[SUSE-SU-2024:0191-1] Security Beta update for SUSE Manager Client Tools

Severity Moderate

CVEs 45

Security Beta update for SUSE Manager Client Tools

This update fixes the following issues:

golang-github-QubitProducts-exporter_exporter:

Exclude s390 arch
Adapted to build on Enterprise Linux.
Fix build for RedHat 7
Require Go >= 1.14 also for CentOS
Add support for CentOS
Replace %{?systemd_requires} with %{?systemd_ordering}

golang-github-boynux-squid_exporter:

Exclude s390 architecture (gh#SUSE/spacewalk#19050)
Enhanced to build on Enterprise Linux 8.

golang-github-lusitaniae-apache_exporter:

Do not strip if SUSE Linux Enterprise 15 SP3
Exclude debug for RHEL >= 8
Build with Go >= 1.20 when the OS is not RHEL
Fix apparmor profile for SLE 12
Upgrade to version 1.0.0 (jsc#PED-5405)
- Improved flag parsing
- Added support for custom headers
Build using promu
Fix sandboxing options
Upgrade to version 0.13.4
- CVE-2022-32149: Fix denial of service vulnerability (bsc#1204501)
Upgrade to version 0.13.3
- CVE-2022-41723: Fix uncontrolled resource consumption (bsc#1208270)
Upgrade to version 0.13.1
- Fix panic caused by missing flagConfig options
Upgrade to version 0.13.0
- CVE-2022-46146: Fix authentication bypass vulnarability (bsc#1208046)
Corrected comment in AppArmor profile
Added AppArmor profile
Added sandboxing options to systemd service unit
Exclude s390 architecture (gh#SUSE/spacewalk#19050)
Update to upstream release 0.11.0 (jsc#SLE-24791)
- Add TLS support
- Switch to logger, please check --log.level and --log.format flags
Update to version 0.10.1
- Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data
Update to version 0.10.0
- Add Apache Proxy and other metrics
Update to version 0.8.0
- Change commandline flags
- Add metrics: Apache version, request duration total
Adapted to build on Enterprise Linux 8
Require building with Go 1.15
Add support for RedHat 8
- Adjust dependencies on spec file
- Disable dwarf compression in go build
Add support for Red Hat
Add %license macro for LICENSE file

golang-github-prometheus-alertmanager:

Do not create PIE for s390x architecture
Require Go 1.20 or newer for building
Remove not used build flags
Create position independent executables (PIE)
Disable striping the binaries only for SLE 15 SP3
Add System/Monitoring group tag
Rework service file to use obscpio
- Run tar and recompress services at buildtime
- Do not generate automatically changelog entries
Update to version 0.26.0 (jsc#PED-7353): https://github.com/prometheus/alertmanager/releases/tag/v0.26.0
- CVE-2023-40577: Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI (bsc#1218838)
- Configuration: Fix empty list of receivers and inhibit_rules would cause the alertmanager to crash
- Templating: Fixed a race condition when using the title function. It is now race-safe
- API: Fixed duplicate receiver names in the api/v2/receivers API endpoint
- API: Attempting to delete a silence now returns the correct status code, 404 instead of 500
- Clustering: Fixes a panic when tls_client_config is empty
- Webhook: url is now marked as a secret. It will no longer show up in the logs as clear-text
- Metrics: New label reason for alertmanager_notifications_failed_total metric to indicate the type of error of the alert delivery
- Clustering: New flag --cluster.label, to help to block any traffic that is not meant for the cluster
- Integrations: Add Microsoft Teams as a supported integration
Update to version 0.25.0: https://github.com/prometheus/alertmanager/releases/tag/v0.25.0
- Fail configuration loading if api_key and api_key_file are defined at the same time
- Fix the alertmanager_alerts metric to avoid counting resolved alerts as active. Also added a new alertmanager_marked_alerts metric that retain the old behavior
- Trim contents of Slack API URLs when reading from files
- amtool: Avoid panic when the label value matcher is empty
- Fail configuration loading if api_url is empty for OpsGenie
- Fix email template for resolved notifications
- Add proxy_url support for OAuth2 in HTTP client configuration
- Reload TLS certificate and key from disk when updated
- Add Discord integration
- Add Webex integration
- Add min_version support to select the minimum TLS version in HTTP client configuration
- Add max_version support to select the maximum TLS version in
- Emit warning logs when truncating messages in notifications
- Support HEAD method for the /-/healty and /-/ready endpoints
- Add support for reading global and local SMTP passwords from files
- UI: Add 'Link' button to alerts in list
- UI: Allow to choose the first day of the week as Sunday or Monday
Update to version 0.24.0: https://github.com/prometheus/alertmanager/releases/tag/v0.24.0
- Fix HTTP client configuration for the SNS receiver
- Fix unclosed file descriptor after reading the silences snapshot file
- Fix field names for mute_time_intervals in JSON marshaling
- Ensure that the root route doesn't have any matchers
- Truncate the message's title to 1024 chars to avoid hitting Slack limits
- Fix the default HTML email template (email.default.html) to match with the canonical source
- Detect SNS FIFO topic based on the rendered value
- Avoid deleting and recreating a silence when an update is possible
- api/v2: Return 200 OK when deleting an expired silence
- amtool: Fix the silence's end date when adding a silence. The end date is (start date + duration) while it used to be (current time + duration). The new behavior is consistent with the update operation
- Add the /api/v2 prefix to all endpoints in the OpenAPI specification and generated client code
- Add --cluster.tls-config experimental flag to secure cluster traffic via mutual TLS
- Add Telegram integration
CVE-2022-46146: Prevent authentication bypass via cache poisoning (bsc#1208051)
Do not include sources (bsc#1200725)

golang-github-prometheus-node_exporter:

