SUSE: 2022:0751-1 moderate: Security Beta SUSE Manager Client Tools
Summary
This security update fixes the following issues:
golang-github-prometheus-prometheus:
- Upgrade to upstream version 2.32.1 (jsc#SLE-22863)
+ Bugfixes:
* Scrape: Fix reporting metrics when sample limit is reached during
the report. #9996
* Scrape: Ensure that scrape interval and scrape timeout are always
set. #10023
* TSDB: Expose and fix bug in iterators' Seek() method. #10030
- Upgrade to upstream version 2.32.0
+ Change:
* remote-write: Change default max retry time from 100ms to 5 seconds.
#9634
+ Features:
* Agent: New mode of operation optimized for remote-write only
scenarios, without local storage.
* Promtool: Add promtool check service-discovery command. #8970
+ Enhancements:
* Promtool: Improve test output. #8064
* Promtool: Use kahan summation for better numerical stability.
* Remote-write: Reuse memory for marshalling. #9412
* Scrape: Add scrape_body_size_bytes scrape metric behind the
--enable-feature=extra-scrape-metrics flag. #9569
* TSDB: Add windows arm64 support. #9703
* TSDB: Optimize query by skipping unneeded sorting in TSDB.
* Templates: Support int and uint as datatypes for template
formatting. #9680
* UI: Prefer rate over rad, delta over deg, and count over cos in
autocomplete. #9688
* TSDB: Add more size checks when writing individual sections in the
index. #9710
* PromQL: Make deriv() return zero values for constant series.
* TSDB: Fix panic when checkpoint directory is empty. #9687
* TSDB: Fix panic, out of order chunks, and race warning during WAL
replay. #9856
* UI: Correctly render links for targets with IPv6 addresses that
contain a Zone ID. #9853
* Promtool: Fix checking of authorization.credentials_file and
bearer_token_file fields. #9883
* Uyuni SD: Fix null pointer exception during initialization.
* TSDB: Fix queries after a failed snapshot replay. #9980
- Upgrade to upstream version 2.31.1
+ Bugfix:
* SD: Fix a panic when the experimental discovery manager receives
targets during a reload. #9656
- Upgrade to upstream version 2.31.0
* UI: Remove standard PromQL editor in favour of the codemirror-based
editor. #9452
* PromQL: Add trigonometric functions and atan2 binary
operator. #9239 #9248 #9515
* Remote: Add support for exemplar in the remote write receiver
endpoint. #9319 #9414
* SD: Add PuppetDB service discovery. #8883
* SD: Add Uyuni service discovery. #8190
* Web: Add support for security-related HTTP headers. #9546
* Azure SD: Add proxy_url, follow_redirects, tls_config. #9267
* Backfill: Add --max-block-duration in promtool create-blocks-from
rules. #9511
* Config: Print human-readable sizes with unit instead of raw numbers.
#9361
* HTTP: Re-enable HTTP/2. #9398
* Kubernetes SD: Warn user if number of endpoints exceeds limit. #9467
* OAuth2: Add TLS configuration to token requests. #9550
* PromQL: Several optimizations. #9365 #9360 #9362 #9552
* PromQL: Make aggregations deterministic in instant queries.
* Rules: Add the ability to limit number of alerts or series.
* SD: Experimental discovery manager to avoid restarts upon reload.
* UI: Debounce timerange setting changes. #9359
* Backfill: Apply rule labels after query labels. #9421
* Scrape: Resolve conflicts between multiple exported label prefixes.
#9479 #9518
* Scrape: Restart scrape loops when __scrape_interval__ is changed.
#9551
* TSDB: Fix memory leak in samples deletion. #9151
* UI: Use consistent margin-bottom for all alert kinds. #9318
- Upgrade to upstream version 2.30.3
* TSDB: Fix panic on failed snapshot replay. #9438
* TSDB: Don't fail snapshot replay with exemplar storage disabled when
the snapshot contains exemplars. #9438
- Upgrade to upstream version 2.30.2
* TSDB: Don't error on overlapping m-mapped chunks during WAL replay.
#9381
- Upgrade to upstream version 2.30.1
* Remote Write: Redact remote write URL when used for metric label.
#9383
* UI: Redact remote write URL and proxy URL passwords in the /config
page. #9408
* promtool rules backfill: Prevent creation of data before the start
time. #9339
* promtool rules backfill: Do not query after the end time.
* Azure SD: Fix panic when no computername is set. #9387
- Upgrade to upstream version 2.30.0
* experimental TSDB: Snapshot in-memory chunks on shutdown for faster
restarts. #7229
* experimental Scrape: Configure scrape interval and scrape timeout
via relabeling using __scrape_interval__ and __scrape_timeout__
labels respectively. #8911
* Scrape: Add scrape_timeout_seconds and scrape_sample_limit metric.
