grafana-selinux-9.2.10-14.el9 RPM for aarch64

From CentOS Stream 9 AppStream for aarch64

SELinux policy module supporting grafana

Provides

• grafana-selinux
• grafana-selinux(aarch-64)

Requires

• /bin/sh
• /bin/sh
• /sbin/fixfiles
• /sbin/fixfiles
• /sbin/restorecon
• /sbin/restorecon
• /sbin/service
• /usr/sbin/semanage
• /usr/sbin/semanage
• /usr/sbin/semodule
• /usr/sbin/semodule
• grafana = 9.2.10-14.el9
• grafana = 9.2.10-14.el9
• grafana = 9.2.10-14.el9
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• selinux-policy >= 38.1.29-1.el9
• selinux-policy-targeted

License

AGPL-3.0-only

Changelog

* Tue Dec 19 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-14
  - Fixes postgresql AVC denial
  - Related RHEL-7505
* Thu Dec 14 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-13
  - Resolves RHEL-19296
  - Fixes coredump issue introduced by selinux
  - Patches out call to panic when trying to walk "/" directory
* Thu Nov 30 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-12
  - Resolves RHEL-7505
  - Fixes additional selinux denials found when testing on certain architectures
* Tue Nov 21 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-11
  - Resolves RHEL-7505
  - Fixes selinux denials found when testing on certain architectures
* Wed Nov 15 2023 Sam Feifer <sfeifer@redhat.com> 9.2.10-10
  - Resolves RHEL-7505
  - Adds a selinux policy for grafana
  - Resolves RHEL-12666
  - fix CVE-2023-39325 CVE-2023-44487 rapid stream resets can cause excessive work
* Thu Jul 20 2023 Stan Cox <scox@redhat.com> 9.2.10-5
  - resolve CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth
* Thu Jun 08 2023 Stan Cox <scox@redhat.com> 9.2.10-3
  - bumps exporter-toolkit to v0.7.3, sanitize-url@npm to 6.0.2, skip problematic s390 tests, License AGPL-3.0-only.
* Mon May 15 2023 Stan Cox <scox@redhat.com> 9.2.10-2
  - Update to 9.2.10
* Thu May 04 2023 Stan Cox <scox@redhat.com> 9.2.10-1
  - Update to 9.2.10
* Tue Nov 01 2022 Stan Cox <scox@redhat.com> 9.0.9-2
  - resolve CVE-2022-39229 grafana: Using email as a username can prevent other users from signing in
  - resolve CVE-2022-2880 CVE-2022-41715 grafana: various flaws
* Wed Sep 21 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.9-1
  - update to 9.0.9 tagged upstream community sources, see CHANGELOG
  - resolve CVE-2022-35957 grafana: Escalation from admin to server admin when auth proxy is used (rhbz#2125530)
* Tue Sep 20 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.8-2
  - bump NVR
* Thu Sep 15 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 9.0.8-1
  - update to 9.0.8 tagged upstream community sources, see CHANGELOG
  - do not list /usr/share/grafana/conf twice
  - drop makefile in favor of create_bundles.sh script
  - sync provides/obsoletes with CentOS versions
  - drop husky patch
* Thu Aug 11 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-3
  - resolve CVE-2022-1962 golang: go/parser: stack exhaustion in all Parse* functions
  - resolve CVE-2022-1705 golang: net/http: improper sanitization of Transfer-Encoding header
  - resolve CVE-2022-32148 golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working
  - resolve CVE-2022-30631 golang: compress/gzip: stack exhaustion in Reader.Read
  - resolve CVE-2022-30630 golang: io/fs: stack exhaustion in Glob
  - resolve CVE-2022-30632 golang: path/filepath: stack exhaustion in Glob
  - resolve CVE-2022-30635 golang: encoding/gob: stack exhaustion in Decoder.Decode
  - resolve CVE-2022-28131 golang: encoding/xml: stack exhaustion in Decoder.Skip
  - resolve CVE-2022-30633 golang: encoding/xml: stack exhaustion in Unmarshal
* Tue Jul 26 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-2
  - resolve CVE-2022-31107 grafana: OAuth account takeover
* Fri Apr 22 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.15-1
  - update to 7.5.15 tagged upstream community sources, see CHANGELOG
  - resolve CVE-2022-21673 grafana: Forward OAuth Identity Token can allow users to access some data sources
  - resolve CVE-2022-21702 grafana: XSS vulnerability in data source handling
  - resolve CVE-2022-21703 grafana: CSRF vulnerability can lead to privilege escalation
  - resolve CVE-2022-21713 grafana: IDOR vulnerability can lead to information disclosure
  - resolve CVE-2021-23648 sanitize-url: XSS
  - resolve CVE-2022-21698 prometheus/client_golang: Denial of service using InstrumentHandlerCounter
  - declare Node.js dependencies of subpackages
  - make vendor and webpack tarballs reproducible
* Tue Jan 18 2022 Andreas Gerstmayr <agerstmayr@redhat.com> 7.5.11-3
  - use HMAC-SHA-256 instead of SHA-1 to generate password reset tokens
  - update FIPS tests in check phase

Files

/usr/share/doc/grafana-selinux
/usr/share/doc/grafana-selinux/grafana.fc
/usr/share/doc/grafana-selinux/grafana.if
/usr/share/doc/grafana-selinux/grafana.pp.mls
/usr/share/doc/grafana-selinux/grafana.pp.targeted
/usr/share/doc/grafana-selinux/grafana.te
/usr/share/selinux/mls/grafana.pp
/usr/share/selinux/targeted/grafana.pp

Generated by rpm2html 1.8.1

Fabrice Bellet, Tue Apr 30 03:38:12 2024