Stay Connected:

ELSA-2022-7519

ELSA-2022-7519 - grafana security, bug fix, and enhancement update

Type:SECURITY
Severity:MODERATE
Release Date:2022-11-15

Description


[7.5.15-3]
- resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
- resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
- resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
- resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
- resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
- resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal

[7.5.15-2]
- resolve CVE-2022-31107 grafana: OAuth account takeover

[7.5.15-1]
- update to 7.5.15 tagged upstream community sources, see CHANGELOG
- resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
- resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling
- resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation
- resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure
- resolve CVE-2021-23648 sanitize-url: XSS
- resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
- declare Node.js dependencies of subpackages
- make vendor and webpack tarballs reproducible


Related CVEs


CVE-2022-1705
CVE-2022-28131
CVE-2022-30631
CVE-2022-30633
CVE-2022-30635
CVE-2022-32148
CVE-2022-1962
CVE-2022-30630
CVE-2022-30632
CVE-2021-23648
CVE-2022-21673
CVE-2022-21702
CVE-2022-21703
CVE-2022-21713
CVE-2022-21698

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) grafana-7.5.15-3.el8.src.rpm5bd2875e760495a8845bf1bdfb97d8c1-
grafana-7.5.15-3.el8.aarch64.rpm7934076daf525707a8f0aed57135ed36-
Oracle Linux 8 (x86_64) grafana-7.5.15-3.el8.src.rpm5bd2875e760495a8845bf1bdfb97d8c1-
grafana-7.5.15-3.el8.x86_64.rpm782772b7d84aeb4279d238a7a888921b-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete
Subscribe | Careers | Contact Us | Legal Notices | Terms of Use | Your Privacy Rights