grafana-9.2.10-19.el9_4

エラータID: AXSA:2024-8957:17

Release date: 
Tuesday, November 5, 2024 - 18:15
Subject: 
grafana-9.2.10-19.el9_4
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

* golang-fips: Golang FIPS zeroed buffer (CVE-2024-9355)
* dompurify: nesting-based mutation XSS vulnerability (CVE-2024-47875)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-47875
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMpurify was vulnerable to nesting-based mXSS. This vulnerability is fixed in 2.5.0 and 3.1.3.
CVE-2024-9355
A vulnerability was found in Golang FIPS OpenSSL. This flaw allows a malicious user to randomly cause an uninitialized buffer length variable with a zeroed buffer to be returned in FIPS mode. It may also be possible to force a false positive match between non-equal hashes when comparing a trusted computed hmac sum to an untrusted input sum if an attacker can send a zeroed buffer in place of a pre-computed sum.  It is also possible to force a derived key to be all zeros instead of an unpredictable value.  This may have follow-on implications for the Go TLS stack.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. grafana-9.2.10-19.el9_4.src.rpm
    MD5: fda2fb54ced7135fc8e24aa811286537
    SHA-256: d033e4d6b16f0056ff6a8825d9d052dfbf56ced773728c3ad106478ad7b66ba3
    Size: 321.49 MB

Asianux Server 9 for x86_64
  1. grafana-9.2.10-19.el9_4.x86_64.rpm
    MD5: 0ba6858e0f3a0a99c2cd2f317facce00
    SHA-256: 88a9f92f7a9ffc11f7406b44e7344b9565fcf79c429c45bb903aeec92b8fffe4
    Size: 73.76 MB
  2. grafana-selinux-9.2.10-19.el9_4.x86_64.rpm
    MD5: 5a7a0772a611abba88076a17f90e4c44
    SHA-256: a9390e216c447c9af524d566aa4ce3d5966c0ac9d003be9f2a4d59f8d9731b76
    Size: 24.82 kB