ELSA-2023-2167 - grafana security and enhancement update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2023-05-15 |
Description
[9.0.9-2]
- resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in
- resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws
[9.0.9-1]
- update to 9.0.9 tagged upstream community sources, see CHANGELOG
- resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2125530)
[9.0.8-2]
- bump NVR
[9.0.8-1]
- update to 9.0.8 tagged upstream community sources, see CHANGELOG
- do not list /usr/share/grafana/conf twice
- drop makefile in favor of create_bundles.sh script
- sync provides/obsoletes with CentOS versions
- drop husky patch
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle Linux 9 (aarch64) | grafana-9.0.9-2.el9.src.rpm | 15c0c5d683a66401962b62b049e5b13d | - |
| grafana-9.0.9-2.el9.aarch64.rpm | 21af676d4a6c8cfcd1d0bd2186d6bbce | - |
|
| Oracle Linux 9 (x86_64) | grafana-9.0.9-2.el9.src.rpm | 15c0c5d683a66401962b62b049e5b13d | - |
| grafana-9.0.9-2.el9.x86_64.rpm | 5d8b6ad6cce47eb9a96453ca21161318 | - |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
