Red Hat Product Errata RHSA-2026:3831 - Security Advisory
Issued:
2026-03-05
Updated:
2026-03-05

RHSA-2026:3831 - Security Advisory

Synopsis

Important: grafana security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grafana is now available for Red Hat Enterprise Linux 10.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

  • crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
  • golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
  • golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)
  • crypto/tls: Unexpected session resumption in crypto/tls (CVE-2025-68121)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0 aarch64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0 x86_64

Fixes

  • BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
  • BZ - 2434431 - CVE-2025-61728 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
  • BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url
  • BZ - 2437111 - CVE-2025-68121 crypto/tls: Unexpected session resumption in crypto/tls

Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.0

SRPM
grafana-10.2.6-21.el10_0.src.rpm SHA-256: b13fe651f6f34800e98f94d173ae32e590c1fa3534e4c08aaf803128366aecf2
x86_64
grafana-10.2.6-21.el10_0.x86_64.rpm SHA-256: 28471cb657edcf629bde9283c4ba1f9814d8716e13f37a3f2cad571d08b8c8fe
grafana-debuginfo-10.2.6-21.el10_0.x86_64.rpm SHA-256: d6d016050c36f95e70b137fa917add36a18eed63d71e65d58b10f029f4de363b
grafana-debugsource-10.2.6-21.el10_0.x86_64.rpm SHA-256: ae970c49893ff1b68619fc5f20fbd53b54d8be0cbbc7bb3f66c9e4a20a7c06d8
grafana-selinux-10.2.6-21.el10_0.x86_64.rpm SHA-256: e6ba615d911673bba2e28e419a0a497d1f2be60fa0a6a42bc4837d9e3fc255a4

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.0

SRPM
grafana-10.2.6-21.el10_0.src.rpm SHA-256: b13fe651f6f34800e98f94d173ae32e590c1fa3534e4c08aaf803128366aecf2
s390x
grafana-10.2.6-21.el10_0.s390x.rpm SHA-256: 7d7825ece4833bb1a44650d60c25b2a39018cdbfc013ba3b2bfaf95c73adb201
grafana-debuginfo-10.2.6-21.el10_0.s390x.rpm SHA-256: e03b4f17a1164f5ba912cf343422a4dde959b0d8a8daecd6ad30180f6cf16cea
grafana-debugsource-10.2.6-21.el10_0.s390x.rpm SHA-256: 3282c65f883e697099fa53e8fe3ff33d091945488a1a01f1d1e7d8d2d2d5e2aa
grafana-selinux-10.2.6-21.el10_0.s390x.rpm SHA-256: 06f7edabc0e1e1215fbe57446c0cb0f3105396356bdb2544c46f1fec086163e2

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.0

SRPM
grafana-10.2.6-21.el10_0.src.rpm SHA-256: b13fe651f6f34800e98f94d173ae32e590c1fa3534e4c08aaf803128366aecf2
ppc64le
grafana-10.2.6-21.el10_0.ppc64le.rpm SHA-256: b3eabb38ada07f321b8c4cd77af6e834afeeb44598e488f8ecff937a23b4e511
grafana-debuginfo-10.2.6-21.el10_0.ppc64le.rpm SHA-256: 3b1b3c62bb67f5cfc4909676f79c71b374c01c018d85462244b9f669a53472e8
grafana-debugsource-10.2.6-21.el10_0.ppc64le.rpm SHA-256: d1652111dc6a9b644d523cb8e5df44a51aa62106254205cad3d09597bbade9ce
grafana-selinux-10.2.6-21.el10_0.ppc64le.rpm SHA-256: 2b691e3e7a1b2e261725bc5b2d93ecb4b01324ddfd2c95440e452ee12827d9f9

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.0

SRPM
grafana-10.2.6-21.el10_0.src.rpm SHA-256: b13fe651f6f34800e98f94d173ae32e590c1fa3534e4c08aaf803128366aecf2
aarch64
grafana-10.2.6-21.el10_0.aarch64.rpm SHA-256: ba6e800f48cd9d55d8bbdc0cdfb2f8454d5e8cbd0778a037c1b6c042646ff993
grafana-debuginfo-10.2.6-21.el10_0.aarch64.rpm SHA-256: 95faf124d46a01a1ba0a78d02059942eb0925a82a3e7b06f2f4b98f24950c76d
grafana-debugsource-10.2.6-21.el10_0.aarch64.rpm SHA-256: 75ac4b074424a54e1526f4f6ee708be40c89d7e8a207c4be6cda5a56bec8692f
grafana-selinux-10.2.6-21.el10_0.aarch64.rpm SHA-256: 2bc8ed4cffd100f141b268fb20541b7c5b05b7b958ddcc0ce6d2a14385a0b42c