Remove node_exporter-1.5.0.tar.gz
Execute tar and recompress service modules at buildtime
Update to 1.5.0 (jsc#PED-3578):
- NOTE: This changes the Go runtime 'GOMAXPROCS' to 1. This is done to limit the concurrency of the exporter to 1 CPU thread at a time in order to avoid a race condition problem in the Linux kernel (#2500) and parallel IO issues on nodes with high numbers of CPUs/CPU threads (#1880).
- [CHANGE] Default GOMAXPROCS to 1 #2530
- [FEATURE] Add multiple listeners and systemd socket listener activation #2393
- [ENHANCEMENT] Add RTNL version of netclass collector #2492, #2528
- [BUGFIX] Fix hwmon label sanitizer #2504
- [BUGFIX] Use native endianness when encoding InetDiagMsg #2508
- [BUGFIX] Fix btrfs device stats always being zero #2516
Update to 1.4.1:
- [BUGFIX] Fix diskstats exclude flags #2487
- [SECURITY] CVE-2022-27191, CVE-2022-27664: Update go/x/crypto and go/x/net (bsc#1197284, bsc#1203185)
- [SECURITY] CVE-2022-46146: Update exporter-toolkit (bsc#1208064)
Update to 1.4.0:
- [CHANGE] Merge metrics descriptions in textfile collector #2475
- [FEATURE] [node-mixin] Add darwin dashboard to mixin #2351
- [FEATURE] Add 'isolated' metric on cpu collector on linux #2251
- [FEATURE] Add cgroup summary collector #2408
- [FEATURE] Add selinux collector #2205
- [FEATURE] Add slab info collector #2376
- [FEATURE] Add sysctl collector #2425
- [FEATURE] Also track the CPU Spin time for OpenBSD systems #1971
- [FEATURE] Add support for MacOS version #2471
- [ENHANCEMENT] [node-mixin] Add missing selectors #2426
- [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default #2281
- [ENHANCEMENT] [node-mixin] Change disk graph to disk table #2364
- [ENHANCEMENT] [node-mixin] Change io time units to %util #2375
- [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd #2266
- [ENHANCEMENT] Add additional vm_stat memory metrics for darwin #2240
- [ENHANCEMENT] Add device filter flags to arp collector #2254
- [ENHANCEMENT] Add diskstats include and exclude device flags #2417
- [ENHANCEMENT] Add node_softirqs_total metric #2221
- [ENHANCEMENT] Add rapl zone name label option #2401
- [ENHANCEMENT] Add slabinfo collector #1799
- [ENHANCEMENT] Allow user to select port on NTP server to query #2270
- [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev #2404
- [ENHANCEMENT] Enable builds against older macOS SDK #2327
- [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name #2432
- [ENHANCEMENT] systemd: Expose systemd minor version #2282
- [ENHANCEMENT] Use netlink for tcpstat collector #2322
- [ENHANCEMENT] Use netlink to get netdev stats #2074
- [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles #2191
- [ENHANCEMENT] Add btrfs device error stats #2193
- [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning #2352
- [BUGFIX] Fix concurrency issue in ethtool collector #2289
- [BUGFIX] Fix concurrency issue in netdev collector #2267
- [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes #2311
- [BUGFIX] Fix iostat on macos broken by deprecation warning #2292
- [BUGFIX] Fix NodeFileDescriptorLimit alerts #2340
- [BUGFIX] Sanitize rapl zone names #2299
- [BUGFIX] Add file descriptor close safely in test #2447
- [BUGFIX] Fix race condition in os_release.go #2454
- [BUGFIX] Skip ZFS IO metrics if their paths are missing #2451
BuildRequire go1.18 OR HIGHER (previously this was fixed to 1.14)
Update to 1.3.1
- [BUGFIX] Handle nil CPU thermal power status on M1 #2218
- [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE. #2227
- [BUGFIX] Sanitize UTF-8 in dmi collector #2229
Exclude s390 arch.
Update spec file in order to make --version work (bsc#1196652)

golang-github-prometheus-prometheus:

Update to 2.45.0 (jsc#PED-5406):
- [FEATURE] API: New limit parameter to limit the number of items returned by /api/v1/status/tsdb endpoint.
- [FEATURE] Config: Add limits to global config.
- [FEATURE] Consul SD: Added support for path_prefix.
- [FEATURE] Native histograms: Add option to scrape both classic and native histograms.
- [FEATURE] Native histograms: Added support for two more arithmetic operators avg_over_time and sum_over_time.
- [FEATURE] Promtool: When providing the block id, only one block will be loaded and analyzed.
- [FEATURE] Remote-write: New Azure ad configuration to support remote writing directly to Azure Monitor workspace.
- [FEATURE] TSDB: Samples per chunk are now configurable with flag storage.tsdb.samples-per-chunk. By default set to its former value 120.
- [ENHANCEMENT] Native histograms: bucket size can now be limited to avoid scrape fails.
- [ENHANCEMENT] TSDB: Dropped series are now deleted from the WAL sooner.
- [BUGFIX] Native histograms: ChunkSeries iterator now checks if a new sample can be appended to the open chunk.
- [BUGFIX] Native histograms: Fix Histogram Appender Appendable() segfault.
- [BUGFIX] Native histograms: Fix setting reset header to gauge histograms in seriesToChunkEncoder.
- [BUGFIX] TSDB: Tombstone intervals are not modified after Get() call.
- [BUGFIX] TSDB: Use path/filepath to set the WAL directory.
Update to 2.44.0:
- [FEATURE] Remote-read: Handle native histograms.
- [FEATURE] Promtool: Health and readiness check of prometheus server in CLI.
- [FEATURE] PromQL: Add query_samples_total metric, the total number of samples loaded by all queries.
- [ENHANCEMENT] Storage: Optimise buffer used to iterate through samples.
- [ENHANCEMENT] Scrape: Reduce memory allocations on target labels.
- [ENHANCEMENT] PromQL: Use faster heap method for topk() / bottomk().
- [ENHANCEMENT] Rules API: Allow filtering by rule name.
- [ENHANCEMENT] Native Histograms: Various fixes and improvements.
- [ENHANCEMENT] UI: Search of scraping pools is now case-insensitive.
- [ENHANCEMENT] TSDB: Add an affirmative log message for successful WAL repair.
- [BUGFIX] TSDB: Block compaction failed when shutting down.
- [BUGFIX] TSDB: Out-of-order chunks could be ignored if the write-behind log was deleted.
Update to 2.43.1
- [BUGFIX] Labels: Set() after Del() would be ignored, which broke some relabeling rules.
Update to 2.43.0:
- [FEATURE] Promtool: Add HTTP client configuration to query commands.
- [FEATURE] Scrape: Add include_scrape_configs to include scrape configs from different files.
- [FEATURE] HTTP client: Add no_proxy to exclude URLs from proxied requests.
- [FEATURE] HTTP client: Add proxy_from_enviroment to read proxies from env variables.
- [ENHANCEMENT] API: Add support for setting lookback delta per query via the API.
- [ENHANCEMENT] API: Change HTTP status code from 503/422 to 499 if a request is canceled.
- [ENHANCEMENT] Scrape: Allow exemplars for all metric types.
- [ENHANCEMENT] TSDB: Add metrics for head chunks and WAL folders size.
- [ENHANCEMENT] TSDB: Automatically remove incorrect snapshot with index that is ahead of WAL.
- [ENHANCEMENT] TSDB: Improve Prometheus parser error outputs to be more comprehensible.
- [ENHANCEMENT] UI: Scope group by labels to metric in autocompletion.
- [BUGFIX] Scrape: Fix prometheus_target_scrape_pool_target_limit metric not set before reloading.
- [BUGFIX] TSDB: Correctly update prometheus_tsdb_head_chunks_removed_total and prometheus_tsdb_head_chunks metrics when reading WAL.
- [BUGFIX] TSDB: Use the correct unit (seconds) when recording out-of-order append deltas in the prometheus_tsdb_sample_ooo_delta metric.
Update to 2.42.0: This release comes with a bunch of feature coverage for native histograms and breaking changes. If you are trying native histograms already, we recommend you remove the wal directory when upgrading. Because the old WAL record for native histograms is not backward compatible in v2.42.0, this will lead to some data loss for the latest data. Additionally, if you scrape 'float histograms' or use recording rules on native histograms in v2.42.0 (which writes float histograms), it is a one-way street since older versions do not support float histograms.
- [CHANGE] breaking TSDB: Changed WAL record format for the experimental native histograms.
- [FEATURE] Add 'keep_firing_for' field to alerting rules.
- [FEATURE] Promtool: Add support of selecting timeseries for TSDB dump.
- [ENHANCEMENT] Agent: Native histogram support.
- [ENHANCEMENT] Rules: Support native histograms in recording rules.
- [ENHANCEMENT] SD: Add container ID as a meta label for pod targets for Kubernetes.
- [ENHANCEMENT] SD: Add VM size label to azure service discovery.
- [ENHANCEMENT] Support native histograms in federation.
- [ENHANCEMENT] TSDB: Add gauge histogram support.
- [ENHANCEMENT] TSDB/Scrape: Support FloatHistogram that represents buckets as float64 values.
- [ENHANCEMENT] UI: Show individual scrape pools on /targets page.
Update to 2.41.0:
- [FEATURE] Relabeling: Add keepequal and dropequal relabel actions.
- [FEATURE] Add support for HTTP proxy headers.
- [ENHANCEMENT] Reload private certificates when changed on disk.
- [ENHANCEMENT] Add max_version to specify maximum TLS version in tls_config.
- [ENHANCEMENT] Add goos and goarch labels to prometheus_build_info.
- [ENHANCEMENT] SD: Add proxy support for EC2 and LightSail SDs.
- [ENHANCEMENT] SD: Add new metric prometheus_sd_file_watcher_errors_total.
- [ENHANCEMENT] Remote Read: Use a pool to speed up marshalling.
- [ENHANCEMENT] TSDB: Improve handling of tombstoned chunks in iterators.
- [ENHANCEMENT] TSDB: Optimize postings offset table reading.
- [BUGFIX] Scrape: Validate the metric name, label names, and label values after relabeling.
- [BUGFIX] Remote Write receiver and rule manager: Fix error handling.
Update to 2.40.7:
- [BUGFIX] TSDB: Fix queries involving negative buckets of native histograms.
Update to 2.40.5:
- [BUGFIX] TSDB: Fix queries involving native histograms due to improper reset of iterators.
Update to 2.40.3:
- [BUGFIX] TSDB: Fix compaction after a deletion is called.
Update to 2.40.2:
- [BUGFIX] UI: Fix black-on-black metric name color in dark mode.
Update to 2.40.1:
- [BUGFIX] TSDB: Fix alignment for atomic int64 for 32 bit architecture.
- [BUGFIX] Scrape: Fix accept headers.
Update to 2.40.0:
- [FEATURE] Add experimental support for native histograms. Enable with the flag --enable-feature=native-histograms.
- [FEATURE] SD: Add service discovery for OVHcloud.
- [ENHANCEMENT] Kubernetes SD: Use protobuf encoding.
- [ENHANCEMENT] TSDB: Use golang.org/x/exp/slices for improved sorting speed.
- [ENHANCEMENT] Consul SD: Add enterprise admin partitions. Adds __meta_consul_partition label. Adds partition config in consul_sd_config.
- [BUGFIX] API: Fix API error codes for /api/v1/labels and /api/v1/series.
Update to 2.39.1:
- [BUGFIX] Rules: Fix notifier relabel changing the labels on active alerts.
Update to 2.39.0:
- [FEATURE] experimental TSDB: Add support for ingesting out-of-order samples. This is configured via out_of_order_time_window field in the config file; check config file docs for more info.
- [ENHANCEMENT] API: /-/healthy and /-/ready API calls now also respond to a HEAD request on top of existing GET support.
- [ENHANCEMENT] PuppetDB SD: Add __meta_puppetdb_query label.
- [ENHANCEMENT] AWS EC2 SD: Add __meta_ec2_region label.
- [ENHANCEMENT] AWS Lightsail SD: Add __meta_lightsail_region label.
- [ENHANCEMENT] Scrape: Optimise relabeling by re-using memory.
- [ENHANCEMENT] TSDB: Improve WAL replay timings.
- [ENHANCEMENT] TSDB: Optimise memory by not storing unnecessary data in the memory.
- [ENHANCEMENT] TSDB: Allow overlapping blocks by default. --storage.tsdb.allow-overlapping-blocks now has no effect.
- [ENHANCEMENT] UI: Click to copy label-value pair from query result to clipboard.
- [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak.
- [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup.
- [BUGFIX] PromQL: Properly close file descriptor when logging unfinished queries.
- [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired.
Update to 2.38.0:
- [FEATURE]: Web: Add a /api/v1/format_query HTTP API endpoint that allows pretty-formatting PromQL expressions.
- [FEATURE]: UI: Add support for formatting PromQL expressions in the UI.
- [FEATURE]: DNS SD: Support MX records for discovering targets.
- [FEATURE]: Templates: Add toTime() template function that allows converting sample timestamps to Go time.Time values.
- [ENHANCEMENT]: Kubernetes SD: Add __meta_kubernetes_service_port_number meta label indicating the service port number. __meta_kubernetes_pod_container_image meta label indicating the container image.
- [ENHANCEMENT]: PromQL: When a query panics, also log the query itself alongside the panic message.
- [ENHANCEMENT]: UI: Tweak colors in the dark theme to improve the contrast ratio.
- [ENHANCEMENT]: Web: Speed up calls to /api/v1/rules by avoiding locks and using atomic types instead.
