ELSA-2022-7648 - grafana-pcp security update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2022-11-15 |
Description
[3.2.0-2]
- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
- resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
- resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
- resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle Linux 8 (aarch64) | grafana-pcp-3.2.0-2.el8.src.rpm | 06f5dd339343766f0dfbae751cab3200 | - |
| grafana-pcp-3.2.0-2.el8.aarch64.rpm | 63c2c16f027dec225ce61f50f1d2bd88 | - |
|
| Oracle Linux 8 (x86_64) | grafana-pcp-3.2.0-2.el8.src.rpm | 06f5dd339343766f0dfbae751cab3200 | - |
| grafana-pcp-3.2.0-2.el8.x86_64.rpm | db968dc441b5151744a5df2403fbea5b | - |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
