ELSA-2023-2784

ELSA-2023-2784 - grafana security update

Type:SECURITY
Impact:MODERATE
Release Date:2023-05-24

Description


[7.5.15-4]
- resolve CVE-2022-39229 grafana: using email as a username can block other users from signing in
- resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
- resolve CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
- resolve CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
- run integration tests in check phase
- update FIPS patch with latest changes in Go packaging


Related CVEs


CVE-2022-41715
CVE-2022-2880
CVE-2022-39229
CVE-2022-27664

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 8 (aarch64) grafana-7.5.15-4.el8.src.rpm089e752bd79d2eeaecf7445e82befe58513a231cd8a94bde793ef988cf2feac0-ol8_aarch64_appstream
grafana-7.5.15-4.el8.src.rpm089e752bd79d2eeaecf7445e82befe58513a231cd8a94bde793ef988cf2feac0-ol8_aarch64_appstream_developer
grafana-7.5.15-4.el8.aarch64.rpmdf6f8ed0325be5dd1e705d91d42e5f7d6ac12371c796f637f2e55da21488fa06-ol8_aarch64_appstream
grafana-7.5.15-4.el8.aarch64.rpmdf6f8ed0325be5dd1e705d91d42e5f7d6ac12371c796f637f2e55da21488fa06-ol8_aarch64_appstream_developer
Oracle Linux 8 (x86_64) grafana-7.5.15-4.el8.src.rpm089e752bd79d2eeaecf7445e82befe58513a231cd8a94bde793ef988cf2feac0-ol8_x86_64_appstream
grafana-7.5.15-4.el8.src.rpm089e752bd79d2eeaecf7445e82befe58513a231cd8a94bde793ef988cf2feac0-ol8_x86_64_appstream_developer
grafana-7.5.15-4.el8.x86_64.rpm961cf7e1dfab2bf18ed346740fdbf231cd137b4542fba0749fe1063f3f6f09c8-ol8_x86_64_appstream
grafana-7.5.15-4.el8.x86_64.rpm961cf7e1dfab2bf18ed346740fdbf231cd137b4542fba0749fe1063f3f6f09c8-ol8_x86_64_appstream_developer



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete