ELSA-2023-2167

ELSA-2023-2167 - grafana security and enhancement update

Type:SECURITY
Impact:MODERATE
Release Date:2023-05-15

Description


[9.0.9-2]
- resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in
- resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws

[9.0.9-1]
- update to 9.0.9 tagged upstream community sources, see CHANGELOG
- resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2125530)

[9.0.8-2]
- bump NVR

[9.0.8-1]
- update to 9.0.8 tagged upstream community sources, see CHANGELOG
- do not list /usr/share/grafana/conf twice
- drop makefile in favor of create_bundles.sh script
- sync provides/obsoletes with CentOS versions
- drop husky patch


Related CVEs


CVE-2022-41715
CVE-2022-39229
CVE-2022-2880
CVE-2022-27664
CVE-2022-35957

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 9 (aarch64) grafana-9.0.9-2.el9.src.rpm8ad74ec37ffffbdfaef24772b74dde3b154fe915cf0217292fc80ad7600ae4fe-ol9_aarch64_appstream
grafana-9.0.9-2.el9.src.rpm8ad74ec37ffffbdfaef24772b74dde3b154fe915cf0217292fc80ad7600ae4fe-ol9_aarch64_appstream_developer
grafana-9.0.9-2.el9.aarch64.rpmd2a2bc108b9560457528a7b0f3c750d4a836b46aafe671ff192835b32d9eb1f6-ol9_aarch64_appstream
grafana-9.0.9-2.el9.aarch64.rpmd2a2bc108b9560457528a7b0f3c750d4a836b46aafe671ff192835b32d9eb1f6-ol9_aarch64_appstream_developer
Oracle Linux 9 (x86_64) grafana-9.0.9-2.el9.src.rpm8ad74ec37ffffbdfaef24772b74dde3b154fe915cf0217292fc80ad7600ae4fe-ol9_x86_64_appstream
grafana-9.0.9-2.el9.src.rpm8ad74ec37ffffbdfaef24772b74dde3b154fe915cf0217292fc80ad7600ae4fe-ol9_x86_64_appstream_developer
grafana-9.0.9-2.el9.x86_64.rpmcd643d0b68fa3868239d4ef40b6251f6c21cf7d6520fc8f271963426a82e65b8-ol9_x86_64_appstream
grafana-9.0.9-2.el9.x86_64.rpmcd643d0b68fa3868239d4ef40b6251f6c21cf7d6520fc8f271963426a82e65b8-ol9_x86_64_appstream_developer



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete