SUSE-SU-2022:1531-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:1531-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2022:1531-1
- Related
- Published
- 2022-05-04T13:32:03Z
- Modified
- 2022-05-04T13:32:03Z
- Summary
- Security Beta update for SUSE Manager Client Tools
- Details
-
This update fixes the following issues:
golang-github-prometheus-alertmanager:
- CVE-2022-21698: Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077)
- Update to version 0.23.0:
- amtool: Detect version drift and warn users (#2672)
- Add ability to skip TLS verification for amtool (#2663)
- Fix empty isEqual in amtool. (#2668)
- Fix main tests (#2670)
- cli: add new template render command (#2538)
- OpsGenie: refer to alert instead of incident (#2609)
- Docs: targetmatch and sourcematch are DEPRECATED (#2665)
- Fix test not waiting for cluster member to be ready
- Added hardening to systemd service(s) (bsc#1181400). Modified: prometheus-alertmanager.service
golang-github-prometheus-node_exporter:
- CVE-2022-21698: Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)
- Update to 1.3.0
- [CHANGE] Add path label to rapl collector #2146
- [CHANGE] Exclude filesystems under /run/credentials #2157
- [CHANGE] Add TCPTimeouts to netstat default filter #2189
- [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771
- [FEATURE] Add darwin powersupply collector #1777
- [FEATURE] Add support for monitoring GPUs on Linux #1998
- [FEATURE] Add Darwin thermal collector #2032
- [FEATURE] Add os release collector #2094
- [FEATURE] Add netdev.address-info collector #2105
- [FEATURE] Add clocksource metrics to time collector #2197
- [ENHANCEMENT] Support glob textfile collector directories #1985
- [ENHANCEMENT] ethtool: Expose nodeethtoolinfo metric #2080
- [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165
- [ENHANCEMENT] Add flag to disable guest CPU metrics #2123
- [ENHANCEMENT] Add DMI collector #2131
- [ENHANCEMENT] Add threads metrics to processes collector #2164
- [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169
- [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189
- [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208
- [BUGFIX] ethtool: Sanitize metric names #2093
- [BUGFIX] Fix ethtool collector for multiple interfaces #2126
- [BUGFIX] Fix possible panic on macOS #2133
- [BUGFIX] Collect flaginfo and buginfo only for one core #2156
- [BUGFIX] Prevent duplicate ethtool metric names #2187
- Update to 1.2.2
- Bug fixes Fix processes collector long int parsing #2112
- Update to 1.2.1
- Removed Remove obsolete capture permission denied error patch capture-permission-denied-error-energy_uj.patch: Already included upstream Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092
- Update to 1.2.0
- Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203
- Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed if it is unknown #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062
- Enhancements Add ErrorLog plumbing to promhttp #1887 Add more Infiniband counters #2019 netclass: retrieve interface names and filter before parsing #2033 Add time zone offset metric #2060 Handle errors from disabled PSI subsystem #1983 Fix panic when using backwards compatible flags #2000 Fix wrong value for OpenBSD memory buffer cache #2015 Only initiate collectors once #2048 Handle small backwards jumps in CPU idle #2067
- Apply patch to capture permission denied error for 'energy_uj' file (bsc#1190535)
golang-github-prometheus-prometheus:
- Build firewalld-prometheus-config only for SUSE Linux Enterprise 15, 15.1 and 15.2, and require firewalld for it
- Firewalld-prometheus-config needs to be a Recommends, not a Requires, as prometheus does not require it to run
- Create firewalld-prometheus-config subpackage (bsc#1197042)
- CVE-2022-21698: Update vendor tarball with prometheus/client_golang 1.12.1 (bsc#1196338)
golang-github-prometheus-promu:
- Update to version 0.13.0:
- Release 0.13.0 (jsc#SLE-24138, jsc#SLE-24139)
- Add deprecation note to pkg directory
- Add windows/arm64
- Update common Prometheus files
- Fix typo
- Release 0.12.0
- Simplify CGO crossbuilds
- Update common Prometheus files
- Release 0.11.1
- Fix build with 'linux' platform
- Update to 0.5.0
- Features:
- Add support for aix/ppc64. #151
- Fallback to git describe output if no VERSION. #130
- Enhancements:
- cmd/release: add --timeout option. #142
- cmd/release: create release in GitHub if none exists. #148
- Bug Fixes:
- cmd/tarball: restore --prefix flag. #133
- cmd/release: don't leak credentials in case of error. #136
- Features:
mgr-cfg:
- Version 4.3.6-1
- Fix the condition for preventing building python 2 subpackage for SLE15 (bsc#1197579)
mgr-osad:
- Version 4.3.6-1
- Fix the condition for preventing building python 2 subpackage for SLE15
mgr-push:
- Version 4.3.4-1
- Fix the condition for preventing building python 2 subpackage for SLE15
mgr-virtualization:
- Version 4.3.5-1
- Fix the condition for preventing building python 2 subpackage for SLE15
rhnlib:
- Version 4.3.4-1
- Fix the condition for preventing building python 2 subpackage for SLE15
salt:
- Fix multiple security fixes (bsc#1197417)
- CVE-2020-22935: Sign authentication replies to prevent MiTM.
- CVE-2022-22934: Sign pillar data to prevent MiTM attacks.
- CVE-2022-22936: Prevent job and fileserver replays
- CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth.
spacecmd:
- Version 4.3.10-1
- parse boolean paramaters correctly (bsc#1197689)
- Add parameter to set containerized proxy SSH port
spacewalk-client-tools:
- Version 4.3.9-1
- Fix the condition for preventing building python 2 subpackage for SLE15
spacewalk-koan:
- Version 4.3.5-1
- Fix the condition for preventing building python 2 subpackage for SLE15
spacewalk-oscap:
- Version 4.3.5-1
- Fix the condition for preventing building python 2 subpackage for SLE15
suseRegisterInfo:
- Version 4.3.3-1
- Fix the condition for preventing building python 2 subpackage for SLE15
uyuni-common-libs:
- Version 4.3.4-1
- implement more decompression algorithms for reposync (bsc#1196704)
- References
-
- https://www.suse.com/support/update/announcement/2022/suse-su-20221531-1/
- https://bugzilla.suse.com/1181400
- https://bugzilla.suse.com/1190535
- https://bugzilla.suse.com/1196338
- https://bugzilla.suse.com/1196704
- https://bugzilla.suse.com/1197042
- https://bugzilla.suse.com/1197417
- https://bugzilla.suse.com/1197579
- https://bugzilla.suse.com/1197689
- https://www.suse.com/security/cve/CVE-2020-22935
- https://www.suse.com/security/cve/CVE-2022-21698
- https://www.suse.com/security/cve/CVE-2022-22934
- https://www.suse.com/security/cve/CVE-2022-22936
- https://www.suse.com/security/cve/CVE-2022-22941