SUSE-SU-2022:1531-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20221531-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:1531-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:1531-1
Related
Published
2022-05-04T13:32:03Z
Modified
2022-05-04T13:32:03Z
Summary
Security Beta update for SUSE Manager Client Tools
Details

This update fixes the following issues:

golang-github-prometheus-alertmanager:

  • CVE-2022-21698: Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077)
  • Update to version 0.23.0:
    • amtool: Detect version drift and warn users (#2672)
    • Add ability to skip TLS verification for amtool (#2663)
    • Fix empty isEqual in amtool. (#2668)
    • Fix main tests (#2670)
    • cli: add new template render command (#2538)
    • OpsGenie: refer to alert instead of incident (#2609)
    • Docs: targetmatch and sourcematch are DEPRECATED (#2665)
    • Fix test not waiting for cluster member to be ready
  • Added hardening to systemd service(s) (bsc#1181400). Modified: prometheus-alertmanager.service

golang-github-prometheus-node_exporter:

  • CVE-2022-21698: Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)
  • Update to 1.3.0
    • [CHANGE] Add path label to rapl collector #2146
    • [CHANGE] Exclude filesystems under /run/credentials #2157
    • [CHANGE] Add TCPTimeouts to netstat default filter #2189
    • [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771
    • [FEATURE] Add darwin powersupply collector #1777
    • [FEATURE] Add support for monitoring GPUs on Linux #1998
    • [FEATURE] Add Darwin thermal collector #2032
    • [FEATURE] Add os release collector #2094
    • [FEATURE] Add netdev.address-info collector #2105
    • [FEATURE] Add clocksource metrics to time collector #2197
    • [ENHANCEMENT] Support glob textfile collector directories #1985
    • [ENHANCEMENT] ethtool: Expose nodeethtoolinfo metric #2080
    • [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165
    • [ENHANCEMENT] Add flag to disable guest CPU metrics #2123
    • [ENHANCEMENT] Add DMI collector #2131
    • [ENHANCEMENT] Add threads metrics to processes collector #2164
    • [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169
    • [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189
    • [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208
    • [BUGFIX] ethtool: Sanitize metric names #2093
    • [BUGFIX] Fix ethtool collector for multiple interfaces #2126
    • [BUGFIX] Fix possible panic on macOS #2133
    • [BUGFIX] Collect flaginfo and buginfo only for one core #2156
    • [BUGFIX] Prevent duplicate ethtool metric names #2187
  • Update to 1.2.2
    • Bug fixes Fix processes collector long int parsing #2112
  • Update to 1.2.1
    • Removed Remove obsolete capture permission denied error patch capture-permission-denied-error-energy_uj.patch: Already included upstream Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092
  • Update to 1.2.0
    • Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203
    • Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062
    • Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067
  • Apply patch to capture permission denied error for 'energy_uj' file (bsc#1190535)

golang-github-prometheus-prometheus:

  • Build firewalld-prometheus-config only for SUSE Linux Enterprise 15, 15.1 and 15.2, and require firewalld for it
  • Firewalld-prometheus-config needs to be a Recommends, not a Requires, as prometheus does not require it to run
  • Create firewalld-prometheus-config subpackage (bsc#1197042)
  • CVE-2022-21698: Update vendor tarball with prometheus/client_golang 1.12.1 (bsc#1196338)

golang-github-prometheus-promu:

  • Update to version 0.13.0:
    • Release 0.13.0 (jsc#SLE-24138, jsc#SLE-24139)
    • Add deprecation note to pkg directory
    • Add windows/arm64
    • Update common Prometheus files
    • Fix typo
    • Release 0.12.0
    • Simplify CGO crossbuilds
    • Update common Prometheus files
    • Release 0.11.1
    • Fix build with 'linux' platform
  • Update to 0.5.0
    • Features:
      • Add support for aix/ppc64. #151
      • Fallback to git describe output if no VERSION. #130
    • Enhancements:
      • cmd/release: add --timeout option. #142
      • cmd/release: create release in GitHub if none exists. #148
    • Bug Fixes:
      • cmd/tarball: restore --prefix flag. #133
      • cmd/release: don't leak credentials in case of error. #136

mgr-cfg:

  • Version 4.3.6-1
    • Fix the condition for preventing building python 2 subpackage for SLE15 (bsc#1197579)

mgr-osad:

  • Version 4.3.6-1
    • Fix the condition for preventing building python 2 subpackage for SLE15

mgr-push:

  • Version 4.3.4-1
    • Fix the condition for preventing building python 2 subpackage for SLE15

mgr-virtualization:

  • Version 4.3.5-1
    • Fix the condition for preventing building python 2 subpackage for SLE15

rhnlib:

  • Version 4.3.4-1
    • Fix the condition for preventing building python 2 subpackage for SLE15

salt:

  • Fix multiple security fixes (bsc#1197417)
    • CVE-2020-22935: Sign authentication replies to prevent MiTM.
    • CVE-2022-22934: Sign pillar data to prevent MiTM attacks.
    • CVE-2022-22936: Prevent job and fileserver replays
    • CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth.

spacecmd:

  • Version 4.3.10-1
    • parse boolean paramaters correctly (bsc#1197689)
    • Add parameter to set containerized proxy SSH port

spacewalk-client-tools:

  • Version 4.3.9-1
    • Fix the condition for preventing building python 2 subpackage for SLE15

spacewalk-koan:

  • Version 4.3.5-1
    • Fix the condition for preventing building python 2 subpackage for SLE15

spacewalk-oscap:

  • Version 4.3.5-1
    • Fix the condition for preventing building python 2 subpackage for SLE15

suseRegisterInfo:

  • Version 4.3.3-1
    • Fix the condition for preventing building python 2 subpackage for SLE15

uyuni-common-libs:

  • Version 4.3.4-1
    • implement more decompression algorithms for reposync (bsc#1196704)
References

Affected packages