RLSA-2024:6947

Security

Mirrored from RHSA-2024:6947

Issued at: 2024-09-30

Updated at: 2024-09-30

Synopsis

Important: grafana security update

Description

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

* encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion (CVE-2024-34156)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 9 aarch64

Rocky Linux 9 ppc64le

Rocky Linux 9 s390x

Rocky Linux 9 x86_64

Fixes

2310528

CVEs

CVE-2024-34156

Affected packages

Rocky Linux 9 aarch64 - AppStream

grafana-0:9.2.10-17.el9_4.aarch64.rpm

grafana-0:9.2.10-17.el9_4.src.rpm

grafana-debuginfo-0:9.2.10-17.el9_4.aarch64.rpm

grafana-debugsource-0:9.2.10-17.el9_4.aarch64.rpm

grafana-selinux-0:9.2.10-17.el9_4.aarch64.rpm

Rocky Linux 9 ppc64le - AppStream

grafana-0:9.2.10-17.el9_4.ppc64le.rpm

grafana-0:9.2.10-17.el9_4.src.rpm

grafana-debuginfo-0:9.2.10-17.el9_4.ppc64le.rpm

grafana-debugsource-0:9.2.10-17.el9_4.ppc64le.rpm

grafana-selinux-0:9.2.10-17.el9_4.ppc64le.rpm

Rocky Linux 9 s390x - AppStream

grafana-0:9.2.10-17.el9_4.s390x.rpm

grafana-0:9.2.10-17.el9_4.src.rpm

grafana-debuginfo-0:9.2.10-17.el9_4.s390x.rpm

grafana-debugsource-0:9.2.10-17.el9_4.s390x.rpm

grafana-selinux-0:9.2.10-17.el9_4.s390x.rpm

Rocky Linux 9 x86_64 - AppStream

grafana-0:9.2.10-17.el9_4.src.rpm

grafana-0:9.2.10-17.el9_4.x86_64.rpm

grafana-debuginfo-0:9.2.10-17.el9_4.x86_64.rpm

grafana-debugsource-0:9.2.10-17.el9_4.x86_64.rpm

grafana-selinux-0:9.2.10-17.el9_4.x86_64.rpm