ELSA-2022-7648

ELSA-2022-7648 - grafana-pcp security update

Type:SECURITY
Severity:MODERATE
Release Date:2022-11-15

Description


[3.2.0-2]
- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
- resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
- resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
- resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode


Related CVEs


CVE-2022-1705
CVE-2022-30631
CVE-2022-30635
CVE-2022-32148
CVE-2022-30630
CVE-2022-30632

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 8 (aarch64) grafana-pcp-3.2.0-2.el8.src.rpm06f5dd339343766f0dfbae751cab3200-
grafana-pcp-3.2.0-2.el8.aarch64.rpm63c2c16f027dec225ce61f50f1d2bd88-
Oracle Linux 8 (x86_64) grafana-pcp-3.2.0-2.el8.src.rpm06f5dd339343766f0dfbae751cab3200-
grafana-pcp-3.2.0-2.el8.x86_64.rpmdb968dc441b5151744a5df2403fbea5b-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete