Security News

Cybersecurity news aggregator

🔄
HIGH Updates Red Hat Errata

RHSA-2026:19136: Important: grafana-pcp security update

cve-2026-32282red-hatcve-2026-32283
This Red Hat security update addresses two vulnerabilities in the grafana-pcp plugin, which stem from its embedded Go runtime. CVE-2026-32282 (CVSS 6.4) is a medium-severity flaw where `Root.Chmod` can follow symlinks outside the root, while CVE-2026-32283 (CVSS 7.5) is a high-severity denial-of-service vulnerability triggered by multiple TLS 1.3 key update messages. The affected versions are those containing Go versions earlier than 1.25.9 or from 1.26.0 up to but excluding 1.26.2, requiring an update to the patched grafana-pcp package provided by Red Hat.
Read Full Article →

Red Hat Product Errata RHSA-2026:19136 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19136 - Security Advisory Overview Updated Packages Synopsis Important: grafana-pcp security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for grafana-pcp is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The Grafana plugin for Performance Co-Pilot includes datasources for scalable time series from pmseries and Redis, live PCP metrics and bpftrace scripts from pmdabpftrace, as well as several dashboards. Security Fix(es): golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root (CVE-2026-32282) crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages (CVE-2026-32283) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2456336 - CVE-2026-32282 golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root BZ - 2456338 - CVE-2026-32283 crypto/tls: golang: Go crypto/tls: Denial of Service via multiple TLS 1.3 key update messages CVEs CVE-2026-32282 CVE-2026-32283 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM grafana-pcp-5.3.0-5.el10_2.src.rpm SHA-256: 33bf018c98d9dc7e40cf29ce6678837d9f9f1f3cedc9d7fb140db213671feccf x86_64 grafana-pcp-5.3.0-5.el10_2.x86_64.rpm SHA-256: 622ef3084ff2c8c2d5f3639de0e8d27fbf9122664d82c6ef72a11c2ab37b3b03 grafana-pcp-debuginfo-5.3.0-5.el10_2.x86_64.rpm SHA-256: 8577bd9e80292f6d892ee36bf1a7b976c441071b4eddbbba399a8a367281b62d grafana-pcp-debugsource-5.3.0-5.el10_2.x86_64.rpm SHA-256: c08c0d0f1496ff33a8bd7b20e29d5ff829bab0e7678a19c5d70de766dd57eb8f Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 SRPM grafana-pcp-5.3.0-5.el10_2.src.rpm SHA-256: 33bf018c98d9dc7e40cf29ce6678837d9f9f1f3cedc9d7fb140db213671feccf x86_64 grafana-pcp-5.3.0-5.el10_2.x86_64.rpm SHA-256: 622ef3084ff2c8c2d5f3639de0e8d27fbf9122664d82c6ef72a11c2ab37b3b03 grafana-pcp-debuginfo-5.3.0-5.el10_2.x86_64.rpm SHA-256: 8577bd9e80292f6d892ee36bf1a7b976c441071b4eddbbba399a8a367281b62d grafana-pcp-debugsource-5.3.0-5.el10_2.x86_64.rpm SHA-256: c08c0d0f1496ff33a8bd7b20e29d5ff829bab0e7678a19c5d70de766dd57eb8f Red Hat Enterprise Linux for IBM z Systems 10 SRPM grafana-pcp-5.3.0-5.el10_2.src.rpm SHA-256: 33bf018c98d9dc7e40cf29ce6678837d9f9f1f3cedc9d7fb140db213671feccf s390x