- [ENHANCEMENT]: Scrape: Add a no-default-scrape-port feature flag, which omits or removes any default HTTP (:80) or HTTPS (:443) ports in the target's scrape address.
- [BUGFIX]: TSDB: In the WAL watcher metrics, expose the type='exemplar' label instead of type='unknown' for exemplar records.
- [BUGFIX]: TSDB: Fix race condition around allocating series IDs during chunk snapshot loading.
Remove npm_licenses.tar.bz2 during 'make clean'
Remove web-ui archives during 'make clean'.
Require promu >= 0.14.0 for building
Upgrade to version 2.37.6
- Require Go 1.19
Upgrade to version 2.37.5
- [SECURITY] Security upgrade from go and upstream dependencies that include security fixes to the net/http and os packages.
Upgrade to version 2.37.4
- [SECURITY] CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576)
Upgrade to version 2.37.3
- [BUGFIX] CVE-2022-41715: Update our regexp library to fix upstream vulnerability (bnc#1204023)
- [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak.
Upgrade to version 2.37.2
- [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup.
- [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired.
Upgrade to version 2.37.1
- [BUGFIX] Properly close file descriptor when logging unfinished queries.
- [BUGFIX] TSDB: In the WAL watcher metrics, expose the
Upgrade to version 2.37.0
- [FEATURE] Nomad SD: New service discovery for Nomad built-in service discovery.
- [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for endpoint role.
- [ENHANCEMENT] PromQL: Optimise creation of signature with/without labels.
- [ENHANCEMENT] TSDB: Memory optimizations.
- [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL.
- [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent header.
- [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued.
- [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file.
- [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures.
- [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads.
- [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total when context is canceled.
- [BUGFIX] TSDB: Fix panic if series is not found when deleting series.
- [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out of sequence errors.
- [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus configuration file and fix default configuration values.
Upgrade to version 2.36.2
- [BUGFIX] Fix serving of static assets like fonts and favicon.
Upgrade to version 2.36.1
- [BUGFIX] promtool: Add --lint-fatal option.
Upgrade to version 2.36.0
- [FEATURE] Add lowercase and uppercase relabel action.
- [FEATURE] SD: Add IONOS Cloud integration.
- [FEATURE] SD: Add Vultr integration.
- [FEATURE] SD: Add Linode SD failure count metric.
- [FEATURE] Add prometheus_ready metric.
- [ENHANCEMENT] Add stripDomain to template function.
- [ENHANCEMENT] UI: Enable active search through dropped targets.
- [ENHANCEMENT] promtool: support matchers when querying label
- [ENHANCEMENT] Add agent mode identifier.
- [BUGFIX] Changing TotalQueryableSamples from int to int64.
- [BUGFIX] tsdb/agent: Ignore duplicate exemplars.
- [BUGFIX] TSDB: Fix chunk overflow appending samples at a variable rate.
- [BUGFIX] Stop rule manager before TSDB is stopped.
Upgrade to version 2.35.0
- [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts.
- [CHANGE] promtool: Add new flag --lint (enabled by default) for the commands check rules and check config, resulting in a new exit code (3) for linter errors.
- [FEATURE] Support for automatically setting the variable GOMAXPROCS to the container CPU limit. Enable with the flag --enable-feature=auto-gomaxprocs.
- [FEATURE] PromQL: Extend statistics with total and peak number of samples in a query. Additionally, per-step statistics are available with --enable-feature=promql-per-step-stats and using stats=all in the query API. Enable with the flag --enable-feature=per-step-stats.
- [ENHANCEMENT] TSDB: more efficient sorting of postings read from WAL at startup.
- [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures.
- [ENHANCEMENT] Azure SD: Add an optional resource_group configuration.
- [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1 EndpointSlice (previously only discovery.k8s.io/v1beta1 EndpointSlice was supported).
- [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to discovered pods.
- [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch OAuth2 tokens.
- [ENHANCEMENT] Configuration: Add the ability to disable HTTP2.
- [ENHANCEMENT] Config: Support overriding minimum TLS version.
- [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io.
- [BUGFIX] Fix OpenMetrics parser to sort uppercase labels correctly.
- [BUGFIX] UI: Fix scrape interval and duration tooltip not showing on target page.
- [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is false.
- [BUGFIX] Agent: Fix ID collision when loading a WAL with multiple segments.
- [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing the queue.
Upgrade to version 2.34.0
- [CHANGE] UI: Classic UI removed.
- [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based tracing.
- [ENHANCEMENT] TSDB: Disable the chunk write queue by default and allow configuration with the experimental flag --storage.tsdb.head-chunks-write-queue-size.
- [ENHANCEMENT] HTTP SD: Add a failure counter.
- [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests.
- [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni.
- [ENHANCEMENT] Scrape: Log when an invalid media type is encountered during a scrape.
- [ENHANCEMENT] Scrape: Accept application/openmetrics-text;version=1.0.0 in addition to version=0.0.1.
- [ENHANCEMENT] Remote-read: Add an option to not use external labels as selectors for remote read.
- [ENHANCEMENT] UI: Optimize the alerts page and add a search bar.
- [ENHANCEMENT] UI: Improve graph colors that were hard to see.
- [ENHANCEMENT] Config: Allow escaping of $ with $$ when using environment variables with external labels.
- [BUGFIX] PromQL: Properly return an error from histogram_quantile when metrics have the same labelset.
- [BUGFIX] UI: Fix bug that sets the range input to the resolution.
- [BUGFIX] TSDB: Fix a query panic when memory-snapshot-on-shutdown is enabled.
- [BUGFIX] Parser: Specify type in metadata parser errors.
- [BUGFIX] Scrape: Fix label limit changes not applying.
Upgrade to version 2.33.5
- [BUGFIX] Remote-write: Fix deadlock between adding to queue and getting batch.
Upgrade to version 2.33.4
- [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the disk.
Upgrade to version 2.33.3
- [BUGFIX] Azure SD: Fix a regression when public IP Address isn't set.
Upgrade to version 2.33.2
- [BUGFIX] Azure SD: Fix panic when public IP Address isn't set.
- [BUGFIX] Remote-write: Fix deadlock when stopping a shard.
Upgrade to version 2.33.1
- [BUGFIX] SD: Fix no such file or directory in K8s SD when not running inside K8s.
Upgrade to version 2.33.0
- [CHANGE] PromQL: Promote negative offset and @ modifer to stable features.
- [CHANGE] Web: Promote remote-write-receiver to stable.
- [FEATURE] Config: Add stripPort template function.
- [FEATURE] Promtool: Add cardinality analysis to check metrics, enabled by flag --extended.
- [FEATURE] SD: Enable target discovery in own K8s namespace.
- [FEATURE] SD: Add provider ID label in K8s SD.
- [FEATURE] Web: Add limit field to the rules API.
- [ENHANCEMENT] Remote-write: Avoid allocations by buffering concrete structs instead of interfaces.
- [ENHANCEMENT] Remote-write: Log time series details for out-of-order samples in remote write receiver.
- [ENHANCEMENT] Remote-write: Shard up more when backlogged.
- [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar ingest performance.
- [ENHANCEMENT] TSDB: Avoid allocations when popping from the intersected postings heap.
- [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding latency spikes in remote-write.
- [ENHANCEMENT] TSDB: Improve label matching performance.
- [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar.
- [ENHANCEMENT] UI: Optimize the target page and add a search bar.
- [BUGFIX] Promtool: Make exit codes more consistent.
- [BUGFIX] Promtool: Fix flakiness of rule testing.
- [BUGFIX] Remote-write: Update prometheus_remote_storage_queue_highest_sent_timestamp_seconds metric when write irrecoverably fails.
- [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator.
- [BUGFIX] TSDB: CompactBlockMetas should produce correct mint/maxt for overlapping blocks.
- [BUGFIX] TSDB: Fix logging of exemplar storage size.
- [BUGFIX] UI: Fix overlapping click targets for the alert state checkboxes.
- [BUGFIX] UI: Fix Unhealthy filter on target page to actually display only Unhealthy targets.
- [BUGFIX] UI: Fix autocompletion when expression is empty.
- [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write.
CVE-2022-46146: Fix authentication bypass by updating Prometheus Exporter Toolkit to version 0.7.3 (bsc#1208049)
CVE-2022-41723: Fix uncontrolled resource consumption by updating Go to version 1.20.1 (bsc#1208298)

