ELSA-2023-2784

ELSA-2023-2784 - grafana security update

Type:	SECURITY
Impact:	MODERATE
Release Date:	2023-05-24

Description

[7.5.15-4]
- resolve CVE-2022-39229 grafana: using email as a username can block other users from signing in
- resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
- resolve CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
- resolve CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
- run integration tests in check phase
- update FIPS patch with latest changes in Go packaging

Related CVEs

CVE-2022-41715

CVE-2022-2880

CVE-2022-39229

CVE-2022-27664

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 8 (aarch64)	grafana-7.5.15-4.el8.src.rpm	089e752bd79d2eeaecf7445e82befe58513a231cd8a94bde793ef988cf2feac0	-	ol8_aarch64_appstream
	grafana-7.5.15-4.el8.src.rpm	089e752bd79d2eeaecf7445e82befe58513a231cd8a94bde793ef988cf2feac0	-	ol8_aarch64_appstream_developer
	grafana-7.5.15-4.el8.aarch64.rpm	df6f8ed0325be5dd1e705d91d42e5f7d6ac12371c796f637f2e55da21488fa06	-	ol8_aarch64_appstream
	grafana-7.5.15-4.el8.aarch64.rpm	df6f8ed0325be5dd1e705d91d42e5f7d6ac12371c796f637f2e55da21488fa06	-	ol8_aarch64_appstream_developer
Oracle Linux 8 (x86_64)	grafana-7.5.15-4.el8.src.rpm	089e752bd79d2eeaecf7445e82befe58513a231cd8a94bde793ef988cf2feac0	-	ol8_x86_64_appstream
	grafana-7.5.15-4.el8.src.rpm	089e752bd79d2eeaecf7445e82befe58513a231cd8a94bde793ef988cf2feac0	-	ol8_x86_64_appstream_developer
	grafana-7.5.15-4.el8.x86_64.rpm	961cf7e1dfab2bf18ed346740fdbf231cd137b4542fba0749fe1063f3f6f09c8	-	ol8_x86_64_appstream
	grafana-7.5.15-4.el8.x86_64.rpm	961cf7e1dfab2bf18ed346740fdbf231cd137b4542fba0749fe1063f3f6f09c8	-	ol8_x86_64_appstream_developer

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team