grafana-9.2.10-27.el8_10

エラータID: AXSA:2026-107:02

Release date: 
Friday, January 30, 2026 - 22:03
Subject: 
grafana-9.2.10-27.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

* crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate (CVE-2025-61729)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-61729
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Solution: 

Update packages.

CVEs: 
CVE-2025-61729
Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.
Additional Info: 

N/A

Download: 

SRPMS
  1. grafana-9.2.10-27.el8_10.src.rpm
    MD5: bb59697e465b3979079dae8489255349
    SHA-256: 892cef2ce83f34927bed62f9736a8aa5583a7e83ee1731073be57a41566ff905
    Size: 327.50 MB

Asianux Server 8 for x86_64
  1. grafana-9.2.10-27.el8_10.x86_64.rpm
    MD5: 0ce6af19e53cde7ec393ec55abb903f1
    SHA-256: a408355258ca4b6cdb7d13b2059c22d3e56f49196fdf5058986b2b8ddb1b14f2
    Size: 77.06 MB
  2. grafana-selinux-9.2.10-27.el8_10.x86_64.rpm
    MD5: 714ab1d666c798ad121af221c0bf684a
    SHA-256: fc4177e88dbe4d850500194e84a6c8f0abee974d9c17d1cc147864114b3b7cf0
    Size: 35.23 kB