grafana security update

🗓️ 10 May 2024 14:32:42Reported by Rockylinux Product ErrataType

Grafana security update affecting Rocky Linux 9. Update includes fixes for memory leaks and authorization bypass vulnerabilities

Reporter	Title	Published	Views	Family All 416
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js, Golang Go, HTTP/2, NGINX, OpenSSH, Linux kernel might affect IBM Spectrum Protect Plus	4 Feb 202518:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Ceph is vulnerable to Authorization Bypass in Grafana (CVE-2024-1313)	29 Jul 202521:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to protobuf-go, libcurl, libexpat, Java SE, IBM GSKit-Crypto, open redirect, buffer overflow condition and golang-fips/openssl vulnerabilities.	30 Apr 202407:19	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Golang Affect IBM Cloud Pak System	4 Feb 202518:15	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go	5 Jun 202420:27	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson CP4D Data Stores is vulnerable to Golang golang-fips/openssl denial of service vulnerabilitiy( CVE-2024-1394 )	28 Jan 202522:08	–	ibm
Tenable Nessus	Alibaba Cloud Linux 3 : 0082: go-toolset:an8 (ALINUX3-SA-2024:0082)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0096: grafana (ALINUX3-SA-2024:0096)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0113: grafana-pcp (ALINUX3-SA-2024:0113)	14 May 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0164: container-tools:rhel8 (ALINUX3-SA-2024:0164)	14 May 202500:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Rocky Linux	9	aarch64	grafana	0:9.2.10-16.el9_4	grafana-0:9.2.10-16.el9_4.aarch64.rpm
Rocky Linux	9	ppc64le	grafana	0:9.2.10-16.el9_4	grafana-0:9.2.10-16.el9_4.ppc64le.rpm
Rocky Linux	9	s390x	grafana	0:9.2.10-16.el9_4	grafana-0:9.2.10-16.el9_4.s390x.rpm
Rocky Linux	9	x86_64	grafana	0:9.2.10-16.el9_4	grafana-0:9.2.10-16.el9_4.x86_64.rpm
Rocky Linux	9	aarch64	grafana-debuginfo	0:9.2.10-16.el9_4	grafana-debuginfo-0:9.2.10-16.el9_4.aarch64.rpm
Rocky Linux	9	ppc64le	grafana-debuginfo	0:9.2.10-16.el9_4	grafana-debuginfo-0:9.2.10-16.el9_4.ppc64le.rpm
Rocky Linux	9	s390x	grafana-debuginfo	0:9.2.10-16.el9_4	grafana-debuginfo-0:9.2.10-16.el9_4.s390x.rpm
Rocky Linux	9	x86_64	grafana-debuginfo	0:9.2.10-16.el9_4	grafana-debuginfo-0:9.2.10-16.el9_4.x86_64.rpm
Rocky Linux	9	aarch64	grafana-debugsource	0:9.2.10-16.el9_4	grafana-debugsource-0:9.2.10-16.el9_4.aarch64.rpm
Rocky Linux	9	ppc64le	grafana-debugsource	0:9.2.10-16.el9_4	grafana-debugsource-0:9.2.10-16.el9_4.ppc64le.rpm

10 May 2024 14:32Current

7.4High risk

Vulners AI Score7.4

CVSS 3.17.5

EPSS0.01379

SSVC