[RLSA-2022:8250] grafana-pcp security update

Severity Moderate

Affected Packages 2

CVEs 6

An update is available for grafana-pcp. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards.

Security Fix(es):

golang: net/http: improper sanitization of Transfer-Encoding header (CVE-2022-1705)
golang: io/fs: stack exhaustion in Glob (CVE-2022-30630)
golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)
golang: path/filepath: stack exhaustion in Glob (CVE-2022-30632)
golang: encoding/gob: stack exhaustion in Decoder.Decode (CVE-2022-30635)
golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (CVE-2022-32148)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 9.1 Release Notes linked from the References section.

Package	Affected Version
pkg:rpm/rockylinux/grafana-pcp?arch=x86_64&distro=rockylinux-9	< 3.2.0-3.el9
pkg:rpm/rockylinux/grafana-pcp?arch=aarch64&distro=rockylinux-9	< 3.2.0-3.el9

ID

RLSA-2022:8250

Severity

moderate

URL

https://errata.rockylinux.org/RLSA-2022:8250

Published

2022-11-15T06:19:30
(22 months ago)

Modified

2023-02-02T14:08:36
(19 months ago)

Rights

Other Advisories

Source	# ID	URL
CVE	CVE-2022-1705	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1705
CVE	CVE-2022-30630	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30630
CVE	CVE-2022-30631	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631
CVE	CVE-2022-30632	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632
CVE	CVE-2022-30635	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635
CVE	CVE-2022-32148	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148
Bugzilla	2107342	https://bugzilla.redhat.com/show_bug.cgi?id=2107342
Bugzilla	2107371	https://bugzilla.redhat.com/show_bug.cgi?id=2107371
Bugzilla	2107374	https://bugzilla.redhat.com/show_bug.cgi?id=2107374
Bugzilla	2107383	https://bugzilla.redhat.com/show_bug.cgi?id=2107383
Bugzilla	2107386	https://bugzilla.redhat.com/show_bug.cgi?id=2107386
Bugzilla	2107388	https://bugzilla.redhat.com/show_bug.cgi?id=2107388
Self	RLSA-2022:8250	https://errata.rockylinux.org/RLSA-2022:8250

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch	Patch / Fix
Affected	pkg:rpm/rockylinux/grafana-pcp?arch=x86_64&distro=rockylinux-9	rockylinux	grafana-pcp	< 3.2.0-3.el9	rockylinux-9	x86_64
Affected	pkg:rpm/rockylinux/grafana-pcp?arch=aarch64&distro=rockylinux-9	rockylinux	grafana-pcp	< 3.2.0-3.el9	rockylinux-9	aarch64

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date