Issued:: 2025-06-12
Updated:: 2025-06-12

RHSA-2025:8975 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: grafana-pcp security update

Type/Severity

Security Advisory: Moderate

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

Security Fix(es):

net/http: Request smuggling due to acceptance of invalid chunked data in net/http (CVE-2025-22871)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
Red Hat Enterprise Linux Server - AUS 9.4 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x

Fixes

BZ - 2358493 - CVE-2025-22871 net/http: Request smuggling due to acceptance of invalid chunked data in net/http

CVEs

CVE-2025-22871

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
grafana-pcp-5.1.1-5.el9_4.src.rpm	SHA-256: 78e2dda1594d115e130bb4d11167ab4f7bb12d7d62ef35c970e1cfbe54e1a3d6
x86_64
grafana-pcp-5.1.1-5.el9_4.x86_64.rpm	SHA-256: 3983fd32b2c31e1fcecdf008955feab6e5fbba34a78e91d76b844757750ef0f0
grafana-pcp-debuginfo-5.1.1-5.el9_4.x86_64.rpm	SHA-256: 1f6a52e11a81d6e772c2e959f6d9db41327b6881d5dbf7ba49b08aaacaaeb771
grafana-pcp-debugsource-5.1.1-5.el9_4.x86_64.rpm	SHA-256: 39e41addf0c27ce01afe8b21d88b9b40d49e4b3385d413992323b4eb6d50f194

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
grafana-pcp-5.1.1-5.el9_4.src.rpm	SHA-256: 78e2dda1594d115e130bb4d11167ab4f7bb12d7d62ef35c970e1cfbe54e1a3d6
x86_64
grafana-pcp-5.1.1-5.el9_4.x86_64.rpm	SHA-256: 3983fd32b2c31e1fcecdf008955feab6e5fbba34a78e91d76b844757750ef0f0
grafana-pcp-debuginfo-5.1.1-5.el9_4.x86_64.rpm	SHA-256: 1f6a52e11a81d6e772c2e959f6d9db41327b6881d5dbf7ba49b08aaacaaeb771
grafana-pcp-debugsource-5.1.1-5.el9_4.x86_64.rpm	SHA-256: 39e41addf0c27ce01afe8b21d88b9b40d49e4b3385d413992323b4eb6d50f194

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
grafana-pcp-5.1.1-5.el9_4.src.rpm	SHA-256: 78e2dda1594d115e130bb4d11167ab4f7bb12d7d62ef35c970e1cfbe54e1a3d6
s390x
grafana-pcp-5.1.1-5.el9_4.s390x.rpm	SHA-256: 95cfd61eebfb62d69c1235161015cfaa1c8a88d3e58e24e96bee949561161004
grafana-pcp-debuginfo-5.1.1-5.el9_4.s390x.rpm	SHA-256: 5402ab1700196f65facb88f3c13243984bffcbf64bca3834403b7ded186508e6
grafana-pcp-debugsource-5.1.1-5.el9_4.s390x.rpm	SHA-256: 281253c64e116c232ee7dfe2477d7923a79ee9bb39b56c6e717be64bd92f4c39

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
grafana-pcp-5.1.1-5.el9_4.src.rpm	SHA-256: 78e2dda1594d115e130bb4d11167ab4f7bb12d7d62ef35c970e1cfbe54e1a3d6
ppc64le
grafana-pcp-5.1.1-5.el9_4.ppc64le.rpm	SHA-256: 166126c3f6f99deaef41d07f784dc1b015af72597eeacdb0f3d23451ec4d84d9
grafana-pcp-debuginfo-5.1.1-5.el9_4.ppc64le.rpm	SHA-256: 1aed8d27877c67b6a211fb2104d5b515c07c93da984979432cd10001b9e08082
grafana-pcp-debugsource-5.1.1-5.el9_4.ppc64le.rpm	SHA-256: 953efc60be714f7922335f91453389f8179599eea6b59ef5d06ef9b41e8827b4

