SUSE: 2024:3288-1 Important: Golang Prometheus Security Updates

suse

September 17, 2024

* bsc#1204023 * bsc#1208298 * bsc#1227038 * bsc#1228556 * jsc#MSQA-848

Summary

## This update for golang-github-prometheus-prometheus fixes the following issues: * Require Go > 1.20 for building * Bump go-retryablehttp to version 0.7.7 (CVE-2024-6104, bsc#1227038) * Migrate from `disabled` to `manual` service mode * Add0003-Bump-go-retryablehttp.patch * Update to 2.45.6 (jsc#PED-3577): * Security fixes in dependencies * Update to 2.45.5: * [BUGFIX] tsdb/agent: ensure that new series get written to WAL on rollback. * [BUGFIX] Remote write: Avoid a race condition when applying configuration. * Update to 2.45.4: * [BUGFIX] Remote read: Release querier resources before encoding the results. * Update to 2.45.3: * Security fixes in dependencies * [BUGFIX] TSDB: Remove double memory snapshot on shutdown. * Update to 2.45.2: * Security fixes in dependencies

Topics Covered

security advisory threat important SUSE golang prometheus

References

* bsc#1204023

* bsc#1208298

* bsc#1227038

* bsc#1228556

* jsc#MSQA-848

* jsc#PED-3577

* jsc#PED-5406

Cross-

* CVE-2022-41715

* CVE-2022-41723

* CVE-2023-45142

* CVE-2024-6104

CVSS scores:

* CVE-2022-41715 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2022-41715 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2022-41723 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2022-41723 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-45142 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-45142 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-6104 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2024:3288-1

Rating: important

Topics Covered

security advisory threat important SUSE golang prometheus

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

SUSE: 2024:3288-1 Important: Golang Prometheus Security Updates

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

SUSE: 2024:3288-1 Important: Golang Prometheus Security Updates

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!