHA-256: ec7572c5ffb248ebe772aef3438661ef82d3ffd984a794fca325fe3d06bbbd79

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
grafana-10.2.6-18.el10_0.src.rpm SHA-256: 234f0f4db7934a89bbcd4264aae4777515319e873aba666fa70cfdc51aa12c44
ppc64le
grafana-10.2.6-18.el10_0.ppc64le.rpm SHA-256: de14d2b9d3514c7f5559c11d6f6bcdcbd26ad38f94f4f8a224c4702975000dc6
grafana-debuginfo-10.2.6-18.el10_0.ppc64le.rpm SHA-256: 85bafcb528d3896d68540dcceb4157f09aceb933446257d0cfdbf69d64f33358
grafana-debugsource-10.2.6-18.el10_0.ppc64le.rpm SHA-256: 99e07d0926b747496428872da47013faf975418caf31f56203e735b9ae76be31
grafana-selinux-10.2.6-18.el10_0.ppc64le.rpm SHA-256: ec7572c5ffb248ebe772aef3438661ef82d3ffd984a794fca325fe3d06bbbd79

Red Hat Enterprise Linux for ARM 64 10

SRPM
grafana-10.2.6-18.el10_0.src.rpm SHA-256: 234f0f4db7934a89bbcd4264aae4777515319e873aba666fa70cfdc51aa12c44
aarch64
grafana-10.2.6-18.el10_0.aarch64.rpm SHA-256: 16fd4bb6f43ed2fdd806a413d14130d9042becde20f583c3b0b5d5fe9e947d59
grafana-debuginfo-10.2.6-18.el10_0.aarch64.rpm SHA-256: f5bc81d8bbfb30a14e20620727404e10f76f0792191b92498632037298bc3d34
grafana-debugsource-10.2.6-18.el10_0.aarch64.rpm SHA-256: eefe913cabfdb3e0fc29bd01ee46a75a1fe484f24dc91b7195abc6bfa83b4501
grafana-selinux-10.2.6-18.el10_0.aarch64.rpm SHA-256: 27ab9102d1f4c74b17b4f4ba25c4c09eb12e8bed89b9e6cd19b28726f8b685ad

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
grafana-10.2.6-18.el10_0.src.rpm SHA-256: 234f0f4db7934a89bbcd4264aae4777515319e873aba666fa70cfdc51aa12c44
aarch64
grafana-10.2.6-18.el10_0.aarch64.rpm SHA-256: 16fd4bb6f43ed2fdd806a413d14130d9042becde20f583c3b0b5d5fe9e947d59
grafana-debuginfo-10.2.6-18.el10_0.aarch64.rpm SHA-256: f5bc81d8bbfb30a14e20620727404e10f76f0792191b92498632037298bc3d34
grafana-debugsource-10.2.6-18.el10_0.aarch64.rpm SHA-256: eefe913cabfdb3e0fc29bd01ee46a75a1fe484f24dc91b7195abc6bfa83b4501
grafana-selinux-10.2.6-18.el10_0.aarch64.rpm SHA-256: 27ab9102d1f4c74b17b4f4ba25c4c09eb12e8bed89b9e6cd19b28726f8b685ad

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
grafana-10.2.6-18.el10_0.src.rpm SHA-256: 234f0f4db7934a89bbcd4264aae4777515319e873aba666fa70cfdc51aa12c44
aarch64
grafana-10.2.6-18.el10_0.aarch64.rpm SHA-256: 16fd4bb6f43ed2fdd806a413d14130d9042becde20f583c3b0b5d5fe9e947d59
grafana-debuginfo-10.2.6-18.el10_0.aarch64.rpm SHA-256: f5bc81d8bbfb30a14e20620727404e10f76f0792191b92498632037298bc3d34
grafana-debugsource-10.2.6-18.el10_0.aarch64.rpm SHA-256: eefe913cabfdb3e0fc29bd01ee46a75a1fe484f24dc91b7195abc6bfa83b4501
grafana-selinux-10.2.6-18.el10_0.aarch64.rpm SHA-256: 27ab9102d1f4c74b17b4f4ba25c4c09eb12e8bed89b9e6cd19b28726f8b685ad

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
grafana-10.2.6-18.el10_0.src.rpm SHA-256: 234f0f4db7934a89bbcd4264aae4777515319e873aba666fa70cfdc51aa12c44
s390x
grafana-10.2.6-18.el10_0.s390x.rpm SHA-256: 8b3f54734d5e243d8997eaedf760e313e1bf3c69556e3b492fd1e37e2c7d13aa
grafana-debuginfo-10.2.6-18.el10_0.s390x.rpm SHA-256: 8bd5dafd10162cc44df4767fe3ef718a7450922974d46b4d344db5a5d45a5896
grafana-debugsource-10.2.6-18.el10_0.s390x.rpm SHA-256: cf512e8396fb85f2845b7db6658d3e2dbba4b843c7d883250483a4b8322e0372
grafana-selinux-10.2.6-18.el10_0.s390x.rpm SHA-256: 6edf7949b41d3c4b87db057c61ddb7d7790e76e6e74c2bb3357bf071497d9dc3

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
grafana-10.2.6-18.el10_0.src.rpm SHA-256: 234f0f4db7934a89bbcd4264aae4777515319e873aba666fa70cfdc51aa12c44
ppc64le
grafana-10.2.6-18.el10_0.ppc64le.rpm SHA-256: de14d2b9d3514c7f5559c11d6f6bcdcbd26ad38f94f4f8a224c4702975000dc6
grafana-debuginfo-10.2.6-18.el10_0.ppc64le.rpm SHA-256: 85bafcb528d3896d68540dcceb4157f09aceb933446257d0cfdbf69d64f33358
grafana-debugsource-10.2.6-18.el10_0.ppc64le.rpm SHA-256: 99e07d0926b747496428872da47013faf975418caf31f56203e735b9ae76be31
grafana-selinux-10.2.6-18.el10_0.ppc64le.rpm SHA-256: ec7572c5ffb248ebe772aef3438661ef82d3ffd984a794fca325fe3d06bbbd79

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
grafana-10.2.6-18.el10_0.src.rpm SHA-256: 234f0f4db7934a89bbcd4264aae4777515319e873aba666fa70cfdc51aa12c44
x86_64
grafana-10.2.6-18.el10_0.x86_64.rpm SHA-256: 1a85686dec414040133c0a98bad1fb656cbdcb5c2d77721d18bd632c36e072c4
grafana-debuginfo-10.2.6-18.el10_0.x86_64.rpm SHA-256: 8ac73db4946279bcce46106f1fdf441303be2736fbc891a4665173a6feba0174
grafana-debugsource-10.2.6-18.el10_0.x86_64.rpm SHA-256: 486a028c22c4dd5f863f840451403334d89f2b4683be01d6739113dade338084
grafana-selinux-10.2.6-18.el10_0.x86_64.rpm SHA-256: b82a4d5c8923829c773079b68ed3bdc0eeb7eb1e5333309cbab1dc0e70cee83a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.