grafana-9.2.10-30.el8_10
エラータID: AXSA:2026-603:15
リリース日:
2026/05/12 Tuesday - 14:24
題名:
grafana-9.2.10-30.el8_10
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Golang の crypto/x509 ライブラリおよび crypto/tls ライブラリ
には、証明書チェーンの構築処理においてリソースの制限を実施して
いない問題があるため、リモートの攻撃者により、サービス拒否攻撃
(リソース枯渇) を可能とする脆弱性が存在します。(CVE-2026-32280)
- Golang の os パッケージの Root.Chmod() 関数には、シンボリック
リンク先のファイルに対して操作を実施してしまう問題があるため、
ローカルの攻撃者により、ファイルシステム上における許可されていない
パーミッション変更を可能とする脆弱性が存在します。
(CVE-2026-32282)
- Golang の crypto/tls パッケージには、TLS 1.3 のハンドシェイク後
の処理においてデッドロックに至る問題があるため、リモートの攻撃者
により、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2026-32283)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-32280
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.
During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.
CVE-2026-32282
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.
On Linux, if the target of Root.Chmod is replaced with a symlink while the chmod operation is in progress, Chmod can operate on the target of the symlink, even when the target lies outside the root. The Linux fchmodat syscall silently ignores the AT_SYMLINK_NOFOLLOW flag, which Root.Chmod uses to avoid symlink traversal. Root.Chmod checks its target before acting and returns an error if the target is a symlink lying outside the root, so the impact is limited to cases where the target is replaced with a symlink between the check and operation.
CVE-2026-32283
If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.
If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.
追加情報:
N/A
ダウンロード:
SRPMS
- grafana-9.2.10-30.el8_10.src.rpm
MD5: c71a0c158d5c6dd6111068824d61b06a
SHA-256: 1bf74c72cfe371a0d0be033a32bd02a95c535165fd1ea0c3a0a6d293e30e6ab6
Size: 327.50 MB
Asianux Server 8 for x86_64
- grafana-9.2.10-30.el8_10.x86_64.rpm
MD5: 177fef6d64a945b1c64fc51710be53d6
SHA-256: b14591b94406ce9cf9e1e088283c17e4df250801a79c9b181fd9955c61fdbc30
Size: 77.07 MB - grafana-selinux-9.2.10-30.el8_10.x86_64.rpm
MD5: fa7dd06dfd5c7eba48507df41af9ef6c
SHA-256: 2ac53aa412f6abaff0d3caf41026a8dc58e748565aaaeabee34dac7946f01cc7
Size: 35.63 kB
English