grafana-9.2.10-31.el8_10

エラータID: AXSA:2026-1261:19

Release date: 
Wednesday, July 15, 2026 - 13:35
Subject: 
grafana-9.2.10-31.el8_10
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

* golang.org/x/net/idna: golang: golang.org/x/net/idna: Privilege escalation via incorrect Punycode label processing (CVE-2026-39821)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-39821
The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject "example.com" but permit "xn--example-.com". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name "example.com".

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. grafana-9.2.10-31.el8_10.src.rpm
    MD5: 643a98f92b6f87429e5c2fb37bdfa6f2
    SHA-256: 9f02c96f700a0e54aa7ebaf1613e85e8102e852dd2071c0bc6a41336b35811bb
    Size: 326.61 MB

Asianux Server 8 for x86_64
  1. grafana-9.2.10-31.el8_10.x86_64.rpm
    MD5: e6520e445e23bf0a68b5d47ee25fb931
    SHA-256: 2c190aed40f287c90f9afd007ea1a2903505c7c591761380e9ef85097a16ea5d
    Size: 77.13 MB
  2. grafana-selinux-9.2.10-31.el8_10.x86_64.rpm
    MD5: c47f1672170a3acf7ccafb572fa79f54
    SHA-256: a9a2f4edee40c9873f2acc0172b9652f3c1b5922008dfdafd1577ab84e55da0e
    Size: 35.71 kB