grafana-pcp-5.3.0-5.el10_2.s390x.rpm SHA-256: 439b15bd34b5dfb047b26b1398febd238b0bcf43173eee7d6fa9e4d033ee9ad8 grafana-pcp-debuginfo-5.3.0-5.el10_2.s390x.rpm SHA-256: 3056cfecbf7cf93cb11167b460c3ddc04831f299552b0036902294b13b0e0458 grafana-pcp-debugsource-5.3.0-5.el10_2.s390x.rpm SHA-256: 5dace53f57f7bd74abb43a7273b98eccfb7eadb4f6af568659a1e2dce0a5e0d0 Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 SRPM grafana-pcp-5.3.0-5.el10_2.src.rpm SHA-256: 33bf018c98d9dc7e40cf29ce6678837d9f9f1f3cedc9d7fb140db213671feccf s390x grafana-pcp-5.3.0-5.el10_2.s390x.rpm SHA-256: 439b15bd34b5dfb047b26b1398febd238b0bcf43173eee7d6fa9e4d033ee9ad8 grafana-pcp-debuginfo-5.3.0-5.el10_2.s390x.rpm SHA-256: 3056cfecbf7cf93cb11167b460c3ddc04831f299552b0036902294b13b0e0458 grafana-pcp-debugsource-5.3.0-5.el10_2.s390x.rpm SHA-256: 5dace53f57f7bd74abb43a7273b98eccfb7eadb4f6af568659a1e2dce0a5e0d0 Red Hat Enterprise Linux for Power, little endian 10 SRPM grafana-pcp-5.3.0-5.el10_2.src.rpm SHA-256: 33bf018c98d9dc7e40cf29ce6678837d9f9f1f3cedc9d7fb140db213671feccf ppc64le grafana-pcp-5.3.0-5.el10_2.ppc64le.rpm SHA-256: 18d38cc7eff151d6c86be80fe894cd62308e4d9193d2b38771f8b1cd3736ecc5 grafana-pcp-debuginfo-5.3.0-5.el10_2.ppc64le.rpm SHA-256: 08aa6c65428d0db82667cb99ba83e1252c1150baeb82f3c5d390f6ffd0bfd4a7 grafana-pcp-debugsource-5.3.0-5.el10_2.ppc64le.rpm SHA-256: 6b75c85958d488c1999c367427a04f44b6adb8640771e9fd9d52ddd35b6e003a Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 SRPM grafana-pcp-5.3.0-5.el10_2.src.rpm SHA-256: 33bf018c98d9dc7e40cf29ce6678837d9f9f1f3cedc9d7fb140db213671feccf ppc64le grafana-pcp-5.3.0-5.el10_2.ppc64le.rpm SHA-256: 18d38cc7eff151d6c86be80fe894cd62308e4d9193d2b38771f8b1cd3736ecc5 grafana-pcp-debuginfo-5.3.0-5.el10_2.ppc64le.rpm SHA-256: 08aa6c65428d0db82667cb99ba83e1252c1150baeb82f3c5d390f6ffd0bfd4a7 grafana-pcp-debugsource-5.3.0-5.el10_2.ppc64le.rpm SHA-256: 6b75c85958d488c1999c367427a04f44b6adb8640771e9fd9d52ddd35b6e003a Red Hat Enterprise Linux for ARM 64 10 SRPM grafana-pcp-5.3.0-5.el10_2.src.rpm SHA-256: 33bf018c98d9dc7e40cf29ce6678837d9f9f1f3cedc9d7fb140db213671feccf aarch64 grafana-pcp-5.3.0-5.el10_2.aarch64.rpm SHA-256: 0deab262d013425afdf869e5efd0844172e88c55a27e6ff21c167b129d897107 grafana-pcp-debuginfo-5.3.0-5.el10_2.aarch64.rpm SHA-256: 0af4a13c554f85813b0a130de322b229f2652a3c79ced7247af012da23128418 grafana-pcp-debugsource-5.3.0-5.el10_2.aarch64.rpm SHA-256: 4aad977cf6e7f71214f3457b2ad86bd7936db588197802ce1d95bb8b63211ded Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 SRPM grafana-pcp-5.3.0-5.el10_2.src.rpm SHA-256: 33bf018c98d9dc7e40cf29ce6678837d9f9f1f3cedc9d7fb140db213671feccf aarch64 grafana-pcp-5.3.0-5.el10_2.aarch64.rpm SHA-256: 0deab262d013425afdf869e5efd0844172e88c55a27e6ff21c167b129d897107 grafana-pcp-debuginfo-5.3.0-5.el10_2.aarch64.rpm SHA-256: 0af4a13c554f85813b0a130de322b229f2652a3c79ced7247af012da23128418 grafana-pcp-debugsource-5.3.0-5.el10_2.aarch64.rpm SHA-256: 