[ELSA-2023-2167] grafana security and enhancement update

Severity Moderate

Affected Packages 1

CVEs 5

[9.0.9-2]
- resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in
- resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws

[9.0.9-1]
- update to 9.0.9 tagged upstream community sources, see CHANGELOG
- resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2125530)

[9.0.8-2]
- bump NVR

[9.0.8-1]
- update to 9.0.8 tagged upstream community sources, see CHANGELOG
- do not list /usr/share/grafana/conf twice
- drop makefile in favor of create_bundles.sh script
- sync provides/obsoletes with CentOS versions
- drop husky patch

Package	Affected Version
pkg:rpm/oraclelinux/grafana?distro=oraclelinux-9	< 9.0.9-2.el9

ID

ELSA-2023-2167

Severity

moderate

URL

https://linux.oracle.com/errata/ELSA-2023-2167.html

Published

2023-05-15T00:00:00
(16 months ago)

Modified

2023-05-15T00:00:00
(16 months ago)

Rights

Other Advisories

Source	# ID	URL
elsa	ELSA-2023-2167	https://linux.oracle.com/errata/ELSA-2023-2167.html
CVE	CVE-2022-41715	https://linux.oracle.com/cve/CVE-2022-41715.html
CVE	CVE-2022-39229	https://linux.oracle.com/cve/CVE-2022-39229.html
CVE	CVE-2022-2880	https://linux.oracle.com/cve/CVE-2022-2880.html
CVE	CVE-2022-35957	https://linux.oracle.com/cve/CVE-2022-35957.html
CVE	CVE-2022-27664	https://linux.oracle.com/cve/CVE-2022-27664.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/oraclelinux/grafana?distro=oraclelinux-9	oraclelinux	grafana	< 9.0.9-2.el9	oraclelinux-9

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date