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
grafana-pcp-5.1.1-5.el9_4.src.rpm	SHA-256: 78e2dda1594d115e130bb4d11167ab4f7bb12d7d62ef35c970e1cfbe54e1a3d6
aarch64
grafana-pcp-5.1.1-5.el9_4.aarch64.rpm	SHA-256: b5a26713554f0f81497d3a9b4b9d382307415bd8a9630cabb96dc3a42c4d3bc0
grafana-pcp-debuginfo-5.1.1-5.el9_4.aarch64.rpm	SHA-256: 7bbe77cf554ec01aef4afce1c09fdb5114e84dc118547cd75fd78e03f87e1128
grafana-pcp-debugsource-5.1.1-5.el9_4.aarch64.rpm	SHA-256: a28dd332e53ef0482b5e2b91a7a0c29e07c153340b3a6b29a21f7bf88bd43ad4

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
grafana-pcp-5.1.1-5.el9_4.src.rpm	SHA-256: 78e2dda1594d115e130bb4d11167ab4f7bb12d7d62ef35c970e1cfbe54e1a3d6
ppc64le
grafana-pcp-5.1.1-5.el9_4.ppc64le.rpm	SHA-256: 166126c3f6f99deaef41d07f784dc1b015af72597eeacdb0f3d23451ec4d84d9
grafana-pcp-debuginfo-5.1.1-5.el9_4.ppc64le.rpm	SHA-256: 1aed8d27877c67b6a211fb2104d5b515c07c93da984979432cd10001b9e08082
grafana-pcp-debugsource-5.1.1-5.el9_4.ppc64le.rpm	SHA-256: 953efc60be714f7922335f91453389f8179599eea6b59ef5d06ef9b41e8827b4

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
grafana-pcp-5.1.1-5.el9_4.src.rpm	SHA-256: 78e2dda1594d115e130bb4d11167ab4f7bb12d7d62ef35c970e1cfbe54e1a3d6
x86_64
grafana-pcp-5.1.1-5.el9_4.x86_64.rpm	SHA-256: 3983fd32b2c31e1fcecdf008955feab6e5fbba34a78e91d76b844757750ef0f0
grafana-pcp-debuginfo-5.1.1-5.el9_4.x86_64.rpm	SHA-256: 1f6a52e11a81d6e772c2e959f6d9db41327b6881d5dbf7ba49b08aaacaaeb771
grafana-pcp-debugsource-5.1.1-5.el9_4.x86_64.rpm	SHA-256: 39e41addf0c27ce01afe8b21d88b9b40d49e4b3385d413992323b4eb6d50f194

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
grafana-pcp-5.1.1-5.el9_4.src.rpm	SHA-256: 78e2dda1594d115e130bb4d11167ab4f7bb12d7d62ef35c970e1cfbe54e1a3d6
aarch64
grafana-pcp-5.1.1-5.el9_4.aarch64.rpm	SHA-256: b5a26713554f0f81497d3a9b4b9d382307415bd8a9630cabb96dc3a42c4d3bc0
grafana-pcp-debuginfo-5.1.1-5.el9_4.aarch64.rpm	SHA-256: 7bbe77cf554ec01aef4afce1c09fdb5114e84dc118547cd75fd78e03f87e1128
grafana-pcp-debugsource-5.1.1-5.el9_4.aarch64.rpm	SHA-256: a28dd332e53ef0482b5e2b91a7a0c29e07c153340b3a6b29a21f7bf88bd43ad4

