ELSA-2022-7648 - grafana-pcp security update
| Type: | SECURITY |
| Impact: | MODERATE |
| Release Date: | 2022-11-15 |
Description
[3.2.0-2]
- resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
- resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
- resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
- resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
- resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
- resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle Linux 8 (aarch64) | grafana-pcp-3.2.0-2.el8.src.rpm | 7516eaaab1ca23cb661a861d18599a56fa2e5fdaec74913a0415975fa2f14a5b | - | ol8_aarch64_appstream |
| grafana-pcp-3.2.0-2.el8.aarch64.rpm | 244ef5831e2a770f30c69a5ec1046669ed8937bc7927c772d5967ac9830e8f2f | - | ol8_aarch64_appstream |
|
| Oracle Linux 8 (x86_64) | grafana-pcp-3.2.0-2.el8.src.rpm | 7516eaaab1ca23cb661a861d18599a56fa2e5fdaec74913a0415975fa2f14a5b | - | ol8_x86_64_appstream |
| grafana-pcp-3.2.0-2.el8.x86_64.rpm | 2e52262b21743d7a89c7d60baedecd76435059ed9a180ffa72c59b3fd71441b6 | - | ol8_x86_64_appstream |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
