红帽产品勘误 RHSA-2026:3818 - Security Advisory
发布:
2026-03-05
已更新:
2026-03-05

RHSA-2026:3818 - Security Advisory

概述

Important: grafana-pcp security update

类型/严重性

Security Advisory: Important

Red Hat Lightspeed patch analysis

识别并修复受此公告影响的系统。

查看受影响的系统

标题

An update for grafana-pcp is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

Security Fix(es):

  • crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
  • golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

解决方案

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

受影响的产品

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
  • Red Hat Enterprise Linux Server - AUS 9.4 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x
  • Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4 aarch64
  • Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4 ppc64le
  • Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4 s390x

修复

  • BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
  • BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
grafana-pcp-5.1.1-6.el9_4.src.rpm SHA-256: 8497fcc282674a876e9027875e8d63de562db80b43e9f288eb2e07b9557dc118
x86_64
grafana-pcp-5.1.1-6.el9_4.x86_64.rpm SHA-256: 72e6695fa75ce0d4be4709cde5dd675d9b6984690bac27ceb93e249fec7131d4
grafana-pcp-debuginfo-5.1.1-6.el9_4.x86_64.rpm SHA-256: 11a67b214d03646f47d02a9053f18a6cee7116a43487e9dace4ee2e043d4d99e
grafana-pcp-debugsource-5.1.1-6.el9_4.x86_64.rpm SHA-256: 845ce47071de018a8bf5c3dda1af86de28d18d5ed36584aad6cd331522cd2389

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
grafana-pcp-5.1.1-6.el9_4.src.rpm SHA-256: 8497fcc282674a876e9027875e8d63de562db80b43e9f288eb2e07b9557dc118
x86_64
grafana-pcp-5.1.1-6.el9_4.x86_64.rpm SHA-256: 72e6695fa75ce0d4be4709cde5dd675d9b6984690bac27ceb93e249fec7131d4
grafana-pcp-debuginfo-5.1.1-6.el9_4.x86_64.rpm SHA-256: 11a67b214d03646f47d02a9053f18a6cee7116a43487e9dace4ee2e043d4d99e
grafana-pcp-debugsource-5.1.1-6.el9_4.x86_64.rpm SHA-256: 845ce47071de018a8bf5c3dda1af86de28d18d5ed36584aad6cd331522cd2389

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
grafana-pcp-5.1.1-6.el9_4.src.rpm SHA-256: 8497fcc282674a876e9027875e8d63de562db80b43e9f288eb2e07b9557dc118
s390x
grafana-pcp-5.1.1-6.el9_4.s390x.rpm SHA-256: 4921ac22013846c1d4d1435a8e64a16f8783539c18561c19aeea4f01c0dab08d
grafana-pcp-debuginfo-5.1.1-6.el9_4.s390x.rpm SHA-256: 757d05331e7e4c01a486205f8f5b07c38be876eccd9a63a1dce3d5d355809181
grafana-pcp-debugsource-5.1.1-6.el9_4.s390x.rpm SHA-256: c44a081da64c076f7c2e4801f51397389ee395954777d24843b4ac81f77dfa94

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
grafana-pcp-5.1.1-6.el9_4.src.rpm SHA-256: 8497fcc282674a876e9027875e8d63de562db80b43e9f288eb2e07b9557dc118
ppc64le
grafana-pcp-5.1.1-6.el9_4.ppc64le.rpm SHA-256: 0bd949ab0b2c4786b37d5d00ebf2f466935175d6d9e54f87acce62f00da2822e
grafana-pcp-debuginfo-5.1.1-6.el9_4.ppc64le.rpm SHA-256: e6d4e4761566c62c173d62cfb25d0b5339b5a63704ff39de22f6e24f91605e63
grafana-pcp-debugsource-5.1.1-6.el9_4.ppc64le.rpm SHA-256: 4c5e3c52bc007a31b85700ca059989302dcfda6d06fec398c8859d23395a64c7

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
grafana-pcp-5.1.1-6.el9_4.src.rpm SHA-256: 8497fcc282674a876e9027875e8d63de562db80b43e9f288eb2e07b9557dc118
aarch64
grafana-pcp-5.1.1-6.el9_4.aarch64.rpm SHA-256: 367da34489057325d30d0f24793de6ea151f588958706d73ba2f9272dc85c60b
grafana-pcp-debuginfo-5.1.1-6.el9_4.aarch64.rpm SHA-256: 2d04792140ac5bd30cd5759a88a92f2872e1c9eb5e14508bc0baa826a67f0d5b
grafana-pcp-debugsource-5.1.1-6.el9_4.aarch64.rpm SHA-256: feb359ff79702bb4b4e1394acf28abe0648728308d63f0bcfaa0960fd3ae59e4

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
grafana-pcp-5.1.1-6.el9_4.src.rpm SHA-256: 8497fcc282674a876e9027875e8d63de562db80b43e9f288eb2e07b9557dc118
ppc64le
grafana-pcp-5.1.1-6.el9_4.ppc64le.rpm SHA-256: 0bd949ab0b2c4786b37d5d00ebf2f466935175d6d9e54f87acce62f00da2822e
grafana-pcp-debuginfo-5.1.1-6.el9_4.ppc64le.rpm SHA-256: e6d4e4761566c62c173d62cfb25d0b5339b5a63704ff39de22f6e24f91605e63
grafana-pcp-debugsource-5.1.1-6.el9_4.ppc64le.rpm SHA-256: 4c5e3c52bc007a31b85700ca059989302dcfda6d06fec398c8859d23395a64c7

