Release date:
2026-06-03 09:22:41 UTC
Description:
- CVE-2026-33378: fix denial of service (OOM) from a non-positive fill
interval reaching the SQL fill/resample loop, which then stepped backwards
in time and never terminated, allocating rows until the server ran out of
memory. Reject interval <= 0 in the $__timeGroup / $__unixEpochGroup macros
of the PostgreSQL, MySQL and MSSQL datasources, and additionally guard the
shared resample call site (qm.Interval > 0) so a negative fillInterval
supplied directly in the query JSON cannot reach the loop either
Updated packages:
-
grafana-10.2.6-15.el9_6.tuxcare.els9.x86_64.rpm
sha:633dab376c65c19b904ffc2aa290200a50aaac8f78a9007fbe220ad2b34fb967
-
grafana-selinux-10.2.6-15.el9_6.tuxcare.els9.x86_64.rpm
sha:6884f5a5d722b5434c463b88e817df77aed9e49eee6c2c8578867983697a0622
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