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.0

SRPM
grafana-10.2.6-21.el10_0.src.rpm SHA-256: b13fe651f6f34800e98f94d173ae32e590c1fa3534e4c08aaf803128366aecf2
aarch64
grafana-10.2.6-21.el10_0.aarch64.rpm SHA-256: ba6e800f48cd9d55d8bbdc0cdfb2f8454d5e8cbd0778a037c1b6c042646ff993
grafana-debuginfo-10.2.6-21.el10_0.aarch64.rpm SHA-256: 95faf124d46a01a1ba0a78d02059942eb0925a82a3e7b06f2f4b98f24950c76d
grafana-debugsource-10.2.6-21.el10_0.aarch64.rpm SHA-256: 75ac4b074424a54e1526f4f6ee708be40c89d7e8a207c4be6cda5a56bec8692f
grafana-selinux-10.2.6-21.el10_0.aarch64.rpm SHA-256: 2bc8ed4cffd100f141b268fb20541b7c5b05b7b958ddcc0ce6d2a14385a0b42c

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.0

SRPM
grafana-10.2.6-21.el10_0.src.rpm SHA-256: b13fe651f6f34800e98f94d173ae32e590c1fa3534e4c08aaf803128366aecf2
s390x
grafana-10.2.6-21.el10_0.s390x.rpm SHA-256: 7d7825ece4833bb1a44650d60c25b2a39018cdbfc013ba3b2bfaf95c73adb201
grafana-debuginfo-10.2.6-21.el10_0.s390x.rpm SHA-256: e03b4f17a1164f5ba912cf343422a4dde959b0d8a8daecd6ad30180f6cf16cea
grafana-debugsource-10.2.6-21.el10_0.s390x.rpm SHA-256: 3282c65f883e697099fa53e8fe3ff33d091945488a1a01f1d1e7d8d2d2d5e2aa
grafana-selinux-10.2.6-21.el10_0.s390x.rpm SHA-256: 06f7edabc0e1e1215fbe57446c0cb0f3105396356bdb2544c46f1fec086163e2

Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.0

SRPM
grafana-10.2.6-21.el10_0.src.rpm SHA-256: b13fe651f6f34800e98f94d173ae32e590c1fa3534e4c08aaf803128366aecf2
ppc64le
grafana-10.2.6-21.el10_0.ppc64le.rpm SHA-256: b3eabb38ada07f321b8c4cd77af6e834afeeb44598e488f8ecff937a23b4e511
grafana-debuginfo-10.2.6-21.el10_0.ppc64le.rpm SHA-256: 3b1b3c62bb67f5cfc4909676f79c71b374c01c018d85462244b9f669a53472e8
grafana-debugsource-10.2.6-21.el10_0.ppc64le.rpm SHA-256: d1652111dc6a9b644d523cb8e5df44a51aa62106254205cad3d09597bbade9ce
grafana-selinux-10.2.6-21.el10_0.ppc64le.rpm SHA-256: 2b691e3e7a1b2e261725bc5b2d93ecb4b01324ddfd2c95440e452ee12827d9f9

Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.0

SRPM
grafana-10.2.6-21.el10_0.src.rpm SHA-256: b13fe651f6f34800e98f94d173ae32e590c1fa3534e4c08aaf803128366aecf2
x86_64
grafana-10.2.6-21.el10_0.x86_64.rpm SHA-256: 28471cb657edcf629bde9283c4ba1f9814d8716e13f37a3f2cad571d08b8c8fe
grafana-debuginfo-10.2.6-21.el10_0.x86_64.rpm SHA-256: d6d016050c36f95e70b137fa917add36a18eed63d71e65d58b10f029f4de363b
grafana-debugsource-10.2.6-21.el10_0.x86_64.rpm SHA-256: ae970c49893ff1b68619fc5f20fbd53b54d8be0cbbc7bb3f66c9e4a20a7c06d8
grafana-selinux-10.2.6-21.el10_0.x86_64.rpm SHA-256: e6ba615d911673bba2e28e419a0a497d1f2be60fa0a6a42bc4837d9e3fc255a4

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.