[ELSA-2023-2784] grafana security update

Severity Moderate

Affected Packages 1

CVEs 4

[7.5.15-4]
- resolve CVE-2022-39229 grafana: using email as a username can block other users from signing in
- resolve CVE-2022-27664 golang: net/http: handle server errors after sending GOAWAY
- resolve CVE-2022-41715 golang: regexp/syntax: limit memory used by parsing regexps
- resolve CVE-2022-2880 golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters
- run integration tests in check phase
- update FIPS patch with latest changes in Go packaging

Package	Affected Version
pkg:rpm/oraclelinux/grafana?distro=oraclelinux-8	< 7.5.15-4.el8

ID

ELSA-2023-2784

Severity

moderate

URL

https://linux.oracle.com/errata/ELSA-2023-2784.html

Published

2023-05-24T00:00:00
(16 months ago)

Modified

2023-05-24T00:00:00
(16 months ago)

Rights

Other Advisories

Source	# ID	URL
elsa	ELSA-2023-2784	https://linux.oracle.com/errata/ELSA-2023-2784.html
CVE	CVE-2022-41715	https://linux.oracle.com/cve/CVE-2022-41715.html
CVE	CVE-2022-2880	https://linux.oracle.com/cve/CVE-2022-2880.html
CVE	CVE-2022-39229	https://linux.oracle.com/cve/CVE-2022-39229.html
CVE	CVE-2022-27664	https://linux.oracle.com/cve/CVE-2022-27664.html

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/oraclelinux/grafana?distro=oraclelinux-8	oraclelinux	grafana	< 7.5.15-4.el8	oraclelinux-8

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date