grafana-9.2.10-19.el9_4
エラータID: AXSA:2024-8957:17
Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.
Security Fix(es):
* golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)
* dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2024-47875
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
CVE-2024-9355
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
Update packages.
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum. It is also possible to force a derived key to be all zeros instead of an unpredictable value. This may have follow-on implications for the Go TLS stack.
N/A
SRPMS
- grafana-9.2.10-19.el9_4.src.rpm
MD5: fda2fb54ced7135fc8e24aa811286537
SHA-256: d033e4d6b16f0056ff6a8825d9d052dfbf56ced773728c3ad106478ad7b66ba3
Size: 321.49 MB
Asianux Server 9 for x86_64
- grafana-9.2.10-19.el9_4.x86_64.rpm
MD5: 0ba6858e0f3a0a99c2cd2f317facce00
SHA-256: 88a9f92f7a9ffc11f7406b44e7344b9565fcf79c429c45bb903aeec92b8fffe4
Size: 73.76 MB - grafana-selinux-9.2.10-19.el9_4.x86_64.rpm
MD5: 5a7a0772a611abba88076a17f90e4c44
SHA-256: a9390e216c447c9af524d566aa4ce3d5966c0ac9d003be9f2a4d59f8d9731b76
Size: 24.82 kB