ELSA-2023-2784 - grafana security update
| Type: | SECURITY |
| Severity: | MODERATE |
| Release Date: | 2023-05-24 |
Description
[7.5.15-4]
- resolve CVE-2022-39229 grafana: using email as a username can block other users from signing in
- resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
- resolve CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
- resolve CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
- run integration tests in check phase
- update FIPS patch with latest changes in Go packaging
Related CVEs
Updated Packages
| Release/Architecture | Filename | MD5sum | Superseded By Advisory |
|
| Oracle Linux 8 (aarch64) | grafana-7.5.15-4.el8.src.rpm | 8f07af9995ef7ccc888cda9c101ee6f6 | - |
| grafana-7.5.15-4.el8.aarch64.rpm | 81617741b0de13ab8be91afc1074df8e | - |
|
| Oracle Linux 8 (x86_64) | grafana-7.5.15-4.el8.src.rpm | 8f07af9995ef7ccc888cda9c101ee6f6 | - |
| grafana-7.5.15-4.el8.x86_64.rpm | 094f8a493e1ffdfa34bd42c3085f890b | - |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