golang-github-prometheus-promu:

Always set user and host build metadata to constant string to achieve reproducible builds (compare reproducible-builds.org)
Add 0001-do_not_discover_user_host_for_reproducible_builds.patch
Require Go >= 1.19 for building
Require Go >= 1.18 for building Red Hat packages
Update to version 0.14.0 (jsc#PED-3576):
- Add the ability to override tags per GOOS
- Remove ioutil
- Update common Prometheus files (#232) (#224)
- Validate environment variable value
- Set build date from SOURCE_DATE_EPOCH
Update to Go 1.18
Exclude s390 architecture.
Set build date from last changelog modification (bsc#1047218)
Adapted for Enterprise Linux build.
Build requires Go 1.15
- Make extldflags extensible by configuration. #125
- Avoid bind-mounting to allow building with a remote docker engine #95
Update to 0.2.0
- Features:
- Adding changes to support s390x
- Add option to disable static linking
- Add support for 32bit MIPS.
- Added check_licenses Command to Promu
- Enhancements:
- Allow to customize nested options via env variables
- Bump Go version to 1.11
- Add warning if promu info is unable to determine repo info
- Bug Fixes:
- Fix build on SmartOS by not setting gcc's -static flag
- Fix git repository url parsing
Update to 0.1.0
Initial version

grafana:

Update to version 9.5.8:
- Please, check the release notes for further details.
- Security fixes provided in this and previous versions:
- CVE-2023-3128: Authentication bypass using Azure AD OAuth (bsc#1212641, jsc#PED-3694)
- CVE-2023-2801: Prevent crash while executing concurrent mixed queries (bsc#1212099)
- CVE-2023-2183: Require alert.notifications:write permissions to test receivers and templates (bsc#1212100)
- CVE-2023-1387: JWT URL-login flow leaks token to data sources through request parameter in proxy requests (bsc#1210907, jsc#PED-3694)
- CVE-2023-1410: Stored XSS in Graphite FunctionDescription tooltip (bsc#1209645)
- CVE-2020-7753: Regular Expression Denial of Service (ReDoS) in trim function (bsc#1218843)
- CVE-2021-3807: Regular expressionDdenial of Service (ReDoS) matching ANSI escape codes (bsc#1192154)
- CVE-2021-3918: Improperly Controlled Modification of Object Prototype Attributes (bsc#1192696)
- CVE-2021-43138: A malicious user can obtain privileges via the mapValues() method (bsc#1200480)
- CVE-2022-0155: Exposure of Private Personal Information to an Unauthorized Actor (bsc#1218844)
- CVE-2022-31107: OAuth account takeover (bsc#1201539)
- CVE-2022-31097: Stored XSS vulnerability (bsc#1201535)
- CVE-2023-1410: Fix XSS in Graphite functions tooltip (bsc#1209645)
- CVE-2023-0507: Apply attribute sanitation to GeomapPanel (bsc#1208821)
- CVE-2023-0594: Avoid storing XSS in TraceView panel (bsc#1208819)
- CVE-2022-46146: Fix basic authentication bypass by updating the exporter toolkit to version 0.7.3 (bsc#1208065)
- CVE-2022-41723: Require Go 1.19 or newer (bsc#1208293)
- CVE-2022-23552: SVG: Add dompurify preprocessor step (bsc#1207749)
- CVE-2022-39324: Snapshots: Fix originalUrl spoof security issue (bsc#1207750)
- CVE-2022-39306: Fix for privilege escalation (bsc#1205225)
- CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227)
- CVE-2022-39201: Fix do not forward login cookie in outgoing requests (bsc#1204303)
- CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305)
- CVE-2022-31123: Fix plugin signature bypass (bsc#1204302)
- CVE-2022-39229: Fix blocknig other users from signing in (bsc#1204304)
- CVE-2022-36062: RBAC folders/dashboards privilege escalation (bsc#1203596, jsc#PED-2145)
- CVE-2022-35957: Escalation from admin to server admin when auth proxy is used (bsc#1203597, jsc#PED-2145)
- CVE-2022-31107: OAuth account takeover (bsc#1201539)
- CVE-2022-31097: Stored XSS vulnerability (bsc#1201535)
- CVE-2022-29170: Request security bypass via malicious redirect (bsc#1199810)
- CVE-2022-31097: XSS vulnerability in the Unified Alerting (bsc#1201535)
- CVE-2022-31107: OAuth account takeover vulnerability (bsc#1201539)
- CVE-2022-21702: XSS vulnerability in handling data sources (bsc#1195726, jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565)
- CVE-2022-21703: Cross-origin request forgery vulnerability (bsc#1195727)
- CVE-2022-21713: Insecure Direct Object Reference vulnerability in Teams API (bsc#1195728)
- CVE-2022-21673: GetUserInfo: return an error if no user was found (bsc#1194873)
- CVE-2021-43813: Directory traversal vulnerability for .md files (bsc#1193688)
- CVE-2021-43815: Directory traversal for .csv files (bsc#1193686)
- CVE-2021-43798: arbitrary file read in the graph native plugin (bsc#1193492)
- CVE-2021-43798: Arbitrary file read in the graph native plugin (bsc#1193492)
- CVE-2021-41244: Grafana 8.2.4 released with security fixes (bsc#1192763)
- Security: Fixes CVE-2021-41174, bsc#1192383.
- Security: Update dependencies to fix CVE-2021-36222, bsc#1188571.

kiwi-desc-saltboot:

Update to version 0.1.1687520761.cefb248
- Add osimage cert package to bootstrap for SUSE Linux Enterprise 12 images (bsc#1204089)
Update to version 0.1.1673279145.e7616bd
- Add failsafe stop file when salt-minion does not stop (bsc#1172110)
Update to version 0.1.1661440542.6cbe0da
- Use standard susemanager.conf
- Use salt bundle
- Add support fo VirtIO disks

mgr-push:

Version 5.0.1-1
- Bump version to 5.0.0
Version 4.4.6-1
- Remove unused makefiles
Version 4.4.5-1
- Use http to connect to localhost server
- Use bundle CA certificate in rhnpush
Version 4.4.4-1
- remove pylint check at build time
Version 4.4.3-1
- Ensure installation of make for building
Version 4.4.2-1
- Update translation strings
Version 4.4.1-1
- Bump version to 4.4.0

prometheus-blackbox_exporter:

Use obscpio for go modules service
Set version number
Set build date from SOURCE_DATE_EPOCH
Update to 0.24.0 (bsc#1212279, jsc#PED-4556)
- Requires go1.19
Avoid empty validation script
Add rc symlink for backwards compatibility
Fix authentication bypass via cache poisoning (CVE-2022-46146, bsc#1208062)
Add min_version parameter of tls_config to allow enabling TLS 1.0 and 1.1 (bsc#1209113)
On SUSE Linux Enterprise build always with Go >= 1.19 (bsc#1203599)
Build with go1.18 only for SLE-15-SP3 and build with >= go1.19 on higher SP (bsc#1203599)
Require go1.18 (bsc#1203599, GH#19127)
Exclude s390 arch
Fix %pre section to avoid empty content
Updated to allow building on older rpmbuild.
Enhanced to build on Enterprise Linux 8

prometheus-postgres_exporter:

Remove duplicated call to systemd requirements
Do not build debug if RHEL >= 8
Do not strip if SUSE Linux Enterprise 15 SP3
Build at least with with Go >= 1.18 on RHEL
Build with Go >= 1.20 elsewhere
Adapt the systemd service security configuration to be able to start it on RHEL systems and clones
Create the prometheus user for RHEL systems and clones
Add 0001-Update-prometheus-exporter-toolkit-to-0.7.3.patch
- Fix authentication bypass via cache poisoning (CVE-2022-46146, bsc#1208060)
Fix _service to pull correct version
Use go_modules source service
Upgrade to version 0.10.1:
- Fix broken log-level for values other than debug (bsc#1208965)
Version/release lines above first usage of those macros. gh#uyuni-project/uyuni#5418
Prevent empty %pre section
Exclude s390 builds
Updated for RHEL8.

python-hwdata:

Declare the LICENSE file as license and not doc

rhnlib:

Version 5.0.1-1
- Specify a packager for Debian like distros
Version 4.4.6-1
- Remove unused makefiles
Version 4.4.5-1
- Use bundle CA certificate in rhnpush
Version 4.4.4-1
- Only use TLSv1+ for SSL connections
Version 4.4.3-1
- Ensure installation of make for building
Version 4.4.2-1
- Don't get stuck at the end of SSL transfers (bsc#1204032)
Version 4.4.1-1
- Bump version to 4.4.0

spacecmd:

Version 5.0.1-1
- Use localhost without ssl when running on the server
Version 4.4.10-1
- Update translation strings
Version 4.4.9-1
Version 4.4.8-1
- Add spacecmd function: cryptokey_update
- Bypass traditional systems check on older SUMA instances (bsc#1208612)
- fix argument parsing of distribution_update (bsc#1210458)
Version 4.4.7-1
- remove pylint check at build time
- Display activation key details after executing the corresponding command (bsc#1208719)
- Show targetted packages before actually removing them (bsc#1207830)
Version 4.4.6-1
- Fix spacecmd not showing any output for softwarechannel_diff and softwarechannel_errata_diff (bsc#1207352)
Version 4.4.5-1
- Prevent string api parameters to be parsed as dates if not in ISO-8601 format (bsc#1205759)
- Add python-dateutil dependency, required to process date values in spacecmd api calls
- Remove python3-simplejson dependency
Version 4.4.4-1
- Correctly understand 'ssm' keyword on scap scheduling
- Add vendor_advisory information to errata_details call (bsc#1205207)
- Change default port of 'Containerized Proxy configuration' 8022
Version 4.4.3-1
- Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126)
- Changed schedule product migration to use the correct API method
- Fix dict_keys not supporting indexing in systems_setconfigchannelorger
- Added a warning message for traditional stack deprecation
- Remove 'Undefined return code' from debug messages (bsc#1203283)
Version 4.4.2-1
- Stop always showing help for valid proxy_container_config calls
Version 4.4.1-1
- Process date values in spacecmd api calls (bsc#1198903)
- Improve Proxy FQDN hint message
Version 4.3.14-1
- Fix missing argument on system_listmigrationtargets (bsc#1201003)
- Show correct help on calling kickstart_importjson with no arguments
- Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
- Change proxy container config default filename to end with tar.gz
Version 4.3.13-1
- Update translation strings
Version 4.3.12-1
- Update translation strings
Version 4.3.11-1
- on full system update call schedulePackageUpdate API (bsc#1197507)

spacewalk-client-tools:

Version 5.0.1-1
- Bump version to 5.0.0
Version 4.4.7-1
- Remove unused and deprecated/removed platform.dist import.
Version 4.4.6-1
- Update translation strings
- Tito requires to list the package source as %{name}-%{version}.tar.gz
Version 4.4.5-1
- remove mgr-virtualization usage
- remove dependency to suseRegisterInfo
Version 4.4.4-1
- Update translation strings
Version 4.4.3-1
- Update translation strings
Version 4.4.2-1
- Update translation strings
Version 4.4.1-1
- Update translation strings
Version 4.3.11-1
- Update translation strings
Version 4.3.10-1

supportutils-plugin-salt:

Update to version 1.2.2
- Remove possible passwords from Salt configuration files (bsc#1201059)
Update to version 1.2.1
- Remove ERROR messages on Salt client systems
Declare the LICENSE file as license and not doc
Update to version 1.2.0
- Add support for Salt Bundle

supportutils-plugin-susemanager-client:

Version 5.0.1-1
- Bump version to 5.0.0
Version 4.4.2-1
- write configured crypto-policy in supportconfig
- add cloud and payg checks
Version 4.4.1-1
- Bump version to 4.4.0
Version 4.3.2-1
- Add proxy containers config and logs

uyuni-common-libs:

