Red Hat Product Errata RHSA-2025:8915 - Security Advisory
Issued:
2025-06-11
Updated:
2025-06-11

RHSA-2025:8915 - Security Advisory

Synopsis

Moderate: grafana-pcp security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grafana-pcp is now available for Red Hat Enterprise Linux 10.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

Security Fix(es):

  • net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 10 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 10 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian 10 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 10 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

  • BZ - 2358493 - CVE-2025-22871 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

Red Hat Enterprise Linux for x86_64 10

SRPM
grafana-pcp-5.2.2-3.el10_0.src.rpm SHA-256: b8e30638c067417b4be12ab17b2117635486b049d696fe4c63f07d20f1682821
x86_64
grafana-pcp-5.2.2-3.el10_0.x86_64.rpm SHA-256: b587872c082b12e743c832fc983be6286720f49af6f7a93e7ddfcbff745884c6
grafana-pcp-debuginfo-5.2.2-3.el10_0.x86_64.rpm SHA-256: 04cc83ad1bbc73b52a9c812bbc0b44e73792455c4b0804971619e8415efe6486
grafana-pcp-debugsource-5.2.2-3.el10_0.x86_64.rpm SHA-256: fb7fe4c152e8375f97aef5bf14c84cec82806ed24bfa6209dd4be1a39272eeb5

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
grafana-pcp-5.2.2-3.el10_0.src.rpm SHA-256: b8e30638c067417b4be12ab17b2117635486b049d696fe4c63f07d20f1682821
x86_64
grafana-pcp-5.2.2-3.el10_0.x86_64.rpm SHA-256: b587872c082b12e743c832fc983be6286720f49af6f7a93e7ddfcbff745884c6
grafana-pcp-debuginfo-5.2.2-3.el10_0.x86_64.rpm SHA-256: 04cc83ad1bbc73b52a9c812bbc0b44e73792455c4b0804971619e8415efe6486
grafana-pcp-debugsource-5.2.2-3.el10_0.x86_64.rpm SHA-256: fb7fe4c152e8375f97aef5bf14c84cec82806ed24bfa6209dd4be1a39272eeb5

Red Hat Enterprise Linux for IBM z Systems 10

SRPM
grafana-pcp-5.2.2-3.el10_0.src.rpm SHA-256: b8e30638c067417b4be12ab17b2117635486b049d696fe4c63f07d20f1682821
s390x
grafana-pcp-5.2.2-3.el10_0.s390x.rpm SHA-256: 66cf123e171a4ecd1b677471d22bd60f1293abddd11b053a03896fec4a40f37c
grafana-pcp-debuginfo-5.2.2-3.el10_0.s390x.rpm SHA-256: 6b7ff283d244a4af14fbe2a4082c520a204a5ded29fc057c52dc89b9ee7c7c98
grafana-pcp-debugsource-5.2.2-3.el10_0.s390x.rpm SHA-256: df66ecfafcc8bc1744f2c9bea38dda71800f077f779bc512dab059608e01767c

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
grafana-pcp-5.2.2-3.el10_0.src.rpm SHA-256: b8e30638c067417b4be12ab17b2117635486b049d696fe4c63f07d20f1682821
s390x
grafana-pcp-5.2.2-3.el10_0.s390x.rpm SHA-256: 66cf123e171a4ecd1b677471d22bd60f1293abddd11b053a03896fec4a40f37c
grafana-pcp-debuginfo-5.2.2-3.el10_0.s390x.rpm SHA-256: 6b7ff283d244a4af14fbe2a4082c520a204a5ded29fc057c52dc89b9ee7c7c98
grafana-pcp-debugsource-5.2.2-3.el10_0.s390x.rpm SHA-256: df66ecfafcc8bc1744f2c9bea38dda71800f077f779bc512dab059608e01767c

Red Hat Enterprise Linux for Power, little endian 10

SRPM
grafana-pcp-5.2.2-3.el10_0.src.rpm SHA-256: b8e30638c067417b4be12ab17b2117635486b049d696fe4c63f07d20f1682821
ppc64le
grafana-pcp-5.2.2-3.el10_0.ppc64le.rpm SHA-256: 4924e0e873add51876313f967b136f66937bfc55d2209d8588f55eb8e42d74ad
grafana-pcp-debuginfo-5.2.2-3.el10_0.ppc64le.rpm SHA-256: 990b06839cf7b9e05d3eecf8614b687d26c2886f4b33d75631721a377cd08f77
grafana-pcp-debugsource-5.2.2-3.el10_0.ppc64le.rpm SHA-256: f181e311bacd965c2047cc00fb95630c46fde52c19432a2f61a8475efc9d54d7

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
grafana-pcp-5.2.2-3.el10_0.src.rpm SHA-256: b8e30638c067417b4be12ab17b2117635486b049d696fe4c63f07d20f1682821
ppc64le
grafana-pcp-5.2.2-3.el10_0.ppc64le.rpm SHA-256: 4924e0e873add51876313f967b136f66937bfc55d2209d8588f55eb8e42d74ad
grafana-pcp-debuginfo-5.2.2-3.el10_0.ppc64le.rpm SHA-256: 990b06839cf7b9e05d3eecf8614b687d26c2886f4b33d75631721a377cd08f77
grafana-pcp-debugsource-5.2.2-3.el10_0.ppc64le.rpm SHA-256: f181e311bacd965c2047cc00fb95630c46fde52c19432a2f61a8475efc9d54d7