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
grafana-pcp-5.1.1-6.el9_4.src.rpm SHA-256: 8497fcc282674a876e9027875e8d63de562db80b43e9f288eb2e07b9557dc118
x86_64
grafana-pcp-5.1.1-6.el9_4.x86_64.rpm SHA-256: 72e6695fa75ce0d4be4709cde5dd675d9b6984690bac27ceb93e249fec7131d4
grafana-pcp-debuginfo-5.1.1-6.el9_4.x86_64.rpm SHA-256: 11a67b214d03646f47d02a9053f18a6cee7116a43487e9dace4ee2e043d4d99e
grafana-pcp-debugsource-5.1.1-6.el9_4.x86_64.rpm SHA-256: 845ce47071de018a8bf5c3dda1af86de28d18d5ed36584aad6cd331522cd2389

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
grafana-pcp-5.1.1-6.el9_4.src.rpm SHA-256: 8497fcc282674a876e9027875e8d63de562db80b43e9f288eb2e07b9557dc118
aarch64
grafana-pcp-5.1.1-6.el9_4.aarch64.rpm SHA-256: 367da34489057325d30d0f24793de6ea151f588958706d73ba2f9272dc85c60b
grafana-pcp-debuginfo-5.1.1-6.el9_4.aarch64.rpm SHA-256: 2d04792140ac5bd30cd5759a88a92f2872e1c9eb5e14508bc0baa826a67f0d5b
grafana-pcp-debugsource-5.1.1-6.el9_4.aarch64.rpm SHA-256: feb359ff79702bb4b4e1394acf28abe0648728308d63f0bcfaa0960fd3ae59e4

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
grafana-pcp-5.1.1-6.el9_4.src.rpm SHA-256: 8497fcc282674a876e9027875e8d63de562db80b43e9f288eb2e07b9557dc118
s390x
grafana-pcp-5.1.1-6.el9_4.s390x.rpm SHA-256: 4921ac22013846c1d4d1435a8e64a16f8783539c18561c19aeea4f01c0dab08d
grafana-pcp-debuginfo-5.1.1-6.el9_4.s390x.rpm SHA-256: 757d05331e7e4c01a486205f8f5b07c38be876eccd9a63a1dce3d5d355809181
grafana-pcp-debugsource-5.1.1-6.el9_4.s390x.rpm SHA-256: c44a081da64c076f7c2e4801f51397389ee395954777d24843b4ac81f77dfa94

Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.4

SRPM
grafana-pcp-5.1.1-6.el9_4.src.rpm SHA-256: 8497fcc282674a876e9027875e8d63de562db80b43e9f288eb2e07b9557dc118
x86_64
grafana-pcp-5.1.1-6.el9_4.x86_64.rpm SHA-256: 72e6695fa75ce0d4be4709cde5dd675d9b6984690bac27ceb93e249fec7131d4
grafana-pcp-debuginfo-5.1.1-6.el9_4.x86_64.rpm SHA-256: 11a67b214d03646f47d02a9053f18a6cee7116a43487e9dace4ee2e043d4d99e
grafana-pcp-debugsource-5.1.1-6.el9_4.x86_64.rpm SHA-256: 845ce47071de018a8bf5c3dda1af86de28d18d5ed36584aad6cd331522cd2389

Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.4

SRPM
grafana-pcp-5.1.1-6.el9_4.src.rpm SHA-256: 8497fcc282674a876e9027875e8d63de562db80b43e9f288eb2e07b9557dc118
aarch64
grafana-pcp-5.1.1-6.el9_4.aarch64.rpm SHA-256: 367da34489057325d30d0f24793de6ea151f588958706d73ba2f9272dc85c60b
grafana-pcp-debuginfo-5.1.1-6.el9_4.aarch64.rpm SHA-256: 2d04792140ac5bd30cd5759a88a92f2872e1c9eb5e14508bc0baa826a67f0d5b
grafana-pcp-debugsource-5.1.1-6.el9_4.aarch64.rpm SHA-256: feb359ff79702bb4b4e1394acf28abe0648728308d63f0bcfaa0960fd3ae59e4

Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.4

SRPM
grafana-pcp-5.1.1-6.el9_4.src.rpm SHA-256: 8497fcc282674a876e9027875e8d63de562db80b43e9f288eb2e07b9557dc118
ppc64le
grafana-pcp-5.1.1-6.el9_4.ppc64le.rpm SHA-256: 0bd949ab0b2c4786b37d5d00ebf2f466935175d6d9e54f87acce62f00da2822e
grafana-pcp-debuginfo-5.1.1-6.el9_4.ppc64le.rpm SHA-256: e6d4e4761566c62c173d62cfb25d0b5339b5a63704ff39de22f6e24f91605e63
grafana-pcp-debugsource-5.1.1-6.el9_4.ppc64le.rpm SHA-256: 4c5e3c52bc007a31b85700ca059989302dcfda6d06fec398c8859d23395a64c7

Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.4

SRPM
grafana-pcp-5.1.1-6.el9_4.src.rpm SHA-256: 8497fcc282674a876e9027875e8d63de562db80b43e9f288eb2e07b9557dc118
s390x
grafana-pcp-5.1.1-6.el9_4.s390x.rpm SHA-256: 4921ac22013846c1d4d1435a8e64a16f8783539c18561c19aeea4f01c0dab08d
grafana-pcp-debuginfo-5.1.1-6.el9_4.s390x.rpm SHA-256: 757d05331e7e4c01a486205f8f5b07c38be876eccd9a63a1dce3d5d355809181
grafana-pcp-debugsource-5.1.1-6.el9_4.s390x.rpm SHA-256: c44a081da64c076f7c2e4801f51397389ee395954777d24843b4ac81f77dfa94

Red Hat 安全团队联络方式为 secalert@redhat.com。 更多联络细节请参考 https://access.redhat.com/security/team/contact/