Version 5.0.1-1
- Bump version to 5.0.0
Version 4.4.4-1
- Workaround for python3-debian bug about collecting control file (bsc#1211525, bsc#1208692)
- Accept missing rhn.conf file
- Use context manager for apache users in fileutils.py.
Version 4.4.3-1
- Ensure installation of make for building.
- Use versioned Python during packaging.
Version 4.4.2-1
- unify user notification code on java side
Version 4.4.1-1
- Do not allow creating path if nonexistent user or group in fileutils.
Version 4.3.5-1
- Fix reposync issue about 'rpm.hdr' object has no attribute 'get'

ID

SUSE-SU-2024:0191-1

Severity

moderate

URL

https://www.suse.com/support/update/announcement/2024/suse-su-20240191-1/

Published

2024-01-23T15:18:14
(7 months ago)

Modified

2024-01-23T15:18:14
(7 months ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0191-1.json
Suse	URL for SUSE-SU-2024:0191-1	https://www.suse.com/support/update/announcement/2024/suse-su-20240191-1/
Suse	E-Mail link for SUSE-SU-2024:0191-1	https://lists.suse.com/pipermail/sle-security-updates/2024-January/017744.html
Bugzilla	SUSE Bug 1047218	https://bugzilla.suse.com/1047218
Bugzilla	SUSE Bug 1172110	https://bugzilla.suse.com/1172110
Bugzilla	SUSE Bug 1188571	https://bugzilla.suse.com/1188571
Bugzilla	SUSE Bug 1189520	https://bugzilla.suse.com/1189520
Bugzilla	SUSE Bug 1191454	https://bugzilla.suse.com/1191454
Bugzilla	SUSE Bug 1192154	https://bugzilla.suse.com/1192154
Bugzilla	SUSE Bug 1192383	https://bugzilla.suse.com/1192383
Bugzilla	SUSE Bug 1192696	https://bugzilla.suse.com/1192696
Bugzilla	SUSE Bug 1192763	https://bugzilla.suse.com/1192763
Bugzilla	SUSE Bug 1193492	https://bugzilla.suse.com/1193492
Bugzilla	SUSE Bug 1193686	https://bugzilla.suse.com/1193686
Bugzilla	SUSE Bug 1193688	https://bugzilla.suse.com/1193688
Bugzilla	SUSE Bug 1194873	https://bugzilla.suse.com/1194873
Bugzilla	SUSE Bug 1195726	https://bugzilla.suse.com/1195726
Bugzilla	SUSE Bug 1195727	https://bugzilla.suse.com/1195727
Bugzilla	SUSE Bug 1195728	https://bugzilla.suse.com/1195728
Bugzilla	SUSE Bug 1196338	https://bugzilla.suse.com/1196338
Bugzilla	SUSE Bug 1196652	https://bugzilla.suse.com/1196652
Bugzilla	SUSE Bug 1197507	https://bugzilla.suse.com/1197507
Bugzilla	SUSE Bug 1198903	https://bugzilla.suse.com/1198903
Bugzilla	SUSE Bug 1199810	https://bugzilla.suse.com/1199810
Bugzilla	SUSE Bug 1200480	https://bugzilla.suse.com/1200480
Bugzilla	SUSE Bug 1200591	https://bugzilla.suse.com/1200591
Bugzilla	SUSE Bug 1200725	https://bugzilla.suse.com/1200725
Bugzilla	SUSE Bug 1201003	https://bugzilla.suse.com/1201003
Bugzilla	SUSE Bug 1201059	https://bugzilla.suse.com/1201059
Bugzilla	SUSE Bug 1201535	https://bugzilla.suse.com/1201535
Bugzilla	SUSE Bug 1201539	https://bugzilla.suse.com/1201539
Bugzilla	SUSE Bug 1203283	https://bugzilla.suse.com/1203283
Bugzilla	SUSE Bug 1203596	https://bugzilla.suse.com/1203596
Bugzilla	SUSE Bug 1203597	https://bugzilla.suse.com/1203597
Bugzilla	SUSE Bug 1203599	https://bugzilla.suse.com/1203599
Bugzilla	SUSE Bug 1204032	https://bugzilla.suse.com/1204032
Bugzilla	SUSE Bug 1204089	https://bugzilla.suse.com/1204089
Bugzilla	SUSE Bug 1204126	https://bugzilla.suse.com/1204126
Bugzilla	SUSE Bug 1204302	https://bugzilla.suse.com/1204302
Bugzilla	SUSE Bug 1204303	https://bugzilla.suse.com/1204303
Bugzilla	SUSE Bug 1204304	https://bugzilla.suse.com/1204304
Bugzilla	SUSE Bug 1204305	https://bugzilla.suse.com/1204305
Bugzilla	SUSE Bug 1204501	https://bugzilla.suse.com/1204501
Bugzilla	SUSE Bug 1205207	https://bugzilla.suse.com/1205207
Bugzilla	SUSE Bug 1205225	https://bugzilla.suse.com/1205225
Bugzilla	SUSE Bug 1205227	https://bugzilla.suse.com/1205227
Bugzilla	SUSE Bug 1205759	https://bugzilla.suse.com/1205759
Bugzilla	SUSE Bug 1207352	https://bugzilla.suse.com/1207352
Bugzilla	SUSE Bug 1207749	https://bugzilla.suse.com/1207749
Bugzilla	SUSE Bug 1207750	https://bugzilla.suse.com/1207750
Bugzilla	SUSE Bug 1207830	https://bugzilla.suse.com/1207830
Bugzilla	SUSE Bug 1208046	https://bugzilla.suse.com/1208046
Bugzilla	SUSE Bug 1208049	https://bugzilla.suse.com/1208049
Bugzilla	SUSE Bug 1208051	https://bugzilla.suse.com/1208051
Bugzilla	SUSE Bug 1208060	https://bugzilla.suse.com/1208060
Bugzilla	SUSE Bug 1208062	https://bugzilla.suse.com/1208062
Bugzilla	SUSE Bug 1208064	https://bugzilla.suse.com/1208064
Bugzilla	SUSE Bug 1208065	https://bugzilla.suse.com/1208065
Bugzilla	SUSE Bug 1208270	https://bugzilla.suse.com/1208270
Bugzilla	SUSE Bug 1208293	https://bugzilla.suse.com/1208293
Bugzilla	SUSE Bug 1208298	https://bugzilla.suse.com/1208298
Bugzilla	SUSE Bug 1208612	https://bugzilla.suse.com/1208612
Bugzilla	SUSE Bug 1208692	https://bugzilla.suse.com/1208692