Red Hat Enterprise Linux for ARM 64 10

SRPM
grafana-pcp-5.2.2-3.el10_0.src.rpm SHA-256: b8e30638c067417b4be12ab17b2117635486b049d696fe4c63f07d20f1682821
aarch64
grafana-pcp-5.2.2-3.el10_0.aarch64.rpm SHA-256: bbdbbf91da2fb8823a3c834acb70cbc3be8f4c9d8c999716a85a13bc11e65ff1
grafana-pcp-debuginfo-5.2.2-3.el10_0.aarch64.rpm SHA-256: e9ade26195a331244cabed0a02a582938e6195663f1f1ad84d98cb334efac0db
grafana-pcp-debugsource-5.2.2-3.el10_0.aarch64.rpm SHA-256: fa6f670224d910c233e070a58f8afab8ccd02b04529c4e8e4771aaebd063d919

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
grafana-pcp-5.2.2-3.el10_0.src.rpm SHA-256: b8e30638c067417b4be12ab17b2117635486b049d696fe4c63f07d20f1682821
aarch64
grafana-pcp-5.2.2-3.el10_0.aarch64.rpm SHA-256: bbdbbf91da2fb8823a3c834acb70cbc3be8f4c9d8c999716a85a13bc11e65ff1
grafana-pcp-debuginfo-5.2.2-3.el10_0.aarch64.rpm SHA-256: e9ade26195a331244cabed0a02a582938e6195663f1f1ad84d98cb334efac0db
grafana-pcp-debugsource-5.2.2-3.el10_0.aarch64.rpm SHA-256: fa6f670224d910c233e070a58f8afab8ccd02b04529c4e8e4771aaebd063d919

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
grafana-pcp-5.2.2-3.el10_0.src.rpm SHA-256: b8e30638c067417b4be12ab17b2117635486b049d696fe4c63f07d20f1682821
aarch64
grafana-pcp-5.2.2-3.el10_0.aarch64.rpm SHA-256: bbdbbf91da2fb8823a3c834acb70cbc3be8f4c9d8c999716a85a13bc11e65ff1
grafana-pcp-debuginfo-5.2.2-3.el10_0.aarch64.rpm SHA-256: e9ade26195a331244cabed0a02a582938e6195663f1f1ad84d98cb334efac0db
grafana-pcp-debugsource-5.2.2-3.el10_0.aarch64.rpm SHA-256: fa6f670224d910c233e070a58f8afab8ccd02b04529c4e8e4771aaebd063d919

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
grafana-pcp-5.2.2-3.el10_0.src.rpm SHA-256: b8e30638c067417b4be12ab17b2117635486b049d696fe4c63f07d20f1682821
s390x
grafana-pcp-5.2.2-3.el10_0.s390x.rpm SHA-256: 66cf123e171a4ecd1b677471d22bd60f1293abddd11b053a03896fec4a40f37c
grafana-pcp-debuginfo-5.2.2-3.el10_0.s390x.rpm SHA-256: 6b7ff283d244a4af14fbe2a4082c520a204a5ded29fc057c52dc89b9ee7c7c98
grafana-pcp-debugsource-5.2.2-3.el10_0.s390x.rpm SHA-256: df66ecfafcc8bc1744f2c9bea38dda71800f077f779bc512dab059608e01767c

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
grafana-pcp-5.2.2-3.el10_0.src.rpm SHA-256: b8e30638c067417b4be12ab17b2117635486b049d696fe4c63f07d20f1682821
ppc64le
grafana-pcp-5.2.2-3.el10_0.ppc64le.rpm SHA-256: 4924e0e873add51876313f967b136f66937bfc55d2209d8588f55eb8e42d74ad
grafana-pcp-debuginfo-5.2.2-3.el10_0.ppc64le.rpm SHA-256: 990b06839cf7b9e05d3eecf8614b687d26c2886f4b33d75631721a377cd08f77
grafana-pcp-debugsource-5.2.2-3.el10_0.ppc64le.rpm SHA-256: f181e311bacd965c2047cc00fb95630c46fde52c19432a2f61a8475efc9d54d7

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
grafana-pcp-5.2.2-3.el10_0.src.rpm SHA-256: b8e30638c067417b4be12ab17b2117635486b049d696fe4c63f07d20f1682821
x86_64
grafana-pcp-5.2.2-3.el10_0.x86_64.rpm SHA-256: b587872c082b12e743c832fc983be6286720f49af6f7a93e7ddfcbff745884c6
grafana-pcp-debuginfo-5.2.2-3.el10_0.x86_64.rpm SHA-256: 04cc83ad1bbc73b52a9c812bbc0b44e73792455c4b0804971619e8415efe6486
grafana-pcp-debugsource-5.2.2-3.el10_0.x86_64.rpm SHA-256: fb7fe4c152e8375f97aef5bf14c84cec82806ed24bfa6209dd4be1a39272eeb5

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.