Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -5 articles for you...
98
security advisorymoderatesecurity issueRed Hat Enterprise Linux 9 RHSA-2023:2167-01 Moderate: Grafana Update
An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: grafana security and enhancement update Advisory ID: RHSA-2023:2167-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2023:2167 Issue date: 2023-05-09 CVE Names: CVE-2022-2880 CVE-2022-27664 CVE-2022-35957 CVE-2022-39229 CVE-2022-41715 ==================================================================== 1. Summary: An update for grafana is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64 3. Description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880) * golang: net/http: handle server errors after sending GOAWAY (CVE-2022-27664) * grafana: Escalation from admin to server admin when auth proxy is used (CVE-2022-35957) * grafana: using email as a username can block other users from signing in (CVE-2022-39229) * golang: regexp/syntax: limit memory used by parsing regexps (CVE-2022-41715) For more details about the security issue(s), including the impact, a CVSS score,acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.2 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2095421 - [RFE] grafana use systemd-sysusers2124669 - CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY 2125514 - CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used 2127218 - [RHEL9][FTBFS] grafana-9.0.8-1.el9 FTBFS on Red Hat Enterprise Linux 9 - 9.1 2131149 - CVE-2022-39229 grafana: using email as a username can block other users from signing in 2132868 - CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters2132872 - CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps 6. Package List: Red Hat Enterprise Linux AppStream (v. 9): Source: grafana-9.0.9-2.el9.src.rpm aarch64: grafana-9.0.9-2.el9.aarch64.rpm grafana-debuginfo-9.0.9-2.el9.aarch64.rpm grafana-debugsource-9.0.9-2.el9.aarch64.rpm ppc64le: grafana-9.0.9-2.el9.ppc64le.rpm grafana-debuginfo-9.0.9-2.el9.ppc64le.rpm grafana-debugsource-9.0.9-2.el9.ppc64le.rpm s390x: grafana-9.0.9-2.el9.s390x.rpm grafana-debuginfo-9.0.9-2.el9.s390x.rpm grafana-debugsource-9.0.9-2.el9.s390x.rpm x86_64: grafana-9.0.9-2.el9.x86_64.rpm grafana-debuginfo-9.0.9-2.el9.x86_64.rpm grafana-debugsource-9.0.9-2.el9.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7.References: https://access.redhat.com/security/cve/CVE-2022-2880 https://access.redhat.com/security/cve/CVE-2022-27664 https://access.redhat.com/security/cve/CVE-2022-35957 https://access.redhat.com/security/cve/CVE-2022-39229 https://access.redhat.com/security/cve/CVE-2022-41715 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.2_release_notes/index 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2023 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBZFo0OtzjgjWX9erEAQi5wg/+Naw+sewu3qSEpfke3GNvMoAA65fGWnjh wlX06wlDVjaEbhytkDHs6hZwQgp86SQdlrfgCyXCgTY3hS5o6QSS8mehC2/t6/dS 9fh8VSmj9Xrv20fS/DwmvnFNjC+Zl8feDEnGAenOQLuV14FZVwb2SDKOzFSc8r5q /BsQb1cNDGwFGJrrnfHuM8FXkNZMoIUttKLocjwhDmtkaD9PWxCFKAfepJVDtAGR