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
grafana-pcp-5.1.1-5.el9_4.src.rpm	SHA-256: 78e2dda1594d115e130bb4d11167ab4f7bb12d7d62ef35c970e1cfbe54e1a3d6
s390x
grafana-pcp-5.1.1-5.el9_4.s390x.rpm	SHA-256: 95cfd61eebfb62d69c1235161015cfaa1c8a88d3e58e24e96bee949561161004
grafana-pcp-debuginfo-5.1.1-5.el9_4.s390x.rpm	SHA-256: 5402ab1700196f65facb88f3c13243984bffcbf64bca3834403b7ded186508e6
grafana-pcp-debugsource-5.1.1-5.el9_4.s390x.rpm	SHA-256: 281253c64e116c232ee7dfe2477d7923a79ee9bb39b56c6e717be64bd92f4c39

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4

SRPM
grafana-pcp-5.1.1-5.el9_4.src.rpm	SHA-256: 78e2dda1594d115e130bb4d11167ab4f7bb12d7d62ef35c970e1cfbe54e1a3d6
x86_64
grafana-pcp-5.1.1-5.el9_4.x86_64.rpm	SHA-256: 3983fd32b2c31e1fcecdf008955feab6e5fbba34a78e91d76b844757750ef0f0
grafana-pcp-debuginfo-5.1.1-5.el9_4.x86_64.rpm	SHA-256: 1f6a52e11a81d6e772c2e959f6d9db41327b6881d5dbf7ba49b08aaacaaeb771
grafana-pcp-debugsource-5.1.1-5.el9_4.x86_64.rpm	SHA-256: 39e41addf0c27ce01afe8b21d88b9b40d49e4b3385d413992323b4eb6d50f194

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4

SRPM
grafana-pcp-5.1.1-5.el9_4.src.rpm	SHA-256: 78e2dda1594d115e130bb4d11167ab4f7bb12d7d62ef35c970e1cfbe54e1a3d6
aarch64
grafana-pcp-5.1.1-5.el9_4.aarch64.rpm	SHA-256: b5a26713554f0f81497d3a9b4b9d382307415bd8a9630cabb96dc3a42c4d3bc0
grafana-pcp-debuginfo-5.1.1-5.el9_4.aarch64.rpm	SHA-256: 7bbe77cf554ec01aef4afce1c09fdb5114e84dc118547cd75fd78e03f87e1128
grafana-pcp-debugsource-5.1.1-5.el9_4.aarch64.rpm	SHA-256: a28dd332e53ef0482b5e2b91a7a0c29e07c153340b3a6b29a21f7bf88bd43ad4

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4

SRPM
grafana-pcp-5.1.1-5.el9_4.src.rpm	SHA-256: 78e2dda1594d115e130bb4d11167ab4f7bb12d7d62ef35c970e1cfbe54e1a3d6
ppc64le
grafana-pcp-5.1.1-5.el9_4.ppc64le.rpm	SHA-256: 166126c3f6f99deaef41d07f784dc1b015af72597eeacdb0f3d23451ec4d84d9
grafana-pcp-debuginfo-5.1.1-5.el9_4.ppc64le.rpm	SHA-256: 1aed8d27877c67b6a211fb2104d5b515c07c93da984979432cd10001b9e08082
grafana-pcp-debugsource-5.1.1-5.el9_4.ppc64le.rpm	SHA-256: 953efc60be714f7922335f91453389f8179599eea6b59ef5d06ef9b41e8827b4

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4

SRPM
grafana-pcp-5.1.1-5.el9_4.src.rpm	SHA-256: 78e2dda1594d115e130bb4d11167ab4f7bb12d7d62ef35c970e1cfbe54e1a3d6
s390x
grafana-pcp-5.1.1-5.el9_4.s390x.rpm	SHA-256: 95cfd61eebfb62d69c1235161015cfaa1c8a88d3e58e24e96bee949561161004
grafana-pcp-debuginfo-5.1.1-5.el9_4.s390x.rpm	SHA-256: 5402ab1700196f65facb88f3c13243984bffcbf64bca3834403b7ded186508e6
grafana-pcp-debugsource-5.1.1-5.el9_4.s390x.rpm	SHA-256: 281253c64e116c232ee7dfe2477d7923a79ee9bb39b56c6e717be64bd92f4c39

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation