Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -6 articles for you...
202
security advisorycriticalsecurity fixopenSUSE 15.4/15.5 Security Advisory: Important Prometheus Update
This update for golang-github-prometheus-prometheus fixes the following issues: golang-github-prometheus-prometheus:. # Security update for golang-github-prometheus-prometheus Announcement ID: SUSE-SU-2023:2598-1 Rating: important References: * bsc#1204023 * bsc#1208049 * bsc#1208298 * jsc#MSQA-665 * jsc#PED-3576 Cross-References: * CVE-2022-41715 * CVE-2022-41723 * CVE-2022-46146 CVSS scores: * CVE-2022-41715 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41715 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41723 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-41723 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-46146 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2022-46146 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Affected Products: * openSUSE Leap 15.4 * openSUSE Leap 15.5 * SUSE Linux Enterprise Desktop 15 SP5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Real Time 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.2 * SUSE Manager Proxy 4.2 Module 4.2 * SUSE Manager Proxy 4.3 * SUSE Manager Proxy 4.3 Module 4.3 * SUSE Manager Retail Branch Server 4.2 * SUSE Manager Retail Branch Server 4.3 * SUSE Package Hub 15 15-SP5 An update that solves three vulnerabilities and contains two features can now be installed. ## Description: This update for golang-github-prometheus-prometheus fixes the following issues: golang-github-prometheus-prometheus: * Security issues fixed in this version update to 2.37.6: * CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576) * CVE-2022-41715: Update our regexp library to fix upstream (bsc#1204023) * CVE-2022-41723: Fixed go issue to avoid quadratic complexity in HPACK decoding (bsc#1208298) * Other non-security bugs fixed andchanges in this version update to 2.37.6: * [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak. * [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup. * [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired. * [BUGFIX] Properly close file descriptor when logging unfinished queries. * [BUGFIX] TSDB: In the WAL watcher metrics, expose the type="exemplar" label instead of type="unknown" for exemplar records. * [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued. * [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file. * [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures. * [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads. * [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total when context is canceled. * [BUGFIX] TSDB: Fix panic if series is not found when deleting series. * [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence errors. * [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus configuration file and fix default configuration values. * [BUGFIX] Fix serving of static assets like fonts and favicon. * [BUGFIX] promtool: Add --lint-fatal option. * [BUGFIX] Changing TotalQueryableSamples from int to int64. * [BUGFIX] tsdb/agent: Ignore duplicate exemplars. * [BUGFIX] TSDB: Fix chunk overflow appending samples at a variable rate. * [BUGFIX] Stop rule manager before TSDB is stopped. * [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io. * [BUGFIX] Fix OpenMetrics parser to sort uppercase labels correctly. * [BUGFIX] UI: Fix scrape interval and duration tooltip not showing on target page. * [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is false. * [BUGFIX] Agent: Fix ID collision when loading a WAL with multiple segments. * [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing thequeue. * [BUGFIX] PromQL: Properly return an error from histogram_quantile when metrics have the same labelset. * [BUGFIX] UI: Fix bug that sets the range input to the resolution. * [BUGFIX] TSDB: Fix a query panic when memory-snapshot-on-shutdown is enabled. * [BUGFIX] Parser: Specify type in metadata parser errors. * [BUGFIX] Scrape: Fix label limit changes not applying. * [BUGFIX] Remote-write: Fix deadlock between adding to queue and getting batch. * [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the disk. * [BUGFIX] Azure SD: Fix a regression when public IP Address isn't set. * [BUGFIX] Azure SD: Fix panic when public IP Address isn't set. * [BUGFIX] Remote-write: Fix deadlock when stopping a shard. * [BUGFIX] SD: Fix no such file or directory in K8s SD when not running inside K8s. * [BUGFIX] Promtool: Make exit codes more consistent. * [BUGFIX] Promtool: Fix flakiness of rule testing. * [BUGFIX] Remote-write: Update prometheus_remote_storage_queue_highest_sent_timestamp_seconds metric when write irrecoverably fails. * [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator. * [BUGFIX] TSDB: CompactBlockMetas should produce correct mint/maxt for overlapping blocks. * [BUGFIX] TSDB: Fix logging of exemplar storage size. * [BUGFIX] UI: Fix overlapping click targets for the alert state checkboxes. * [BUGFIX] UI: Fix Unhealthy filter on target page to actually display only Unhealthy targets. * [BUGFIX] UI: Fix autocompletion when expression is empty. * [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write. * [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts. * [CHANGE] promtool: Add new flag --lint (enabled by default) for the commands check rules and check config, resulting in a new exit code (3) for linter errors. * [CHANGE] UI: Classic UI removed. * [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based tracing. * [CHANGE] PromQL: Promote negative offset and @ modifer to stable features. * [CHANGE] Web: Promote remote-write-receiver tostable. * [FEATURE] Nomad SD: New service discovery for Nomad built-in service discovery. * [FEATURE] Add lowercase and uppercase relabel action. * [FEATURE] SD: Add IONOS Cloud integration. * [FEATURE] SD: Add Vultr integration. * [FEATURE] SD: Add Linode SD failure count metric. * [FEATURE] Add prometheus_ready metric. * [FEATURE] Support for automatically setting the variable GOMAXPROCS to the container CPU limit. Enable with the flag `--enable-feature=auto- gomaxprocs`. * [FEATURE] PromQL: Extend statistics with total and peak number of samples in a query. Additionally, per-step statistics are available with --enable- feature=promql-per-step-stats and using stats=all in the query API. Enable with the flag `--enable-feature=per-step-stats`. * [FEATURE] Config: Add stripPort template function. * [FEATURE] Promtool: Add cardinality analysis to check metrics, enabled by flag --extended. * [FEATURE] SD: Enable target discovery in own K8s namespace. * [FEATURE] SD: Add provider ID label in K8s SD. * [FEATURE] Web: Add limit field to the rules API. * [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for endpoint role. * [ENHANCEMENT] PromQL: Optimise creation of signature with/without labels. * [ENHANCEMENT] TSDB: Memory optimizations. * [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL. * [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent header. * [ENHANCEMENT] Add stripDomain to template function. * [ENHANCEMENT] UI: Enable active search through dropped targets. * [ENHANCEMENT] promtool: support matchers when querying label * [ENHANCEMENT] Add agent mode identifier. * [ENHANCEMENT] TSDB: more efficient sorting of postings read from WAL at startup. * [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures. * [ENHANCEMENT] Azure SD: Add an optional resource_group configuration. * [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1 EndpointSlice (previously only discovery.k8s.io/v1beta1 EndpointSlice was supported). * [ENHANCEMENT] Kubernetes SD:Allow attaching node metadata to discovered pods. * [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch OAuth2 tokens. * [ENHANCEMENT] Configuration: Add the ability to disable HTTP2. * [ENHANCEMENT] Config: Support overriding minimum TLS version. * [ENHANCEMENT] TSDB: Disable the chunk write queue by default and allow configuration with the experimental flag `--storage.tsdb.head-chunks-write- queue-size`. * [ENHANCEMENT] HTTP SD: Add a failure counter. * [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests. * [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni. * [ENHANCEMENT] Scrape: Log when an invalid media type is encountered during a scrape. * [ENHANCEMENT] Scrape: Accept application/openmetrics-text;version=1.0.0 in addition to version=0.0.1. * [ENHANCEMENT] Remote-read: Add an option to not use external labels as selectors for remote read. * [ENHANCEMENT] UI: Optimize the alerts page and add a search bar. * [ENHANCEMENT] UI: Improve graph colors that were hard to see. * [ENHANCEMENT] Config: Allow escaping of $ with $$ when using environment variables with external labels. * [ENHANCEMENT] Remote-write: Avoid allocations by buffering concrete structs instead of interfaces. * [ENHANCEMENT] Remote-write: Log time series details for out-of-order samples in remote write receiver. * [ENHANCEMENT] Remote-write: Shard up more when backlogged. * [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar ingest performance. * [ENHANCEMENT] TSDB: Avoid allocations when popping from the intersected postings heap. * [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding latency spikes in remote-write. * [ENHANCEMENT] TSDB: Improve label matching performance. * [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar. * [ENHANCEMENT] UI: Optimize the target page and add a search bar. ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypperpatch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-2598=1 * openSUSE Leap 15.5 zypper in -t patch openSUSE-SLE-15.5-2023-2598=1 * SUSE Package Hub 15 15-SP5 zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2598=1 * SUSE Manager Proxy 4.2 Module 4.2 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2023-2598=1 * SUSE Manager Proxy 4.3 Module 4.3 zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2023-2598=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * firewalld-prometheus-config-0.1-150100.4.17.1 * golang-github-prometheus-prometheus-2.37.6-150100.4.17.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64) * firewalld-prometheus-config-0.1-150100.4.17.1 * golang-github-prometheus-prometheus-2.37.6-150100.4.17.1 * SUSE Package Hub 15 15-SP5 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-prometheus-2.37.6-150100.4.17.1 * SUSE Manager Proxy 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-prometheus-2.37.6-150100.4.17.1 * SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64) * golang-github-prometheus-prometheus-2.37.6-150100.4.17.1 ## References: * https://www.suse.com/security/cve/CVE-2022-41715.html * https://www.suse.com/security/cve/CVE-2022-41723.html * https://www.suse.com/security/cve/CVE-2022-46146.html * https://bugzilla.suse.com/show_bug.cgi?id=1204023 * https://bugzilla.suse.com/show_bug.cgi?id=1208049 * https://bugzilla.suse.com/show_bug.cgi?id=1208298 * * . Mitigating significant weaknesses in golang-github-prometheus-prometheus through a crucial security enhancement for openSUSE.. openSUSE Security Advisory, Prometheus Update, Go Security Patch. . Severity: Important. LinuxSecurity.com Team
Feb 27, 2024
•Important
OpenSUSE
100
security advisorysecurity updateimportantSUSE: 2022:1767-1 Important: Bci/Golang Security Update
The container bci/golang was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/golang ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1767-1 Container Tags : bci/golang:1.18 , bci/golang:1.18-7.30 , bci/golang:latest Container Release : 7.30 Severity : important Type : security References : 1193742 1198720 1200747 1201385 1201434 1201436 1201437 1201440 1201443 1201444 1201445 1201447 1201448 1202035 CVE-2022-1705 CVE-2022-1962 CVE-2022-28131 CVE-2022-30630 CVE-2022-30631 CVE-2022-30632 CVE-2022-30633 CVE-2022-30635 CVE-2022-32148 CVE-2022-32189 ----------------------------------------------------------------- The container bci/golang was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2632-1 Released: Wed Aug 3 09:51:00 2022 Summary: Security update for permissions Type: security Severity: important References: 1198720,1200747,1201385 This update for permissions fixes the following issues: * apptainer: fix starter-suid location (bsc#1198720) * static permissions: remove deprecated bind / named chroot entries (bsc#1200747) * postfix: add postlog setgid for maildrop binary (bsc#1201385) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2672-1 Released: Thu Aug 4 14:06:24 2022 Summary: Security update for go1.18 Type: security Severity: important References: 1193742,1201434,1201436,1201437,1201440,1201443,1201444,1201445,1201447,1201448,1202035,CVE-2022-1705,CVE-2022-1962,CVE-2022-28131,CVE-2022-30630,CVE-2022-30631,CVE-2022-30632,CVE-2022-30633,CVE-2022-30635,CVE-2022-32148,CVE-2022-32189 This update for go1.18 fixes the following issues: Update to go version 1.18.5 (bsc#1193742): -CVE-2022-32189: encoding/gob, math/big: decoding big.Float and big.Rat can panic (bsc#1202035). - CVE-2022-1705: net/http: improper sanitization of Transfer-Encoding header (bsc#1201434) - CVE-2022-32148: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working (bsc#1201436) - CVE-2022-30631: compress/gzip: stack exhaustion in Reader.Read (bsc#1201437). - CVE-2022-30633: encoding/xml: stack exhaustion in Unmarshal (bsc#1201440). - CVE-2022-28131: encoding/xml: stack exhaustion in Decoder.Skip (bsc#1201443). - CVE-2022-30635: encoding/gob: stack exhaustion in Decoder.Decode (bsc#1201444). - CVE-2022-30632: path/filepath: stack exhaustion in Glob (bsc#1201445). - CVE-2022-30630: io/fs: stack exhaustion in Glob (bsc#1201447). - CVE-2022-1962: go/parser: stack exhaustion in all Parse* functions (bsc#1201448). The following package changes have been done: - permissions-20201225-150400.5.8.1 updated - go1.18-1.18.5-150000.1.25.1 updated - container:sles15-image-15.0.0-27.11.9 updated . SUSE has rolled out a vital container patch for bci/golang that tackles major security vulnerabilities and access control complications.. bci golang update, container security, important updates. . Severity: Important. LinuxSecurity.com Team
Aug 05, 2022
•Important
SuSE
202
security advisorybuffer overflowimportantopenSUSE Leap 15.2: openSUSE-SU-2020:1407-1 Important: Go1.14 Patch
An update that solves three vulnerabilities and has four fixes is now available.. openSUSE Security Update: Security update for go1.14 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2020:1407-1 Rating: important References: #1164903 #1169832 #1170826 #1172868 #1174153 #1174191 #1174977 Cross-References: CVE-2020-14039 CVE-2020-15586 CVE-2020-16845 Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has four fixes is now available. Description: This update for go1.14 fixes the following issues: - go1.14 was updated to version 1.14.7 - CVE-2020-16845: dUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (bsc#1174977). - go1.14.6 (released 2020-07-16) includes fixes to the go command, the compiler, the linker, vet, and the database/sql, encoding/json, net/http, reflect, and testing packages. Refs bsc#1164903 go1.14 release tracking Refs bsc#1174153 bsc#1174191 * go#39991 runtime: missing deferreturn on linux/ppc64le * go#39920 net/http: panic on misformed If-None-Match Header with http.ServeContent * go#39849 cmd/compile: internal compile error when using sync.Pool: mismatched zero/store sizes * go#39824 cmd/go: TestBuildIDContainsArchModeEnv/386 fails on linux/386 in Go 1.14 and 1.13, not 1.15 * go#39698 reflect: panic from malloc after MakeFunc function returns value that is also stored globally * go#39636 reflect: DeepEqual can return true for values that are not equal * go#39585 encoding/json: incorrect object key unmarshaling when using custom TextUnmarshaler as Key with string va lues * go#39562 cmd/compile/internal/ssa: TestNexting/dlv-dbg-hist failing on linux-386-longtest builderbecause it trie s to use an older version of dlv which only supports linux/amd64 * go#39308 testing: streaming output loses parallel subtest associations * go#39288 cmd/vet: update for new number formats * go#39101 database/sql: context cancellation allows statements to execute after rollback * go#38030 doc: BuildNameToCertificate deprecated in go 1.14 not mentioned in the release notes * go#40212 net/http: Expect 100-continue panics in httputil.ReverseProxy bsc#1174153 CVE-2020-15586 * go#40210 crypto/x509: Certificate.Verify method seemingly ignoring EKU requirements on Windows bsc#1174191 CVE-2020-14039 (Windows only) - Add patch to ensure /etc/hosts is used if /etc/nsswitch.conf is not present bsc#1172868 gh#golang/go#35305 This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2020-1407=1 Package List: - openSUSE Leap 15.2 (x86_64): go1.14-1.14.7-lp152.2.3.1 go1.14-doc-1.14.7-lp152.2.3.1 go1.14-race-1.14.7-lp152.2.3.1 References: https://www.suse.com/security/cve/CVE-2020-14039.html https://www.suse.com/security/cve/CVE-2020-15586.html https://www.suse.com/security/cve/CVE-2020-16845.html https://bugzilla.suse.com/1164903 https://bugzilla.suse.com/1169832 https://bugzilla.suse.com/1170826 https://bugzilla.suse.com/1172868 https://bugzilla.suse.com/1174153 https://bugzilla.suse.com/1174191 https://bugzilla.suse.com/1174977 -- . Significant notice regarding openSUSE Leap 15.2 resolves multiple concerns in go1.14. Implement the update promptly for safeguarding.. openSUSE Security Update, Go Package Update, Vulnerabilities Fix. . Severity: Important. LinuxSecurity.com Team
Sep 11, 2020
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!