x/MTFYarz/8pWvY9qXNoiiYv//y9tc0oa0KV/yWAW5TMpJnlxiUV9d1XJtA6DpSo hSdGo8fR9xsmdhGdorndtQrusXmwohVU3MI/L9L0Hcq7w+i68mBNh9FZt3KHnBAE kSC+1af0fsdOTWCCjIW1B9PfPScxRw1mnUs+3E7XWmEBtuZ+vfWp2MV3XyB9SGu5 +MSryIVrgcyZpSG/1Z192J03R3ql0tumQsR6Er59x1uFP/wp5u3/qG78hb8E3mfn nlGEKrYd8QR44CPazVIRKrGPEj5QICRafvT/8sIcYCjsUGp1IcfXTz0oHEFzaEIF UlGqhrTK/U3YnchRdHKV2BhAz2meyuGgznlnr3IzOxahbzdFr4pPrH61E22lNkqg 2HNSSpcG/svIKgeIN8ChkN4S4ZUfLxj36Bsq//DLzmAeFtzZo/uUohacB488g4Nb 13bLH6cGT4c=JE9B -----END PGP SIGNATURE----- -- RHSA-announce mailing list
May 09, 2023
Red Hat
217
security advisorycriticalsoftware updateOracle Linux 9 ELSA-2022-5716: Grafana OAuth Account Takeover Fix
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: . Oracle Linux Security Advisory ELSA-2022-5716 https://linux.oracle.com/errata/ELSA-2022-5716.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: grafana-7.5.11-5.el9_0.x86_64.rpm aarch64: grafana-7.5.11-5.el9_0.aarch64.rpm SRPMS: https://oss.oracle.com:443/ol9/SRPMS-updates/grafana-7.5.11-5.el9_0.src.rpm Related CVEs: CVE-2022-31107 Description of changes: [7.5.11-5] - resolve CVE-2022-31107 grafana: OAuth account takeover _______________________________________________ El-errata mailing list
Jul 27, 2022
•Important
Oracle
98
security advisoryRed Hat Enterprise Linuxauthentication bypassRed Hat Enterprise Linux 8: RHSA-2021-3771-01 Critical Grafana Auth Bypass
An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Important: grafana security update Advisory ID: RHSA-2021:3771-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3771 Issue date: 2021-10-12 CVE Names: CVE-2021-39226 ==================================================================== 1. Summary: An update for grafana is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB. Security Fix(es): * grafana: Snapshot authentication bypass (CVE-2021-39226) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2011063 - CVE-2021-39226 grafana: Snapshot authentication bypass 6. Package List: Red Hat Enterprise Linux AppStream (v.8): Source: grafana-7.3.6-3.el8_4.src.rpm aarch64: grafana-7.3.6-3.el8_4.aarch64.rpm grafana-debuginfo-7.3.6-3.el8_4.aarch64.rpm ppc64le: grafana-7.3.6-3.el8_4.ppc64le.rpm grafana-debuginfo-7.3.6-3.el8_4.ppc64le.rpm s390x: grafana-7.3.6-3.el8_4.s390x.rpm grafana-debuginfo-7.3.6-3.el8_4.s390x.rpm x86_64: grafana-7.3.6-3.el8_4.x86_64.rpm grafana-debuginfo-7.3.6-3.el8_4.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-39226 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYWVpw9zjgjWX9erEAQildxAAmaVEFXdkzYomlLB0jP2tcA0wgItygxeE 4LSaK9PPixxQYF2L1olMNwRlQHc4+n9pzOfnhrSI0D/uEixIEj2WFaPC73EWLIqy jtv9igQUZERTvTkJAxOv65ytMdmsOaFUI4XVwSssbgXFQV5AX4YueIkEdVKAbZdT jNDJ26mr0FNapldr+8uHGZyhpE5JYs8W7ElHy7pFRC+dOYMzCE5GEzB1wYWVjON1 NVia6g/hx3EMnJPq0m/rJyMxxSl13yd0Qqy+LFeObkP3qGDuYC0uZ8bdJLhlYmmf tRZLA2tx6Q7MRjh7eD77epULnad5KrYNaEbIxHIBL41jdI+4DQFUSHA9uKqSWIop PVMwlKHxx8fRMjZCKOF5Mrx2qibrgeoGwroNJc3blQtzSj17+BqzT4IGbn5qS9OF yXPl6s+Yzoihd+luhjXW0SckY1x9hYOfDlkRK8xdRmcjWbK0sGr3xY3SEAlJ9xUH NsxBc9Ved1mQPqKw9LmGII+nxZQBovlojxzrS7bJzNVRXMrL33K+y+4Tlwsa3Fgg Sf6B+7+en0fW/Kp3R0y1U9JzE0DK6r6hx5+IkISNqiMVqpj61XQsyvsJjm+t8gpX UHmxcyNtnFyFY0gdJSHHKyErr4Dto6oRlqtOslGmeBecQqt01+Xex68BeMyBo88O gyepC07N/Vo=iU5n -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Oct 12, 2021
•Important
Red Hat
98
security advisorymoderateauthentication issueRed Hat Ceph Storage 3.2: RHSA-2019:0019-01 Moderate: Grafana Fix
The updated grafana package is now available for Red Hat Ceph Storage 3.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: grafana security and bug fix update Advisory ID: RHSA-2019:0019-01 Product: Red Hat Ceph Storage Advisory URL: https://access.redhat.com/errata/RHSA-2019:0019 Issue date: 2019-01-03 CVE Names: CVE-2018-15727 ==================================================================== 1. Summary: The updated grafana package is now available for Red Hat Ceph Storage 3.2. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Ceph Storage 3.2 Tools - x86_64 3. Description: The grafana package provides the Grafana metrics dashboard and graph editor. Security Fix(es): * grafana: authentication bypass knowing only a username of an LDAP or OAuth user (CVE-2018-15727) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * The grafana package has been upgraded to upstream version 5.2.4., which includes a number of bug fixes (BZ#1647494) * Shrinking the cluster size no longer causes the Red Hat Ceph Storage Dashboard to display the error message Templating init failed (BZ#1653273) 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, referto: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1624088 - CVE-2018-15727 grafana: authentication bypass knowing only a username of an LDAP or OAuth user 1633825 - Add ceph FS support in ceph metrics 1647494 - Update grafana to latest for security fixes 1647496 - Remove golang dependency from grafana 1652427 - [ceph-metrics]Change password is not working 1653273 - Metrics dashboard is throwing "Templating init failed" error after rerunning metrics playbook 6. Package List: Red Hat Ceph Storage 3.2 Tools: Source: grafana-5.2.4-1.el7cp.src.rpm x86_64: grafana-5.2.4-1.el7cp.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2018-15727 https://access.redhat.com/security/updates/classification/#moderate 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBXC5KJdzjgjWX9erEAQgxMxAAiFfYtrxvJlnPJiTV9TeKNe+Mf20OVHJJ 4v8RwDawhocT+U6qmvAyATlLIi38mrBT2JX9K+RQVXOCR+lr/0umkyU9qVizSoCQ 9zlKBfdCdw0Ot4zcRYO+pHw9eOjL1JzsxGBAPuU6i9qkN0SBi/BkxT/tXJ0vlqjR N9p6nYfyoA7UDmfLtppGfqu87lZkLXYKICf+2By6XJ48a510oOTRTxvxAQV+2cGn 3oXZroZk+MEgNFggz4Vq9tA2evpNzmOqicub2LBnruD2BKlp14kAbsHWtfVCbNXp GeWwsFGfVleY4ww3v8pW357lWDVsMMtyHDgGxFQAv1e+aHE3aCDj3z+R4iwUczeM DohgkyMz5oyfiIJCigV9mzyYAlPN/JCJJyxJlp0/2hOR2lyWeeoGych5Ih3NnBkV tlS5RdHNQfNKgoYX+xNoyT//A4SctpcknLZckN8TgNCAk4sjoN9b2jyGObB1xXaZ O5m3dF7zgWZO92T4SchklueiVk1Wj1GcMxb9dTApQrTBLPVwkOJpOoRD2goXkAhE S3SYYRU1KdJjO6lpG55oR52P42v7HG8b26KNwiqBBMtTaMepjQ8LUcG8d56e8yV2 nQhqlxDMuBgEacr5awuXy4iHmlTyNx06CqlHMLpBoz/UCqULK1A9F8HeBr/Orpm6 tvGLVZbg0yo=hmTs -----END PGP SIGNATURE----- -- RHSA-announce mailing list
Jan 03, 2019
Red Hat
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!