grafana-9.2.10-26.el8_10

エラータID: AXSA:2025-11628:15

リリース日: 
2025/12/26 Friday - 11:29
題名: 
grafana-9.2.10-26.el8_10
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
Moderate
Description: 

Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

* golang: archive/tar: Unbounded allocation when parsing GNU sparse map (CVE-2025-58183)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-58183
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.

解決策: 

Update packages.

CVE: 
CVE-2025-58183
tar.Reader does not set a maximum size on the number of sparse region data blocks in GNU tar pax 1.0 sparse files. A maliciously-crafted archive containing a large number of sparse regions can cause a Reader to read an unbounded amount of data from the archive into memory. When reading from a compressed source, a small compressed input can result in large allocations.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. grafana-9.2.10-26.el8_10.src.rpm
    MD5: b54d4507a033df5fdb7e8b3e05422f82
    SHA-256: a0619544d998b7f9d82e8646a81afb35ec603f8a32c5f777809683a23ef3f886
    Size: 327.50 MB

Asianux Server 8 for x86_64
  1. grafana-9.2.10-26.el8_10.x86_64.rpm
    MD5: 16fff0177c50054c8b8ef7d83e08e9c8
    SHA-256: 8b89286248784f0328e7a18da4167488d117b56eb497a9f2b3841663389a6415
    Size: 77.06 MB
  2. grafana-selinux-9.2.10-26.el8_10.x86_64.rpm
    MD5: d5caf5c5c030f0b110ac3ffe8a3ed3c4
    SHA-256: 2e087026247bbb9f6c44214e6b64e1e751f414b535151e56d0124a78e2aa6628
    Size: 35.14 kB