Bugzilla	SUSE Bug 1208719	https://bugzilla.suse.com/1208719
Bugzilla	SUSE Bug 1208819	https://bugzilla.suse.com/1208819
Bugzilla	SUSE Bug 1208821	https://bugzilla.suse.com/1208821
Bugzilla	SUSE Bug 1208965	https://bugzilla.suse.com/1208965
Bugzilla	SUSE Bug 1209113	https://bugzilla.suse.com/1209113
Bugzilla	SUSE Bug 1209645	https://bugzilla.suse.com/1209645
Bugzilla	SUSE Bug 1210458	https://bugzilla.suse.com/1210458
Bugzilla	SUSE Bug 1210907	https://bugzilla.suse.com/1210907
Bugzilla	SUSE Bug 1211525	https://bugzilla.suse.com/1211525
Bugzilla	SUSE Bug 1212099	https://bugzilla.suse.com/1212099
Bugzilla	SUSE Bug 1212100	https://bugzilla.suse.com/1212100
Bugzilla	SUSE Bug 1212279	https://bugzilla.suse.com/1212279
Bugzilla	SUSE Bug 1212641	https://bugzilla.suse.com/1212641
Bugzilla	SUSE Bug 1218843	https://bugzilla.suse.com/1218843
Bugzilla	SUSE Bug 1218844	https://bugzilla.suse.com/1218844
CVE	SUSE CVE CVE-2020-7753 page	https://www.suse.com/security/cve/CVE-2020-7753/
CVE	SUSE CVE CVE-2021-36222 page	https://www.suse.com/security/cve/CVE-2021-36222/
CVE	SUSE CVE CVE-2021-3711 page	https://www.suse.com/security/cve/CVE-2021-3711/
CVE	SUSE CVE CVE-2021-3807 page	https://www.suse.com/security/cve/CVE-2021-3807/
CVE	SUSE CVE CVE-2021-3918 page	https://www.suse.com/security/cve/CVE-2021-3918/
CVE	SUSE CVE CVE-2021-39226 page	https://www.suse.com/security/cve/CVE-2021-39226/
CVE	SUSE CVE CVE-2021-41174 page	https://www.suse.com/security/cve/CVE-2021-41174/
CVE	SUSE CVE CVE-2021-41244 page	https://www.suse.com/security/cve/CVE-2021-41244/
CVE	SUSE CVE CVE-2021-43138 page	https://www.suse.com/security/cve/CVE-2021-43138/
CVE	SUSE CVE CVE-2021-43798 page	https://www.suse.com/security/cve/CVE-2021-43798/
CVE	SUSE CVE CVE-2021-43813 page	https://www.suse.com/security/cve/CVE-2021-43813/
CVE	SUSE CVE CVE-2021-43815 page	https://www.suse.com/security/cve/CVE-2021-43815/
CVE	SUSE CVE CVE-2022-0155 page	https://www.suse.com/security/cve/CVE-2022-0155/
CVE	SUSE CVE CVE-2022-21673 page	https://www.suse.com/security/cve/CVE-2022-21673/
CVE	SUSE CVE CVE-2022-21698 page	https://www.suse.com/security/cve/CVE-2022-21698/
CVE	SUSE CVE CVE-2022-21702 page	https://www.suse.com/security/cve/CVE-2022-21702/
CVE	SUSE CVE CVE-2022-21703 page	https://www.suse.com/security/cve/CVE-2022-21703/
CVE	SUSE CVE CVE-2022-21713 page	https://www.suse.com/security/cve/CVE-2022-21713/
CVE	SUSE CVE CVE-2022-23552 page	https://www.suse.com/security/cve/CVE-2022-23552/
CVE	SUSE CVE CVE-2022-27191 page	https://www.suse.com/security/cve/CVE-2022-27191/
CVE	SUSE CVE CVE-2022-27664 page	https://www.suse.com/security/cve/CVE-2022-27664/
CVE	SUSE CVE CVE-2022-29170 page	https://www.suse.com/security/cve/CVE-2022-29170/
CVE	SUSE CVE CVE-2022-31097 page	https://www.suse.com/security/cve/CVE-2022-31097/
CVE	SUSE CVE CVE-2022-31107 page	https://www.suse.com/security/cve/CVE-2022-31107/
CVE	SUSE CVE CVE-2022-31123 page	https://www.suse.com/security/cve/CVE-2022-31123/
CVE	SUSE CVE CVE-2022-31130 page	https://www.suse.com/security/cve/CVE-2022-31130/
CVE	SUSE CVE CVE-2022-32149 page	https://www.suse.com/security/cve/CVE-2022-32149/
CVE	SUSE CVE CVE-2022-35957 page	https://www.suse.com/security/cve/CVE-2022-35957/
CVE	SUSE CVE CVE-2022-36062 page	https://www.suse.com/security/cve/CVE-2022-36062/
CVE	SUSE CVE CVE-2022-39201 page	https://www.suse.com/security/cve/CVE-2022-39201/
CVE	SUSE CVE CVE-2022-39229 page	https://www.suse.com/security/cve/CVE-2022-39229/
CVE	SUSE CVE CVE-2022-39306 page	https://www.suse.com/security/cve/CVE-2022-39306/
CVE	SUSE CVE CVE-2022-39307 page	https://www.suse.com/security/cve/CVE-2022-39307/
CVE	SUSE CVE CVE-2022-39324 page	https://www.suse.com/security/cve/CVE-2022-39324/
CVE	SUSE CVE CVE-2022-41715 page	https://www.suse.com/security/cve/CVE-2022-41715/
CVE	SUSE CVE CVE-2022-41723 page	https://www.suse.com/security/cve/CVE-2022-41723/
CVE	SUSE CVE CVE-2022-46146 page	https://www.suse.com/security/cve/CVE-2022-46146/
CVE	SUSE CVE CVE-2023-0507 page	https://www.suse.com/security/cve/CVE-2023-0507/
CVE	SUSE CVE CVE-2023-0594 page	https://www.suse.com/security/cve/CVE-2023-0594/
CVE	SUSE CVE CVE-2023-1387 page	https://www.suse.com/security/cve/CVE-2023-1387/
CVE	SUSE CVE CVE-2023-1410 page	https://www.suse.com/security/cve/CVE-2023-1410/
CVE	SUSE CVE CVE-2023-2183 page	https://www.suse.com/security/cve/CVE-2023-2183/
CVE	SUSE CVE CVE-2023-2801 page	https://www.suse.com/security/cve/CVE-2023-2801/
CVE	SUSE CVE CVE-2023-3128 page	https://www.suse.com/security/cve/CVE-2023-3128/
CVE	SUSE CVE CVE-2023-40577 page	https://www.suse.com/security/cve/CVE-2023-40577/

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date