#9247 #9295
* Scrape: Add --scrape.timestamp-tolerance flag to adjust scrape
timestamp tolerance when enabled via
--scrape.adjust-timestamps. #9283
* Remote Write: Improve throughput when sending exemplars.
* TSDB: Optimise WAL loading by removing extra map and caching
min-time #9160
* promtool: Speed up checking for duplicate rules. #9262/#9306
* Scrape: Reduce allocations when parsing the metrics. #9299
* docker_sd: Support host network mode #9125
* Exemplars: Fix panic when resizing exemplar storage from 0 to a
non-zero size. #9286
* TSDB: Correctly decrement prometheus_tsdb_head_active_appenders when
the append has no samples. #9230
* promtool rules backfill: Return 1 if backfill was unsuccessful. #9303
* promtool rules backfill: Avoid creation of overlapping blocks. #9324
* config: Fix a panic when reloading configuration with a null relabel
action. #9224
- Upgrade to upstream version 2.29.2
* Fix Kubernetes SD failing to discover Ingress in Kubernetes v1.22.
#9205
* Fix data race in loading write-ahead-log (WAL). #9259
- Upgrade to upstream version 2.29.1
* TSDB: align atomically accessed int64 to prevent panic in 32-bit
archs. #9192
- Upgrade to upstream version 2.29.0
+ Changes:
* Promote --storage.tsdb.allow-overlapping-blocks flag to stable. #9117
* Promote --storage.tsdb.retention.size flag to stable. #9004
* Add Kuma service discovery. #8844
* Add present_over_time PromQL function. #9097
* Allow configuring exemplar storage via file and make it reloadable.
#8974
* UI: Allow selecting time range with mouse drag. #8977
* promtool: Add feature flags flag --enable-feature. #8958
* promtool: Add file_sd file validation. #8950
* Reduce blocking of outgoing remote write requests from series
garbage collection. #9109
* Improve write-ahead-log decoding performance. #9106
* Improve append performance in TSDB by reducing mutexes usage.
* Allow configuring max_samples_per_send for remote write metadata.
#8959
* Add __meta_gce_interface_ipv4_
References
#1097531 #1181400 #1190462 #1193357 #1194363
#1194873 #1195625 #1195726 #1195727 #1195728
SLE-22863 SLE-23422 SLE-23439
Cross- CVE-2021-36222 CVE-2021-3711 CVE-2021-39226
CVE-2021-41174 CVE-2021-41244 CVE-2021-43798
CVE-2021-43813 CVE-2021-43815 CVE-2022-21673
CVE-2022-21702 CVE-2022-21703 CVE-2022-21713
CVSS scores:
CVE-2021-36222 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-36222 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-3711 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-3711 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-39226 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2021-39226 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2021-41174 (NVD) : 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N
CVE-2021-41174 (SUSE): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N
CVE-2021-41244 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-41244 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
CVE-2021-43798 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-43798 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2021-43813 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2021-43813 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2021-43815 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2021-43815 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-21673 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-21673 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-21702 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2022-21702 (SUSE): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
CVE-2022-21703 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2022-21703 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N
CVE-2022-21713 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2022-21713 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Manager Tools 15-BETA
https://www.suse.com/security/cve/CVE-2021-36222.html
https://www.suse.com/security/cve/CVE-2021-3711.html
https://www.suse.com/security/cve/CVE-2021-39226.html
https://www.suse.com/security/cve/CVE-2021-41174.html
https://www.suse.com/security/cve/CVE-2021-41244.html
https://www.suse.com/security/cve/CVE-2021-43798.html
https://www.suse.com/security/cve/CVE-2021-43813.html
https://www.suse.com/security/cve/CVE-2021-43815.html
https://www.suse.com/security/cve/CVE-2022-21673.html
https://www.suse.com/security/cve/CVE-2022-21702.html
https://www.suse.com/security/cve/CVE-2022-21703.html
https://www.suse.com/security/cve/CVE-2022-21713.html
https://bugzilla.suse.com/1097531
https://bugzilla.suse.com/1181400
https://bugzilla.suse.com/1190462
https://bugzilla.suse.com/1193357
https://bugzilla.suse.com/1194363
https://bugzilla.suse.com/1194873
https://bugzilla.suse.com/1195625
https://bugzilla.suse.com/1195726
https://bugzilla.suse.com/1195727
https://bugzilla.suse.com/1195728