4aad977cf6e7f71214f3457b2ad86bd7936db588197802ce1d95bb8b63211ded Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 SRPM grafana-pcp-5.3.0-5.el10_2.src.rpm SHA-256: 33bf018c98d9dc7e40cf29ce6678837d9f9f1f3cedc9d7fb140db213671feccf aarch64 grafana-pcp-5.3.0-5.el10_2.aarch64.rpm SHA-256: 0deab262d013425afdf869e5efd0844172e88c55a27e6ff21c167b129d897107 grafana-pcp-debuginfo-5.3.0-5.el10_2.aarch64.rpm SHA-256: 0af4a13c554f85813b0a130de322b229f2652a3c79ced7247af012da23128418 grafana-pcp-debugsource-5.3.0-5.el10_2.aarch64.rpm SHA-256: 4aad977cf6e7f71214f3457b2ad86bd7936db588197802ce1d95bb8b63211ded Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 SRPM grafana-pcp-5.3.0-5.el10_2.src.rpm SHA-256: 33bf018c98d9dc7e40cf29ce6678837d9f9f1f3cedc9d7fb140db213671feccf s390x grafana-pcp-5.3.0-5.el10_2.s390x.rpm SHA-256: 439b15bd34b5dfb047b26b1398febd238b0bcf43173eee7d6fa9e4d033ee9ad8 grafana-pcp-debuginfo-5.3.0-5.el10_2.s390x.rpm SHA-256: 3056cfecbf7cf93cb11167b460c3ddc04831f299552b0036902294b13b0e0458 grafana-pcp-debugsource-5.3.0-5.el10_2.s390x.rpm SHA-256: 5dace53f57f7bd74abb43a7273b98eccfb7eadb4f6af568659a1e2dce0a5e0d0 Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 SRPM grafana-pcp-5.3.0-5.el10_2.src.rpm SHA-256: 33bf018c98d9dc7e40cf29ce6678837d9f9f1f3cedc9d7fb140db213671feccf ppc64le grafana-pcp-5.3.0-5.el10_2.ppc64le.rpm SHA-256: 18d38cc7eff151d6c86be80fe894cd62308e4d9193d2b38771f8b1cd3736ecc5 grafana-pcp-debuginfo-5.3.0-5.el10_2.ppc64le.rpm SHA-256: 08aa6c65428d0db82667cb99ba83e1252c1150baeb82f3c5d390f6ffd0bfd4a7 grafana-pcp-debugsource-5.3.0-5.el10_2.ppc64le.rpm SHA-256: 6b75c85958d488c1999c367427a04f44b6adb8640771e9fd9d52ddd35b6e003a Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 SRPM grafana-pcp-5.3.0-5.el10_2.src.rpm SHA-256: 33bf018c98d9dc7e40cf29ce6678837d9f9f1f3cedc9d7fb140db213671feccf x86_64 grafana-pcp-5.3.0-5.el10_2.x86_64.rpm SHA-256: 622ef3084ff2c8c2d5f3639de0e8d27fbf9122664d82c6ef72a11c2ab37b3b03 grafana-pcp-debuginfo-5.3.0-5.el10_2.x86_64.rpm SHA-256: 8577bd9e80292f6d892ee36bf1a7b976c441071b4eddbbba399a8a367281b62d grafana-pcp-debugsource-5.3.0-5.el10_2.x86_64.rpm SHA-256: c08c0d0f1496ff33a8bd7b20e29d5ff829bab0e7678a19c5d70de766dd57eb8f Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 SRPM grafana-pcp-5.3.0-5.el10_2.src.rpm SHA-256: 33bf018c98d9dc7e40cf29ce6678837d9f9f1f3cedc9d7fb140db213671feccf x86_64 grafana-pcp-5.3.0-5.el10_2.x86_64.rpm SHA-256: 622ef3084ff2c8c2d5f3639de0e8d27fbf9122664d82c6ef72a11c2ab37b3b03 grafana-pcp-debuginfo-5.3.0-5.el10_2.x86_64.rpm SHA-256: 8577bd9e80292f6d892ee36bf1a7b976c441071b4eddbbba399a8a

Related Articles

INFO RHSA-2026:15980: Important: rhc security update Red Hat Errata HIGH RHSA-2026:16875: Important: git-lfs security update Red Hat Errata HIGH RHSA-2026:19139: Important: go-fdo-client security update Red Hat Errata HIGH RHSA-2026:19135: Important: opentelemetry-collector security update Red Hat Errata
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn