Issued:: 2026-03-05
Updated:: 2026-03-05

RHSA-2026:3835 - Security Advisory

Overview
Updated Packages

Synopsis

Important: grafana security update

Type/Severity

Security Advisory: Important

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for grafana is now available for Red Hat Enterprise Linux 9.4 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip (CVE-2025-61728)
golang: net/url: Memory exhaustion in query parameter parsing in net/url (CVE-2025-61726)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4 x86_64
Red Hat Enterprise Linux Server - AUS 9.4 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4 s390x
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4 ppc64le
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4 aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4 x86_64
Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4 aarch64
Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4 s390x

Fixes

BZ - 2418462 - CVE-2025-61729 crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate
BZ - 2434431 - CVE-2025-61728 golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
BZ - 2434432 - CVE-2025-61726 golang: net/url: Memory exhaustion in query parameter parsing in net/url

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.4

SRPM
grafana-9.2.10-25.el9_4.src.rpm	SHA-256: f7e08300d9b24a9f0f4ae80cff1b674b375f3e961eb2f351f2264424524f99dd
x86_64
grafana-9.2.10-25.el9_4.x86_64.rpm	SHA-256: b3fbd9493927f8c7dd76a1ac5cb39fa3571a9b8c6bc2477a70108c171b4b5124
grafana-debuginfo-9.2.10-25.el9_4.x86_64.rpm	SHA-256: ab9ebd7cd82e537ddbc91bf4e52b333ac9378df360d15e9d29ca553604314374
grafana-debugsource-9.2.10-25.el9_4.x86_64.rpm	SHA-256: af12ed7376d6023a6f2900349a10f4f1bb6d102ceaace4ef2458fa11fac47be4
grafana-selinux-9.2.10-25.el9_4.x86_64.rpm	SHA-256: 9629a7831b599c37986b89f7a59e4abcae080eaf8b467bbb762bcd4ec3deed05

Red Hat Enterprise Linux Server - AUS 9.4

SRPM
grafana-9.2.10-25.el9_4.src.rpm	SHA-256: f7e08300d9b24a9f0f4ae80cff1b674b375f3e961eb2f351f2264424524f99dd
x86_64
grafana-9.2.10-25.el9_4.x86_64.rpm	SHA-256: b3fbd9493927f8c7dd76a1ac5cb39fa3571a9b8c6bc2477a70108c171b4b5124
grafana-debuginfo-9.2.10-25.el9_4.x86_64.rpm	SHA-256: ab9ebd7cd82e537ddbc91bf4e52b333ac9378df360d15e9d29ca553604314374
grafana-debugsource-9.2.10-25.el9_4.x86_64.rpm	SHA-256: af12ed7376d6023a6f2900349a10f4f1bb6d102ceaace4ef2458fa11fac47be4
grafana-selinux-9.2.10-25.el9_4.x86_64.rpm	SHA-256: 9629a7831b599c37986b89f7a59e4abcae080eaf8b467bbb762bcd4ec3deed05

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.4

SRPM
grafana-9.2.10-25.el9_4.src.rpm	SHA-256: f7e08300d9b24a9f0f4ae80cff1b674b375f3e961eb2f351f2264424524f99dd
s390x
grafana-9.2.10-25.el9_4.s390x.rpm	SHA-256: e9f5f09e951aeb945010f71c62ecd70ead2f368dfea48874b8b30ff882b0845c
grafana-debuginfo-9.2.10-25.el9_4.s390x.rpm	SHA-256: 1735d38e4fbb87fb3360f204fb7e8f6f0c23a9a34c4ed0e582f09ca20ca8501c
grafana-debugsource-9.2.10-25.el9_4.s390x.rpm	SHA-256: b4d5711c1bdb3aa655f787d812699beee8a5d785e10e8a2d1151203e203461c9
grafana-selinux-9.2.10-25.el9_4.s390x.rpm	SHA-256: 9e3740694d1fd189718ae416a555b0ec312cfe301df1d535f7b7111a07f90c9c

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.4

SRPM
grafana-9.2.10-25.el9_4.src.rpm	SHA-256: f7e08300d9b24a9f0f4ae80cff1b674b375f3e961eb2f351f2264424524f99dd
ppc64le
grafana-9.2.10-25.el9_4.ppc64le.rpm	SHA-256: 5a4b9826ca35a0c19f922277a410bb62666fd11d5d38ea0999a86f96a46e0a29
grafana-debuginfo-9.2.10-25.el9_4.ppc64le.rpm	SHA-256: ccd1d014d5bd4758ad8b4ad06d4d7dfdb5b1685509928936f5c613eb32f18201
grafana-debugsource-9.2.10-25.el9_4.ppc64le.rpm	SHA-256: 8efccfb6bbd3436dcd734694425b3d14a9408fe4afbeaddc30a75408f9ce8f01
grafana-selinux-9.2.10-25.el9_4.ppc64le.rpm	SHA-256: d1659b96e4ffa28d48560db3f37c63302ffada3e06f0c8605ae78d03b2271502

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.4

SRPM
grafana-9.2.10-25.el9_4.src.rpm	SHA-256: f7e08300d9b24a9f0f4ae80cff1b674b375f3e961eb2f351f2264424524f99dd
aarch64
grafana-9.2.10-25.el9_4.aarch64.rpm	SHA-256: 4f3e6c9bee7bfaa55a946cbd579b594c09f386ebed88111460ded68d8df9cf45
grafana-debuginfo-9.2.10-25.el9_4.aarch64.rpm	SHA-256: 22dcd80338596c560f0f832ef2e75adbb04dc4a96c33ea52c1e36b08d9189b34
grafana-debugsource-9.2.10-25.el9_4.aarch64.rpm	SHA-256: 0eb3a43f9261d34c1c16f239dad7020f7d2e10f268f84a464af92501244ec822
grafana-selinux-9.2.10-25.el9_4.aarch64.rpm	SHA-256: 3822e06d16c9bb19640c5cad07a36f5b02f2fef3e142cfafdfc02f5eab43fa8e

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.4

SRPM
grafana-9.2.10-25.el9_4.src.rpm	SHA-256: f7e08300d9b24a9f0f4ae80cff1b674b375f3e961eb2f351f2264424524f99dd
ppc64le
grafana-9.2.10-25.el9_4.ppc64le.rpm	SHA-256: 5a4b9826ca35a0c19f922277a410bb62666fd11d5d38ea0999a86f96a46e0a29
grafana-debuginfo-9.2.10-25.el9_4.ppc64le.rpm	SHA-256: ccd1d014d5bd4758ad8b4ad06d4d7dfdb5b1685509928936f5c613eb32f18201
grafana-debugsource-9.2.10-25.el9_4.ppc64le.rpm	SHA-256: 8efccfb6bbd3436dcd734694425b3d14a9408fe4afbeaddc30a75408f9ce8f01
grafana-selinux-9.2.10-25.el9_4.ppc64le.rpm	SHA-256: d1659b96e4ffa28d48560db3f37c63302ffada3e06f0c8605ae78d03b2271502

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.4

SRPM
grafana-9.2.10-25.el9_4.src.rpm	SHA-256: f7e08300d9b24a9f0f4ae80cff1b674b375f3e961eb2f351f2264424524f99dd
x86_64
grafana-9.2.10-25.el9_4.x86_64.rpm	SHA-256: b3fbd9493927f8c7dd76a1ac5cb39fa3571a9b8c6bc2477a70108c171b4b5124
grafana-debuginfo-9.2.10-25.el9_4.x86_64.rpm	SHA-256: ab9ebd7cd82e537ddbc91bf4e52b333ac9378df360d15e9d29ca553604314374
grafana-debugsource-9.2.10-25.el9_4.x86_64.rpm	SHA-256: af12ed7376d6023a6f2900349a10f4f1bb6d102ceaace4ef2458fa11fac47be4
grafana-selinux-9.2.10-25.el9_4.x86_64.rpm	SHA-256: 9629a7831b599c37986b89f7a59e4abcae080eaf8b467bbb762bcd4ec3deed05

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.4

SRPM
grafana-9.2.10-25.el9_4.src.rpm	SHA-256: f7e08300d9b24a9f0f4ae80cff1b674b375f3e961eb2f351f2264424524f99dd
aarch64
grafana-9.2.10-25.el9_4.aarch64.rpm	SHA-256: 4f3e6c9bee7bfaa55a946cbd579b594c09f386ebed88111460ded68d8df9cf45
grafana-debuginfo-9.2.10-25.el9_4.aarch64.rpm	SHA-256: 22dcd80338596c560f0f832ef2e75adbb04dc4a96c33ea52c1e36b08d9189b34
grafana-debugsource-9.2.10-25.el9_4.aarch64.rpm	SHA-256: 0eb3a43f9261d34c1c16f239dad7020f7d2e10f268f84a464af92501244ec822
grafana-selinux-9.2.10-25.el9_4.aarch64.rpm	SHA-256: 3822e06d16c9bb19640c5cad07a36f5b02f2fef3e142cfafdfc02f5eab43fa8e

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.4

SRPM
grafana-9.2.10-25.el9_4.src.rpm	SHA-256: f7e08300d9b24a9f0f4ae80cff1b674b375f3e961eb2f351f2264424524f99dd
s390x
grafana-9.2.10-25.el9_4.s390x.rpm	SHA-256: e9f5f09e951aeb945010f71c62ecd70ead2f368dfea48874b8b30ff882b0845c
grafana-debuginfo-9.2.10-25.el9_4.s390x.rpm	SHA-256: 1735d38e4fbb87fb3360f204fb7e8f6f0c23a9a34c4ed0e582f09ca20ca8501c
grafana-debugsource-9.2.10-25.el9_4.s390x.rpm	SHA-256: b4d5711c1bdb3aa655f787d812699beee8a5d785e10e8a2d1151203e203461c9
grafana-selinux-9.2.10-25.el9_4.s390x.rpm	SHA-256: 9e3740694d1fd189718ae416a555b0ec312cfe301df1d535f7b7111a07f90c9c

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation