grafana-10.2.6-11.el9_6

エラータID: AXSA:2025-10478:10

Release date: 
Tuesday, July 15, 2025 - 17:36
Subject: 
grafana-10.2.6-11.el9_6
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Grafana is an open source, feature rich metrics dashboard and graph editor for
Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

golang-jwt/jwt: jwt-go allows excessive memory allocation during header
parsing (CVE-2025-30204)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE(s):
CVE-2025-30204

Solution: 

Update packages.

CVEs: 
CVE-2025-30204
golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.
Additional Info: 

N/A

Download: 

SRPMS
  1. grafana-10.2.6-11.el9_6.src.rpm
    MD5: 0c1396e1acb93fbe0a7dab8aea917150
    SHA-256: 753f4ab82a6b30b2e03610e470b184ac521542fb8fa86caa2e92b14b7965ef2c
    Size: 335.91 MB

Asianux Server 9 for x86_64
  1. grafana-10.2.6-11.el9_6.x86_64.rpm
    MD5: 7ab5225d0fecfb37344f294487abad99
    SHA-256: f6f9c6b901048901fea17cf5bcab5efea4703778d6e3f82cac676a8b01f11105
    Size: 112.21 MB
  2. grafana-selinux-10.2.6-11.el9_6.x86_64.rpm
    MD5: aeab8b880638232f4720c6825a22ffab
    SHA-256: 881417032bb92470a515b3d75d13472cd62ffd7d9c34b6b8b2b123f7f6ab91ac
    Size: 25.17 kB