Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

SUSE: 2021:2664-1 Moderate: Golang-Github-Prometheus Security Risk

suse
Calendar Grey August 12, 2021
Dist Suse Esm H88
SUSE releases a security patch for golang-github-prometheus-alertmanager, tackling a moderate threat concern.
An update that fixes one vulnerability, contains one feature is now available

Summary

This update for golang-github-prometheus-prometheus fixes the following issues: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE SLE15, SLE15 SP1, SLE15 SP2 - Upgrade to upstream version 2.27.1 (jsc#SLE-18254) + Bugfix: * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242) + Features: * Promtool: Retroactive rule evaluation functionality. #7675 * Configuration: Environment variable expansion for external labels. Behind --enable-feature=expand-external-labels flag. #8649 * TSDB: Add a flag(--storage.tsdb.max-block-chunk-segment-size) to control the max chunks file size of the blocks for small Prometheus instances. * UI: Add a dark theme. #8604 * AWS Lightsail Discovery: Add AWS Lightsail Discovery. #8693

References

#1186242 SLE-18254

Cross- CVE-2021-29622

CVSS scores:

CVE-2021-29622 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products:

SUSE Enterprise Storage 6

https://www.suse.com/security/cve/CVE-2021-29622.html

https://bugzilla.suse.com/1186242

Announcement ID: SUSE-SU-2021:2664-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.