[SUSE-SU-2024:0486-1] Security update for SUSE Manager Client Tools
Severity
Moderate
CVEs
9
Security update for SUSE Manager Client Tools
This update fixes the following issues:
golang-github-lusitaniae-apache_exporter:
- Do not strip if SUSE Linux Enterprise 15 SP3
- Exclude debug for Red Hat Enterprise Linux >= 8
- Build with Go >= 1.20 when the OS is not Red Hat Enterprise Linux
golang-github-prometheus-alertmanager:
- Create position independent executables (PIE)
- Add System/Monitoring group tag
- Update to version 0.26.0 (jsc#PED-7353):
https://github.com/prometheus/alertmanager/releases/tag/v0.26.0
- CVE-2023-40577: Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI (bsc#1218838)
- Configuration: Fix empty list of receivers and inhibit_rules would cause the alertmanager to crash
- Templating: Fixed a race condition when using the title function. It is now race-safe
- API: Fixed duplicate receiver names in the api/v2/receivers API endpoint
- API: Attempting to delete a silence now returns the correct status code, 404 instead of 500
- Clustering: Fixes a panic when tls_client_config is empty
- Webhook: url is now marked as a secret. It will no longer show up in the logs as clear-text
- Metrics: New label reason for alertmanager_notifications_failed_total metric to indicate the type of error of the alert delivery
- Clustering: New flag --cluster.label, to help to block any traffic that is not meant for the cluster
- Integrations: Add Microsoft Teams as a supported integration
- Update to version 0.25.0:
https://github.com/prometheus/alertmanager/releases/tag/v0.25.0
- Fail configuration loading if api_key and api_key_file are defined at the same time
- Fix the alertmanager_alerts metric to avoid counting resolved alerts as active. Also added a new alertmanager_marked_alerts metric that retain the old behavior
- Trim contents of Slack API URLs when reading from files
- amtool: Avoid panic when the label value matcher is empty
- Fail configuration loading if api_url is empty for OpsGenie
- Fix email template for resolved notifications
- Add proxy_url support for OAuth2 in HTTP client configuration
- Reload TLS certificate and key from disk when updated
- Add Discord integration
- Add Webex integration
- Add min_version support to select the minimum TLS version in HTTP client configuration
- Add max_version support to select the maximum TLS version in
- Emit warning logs when truncating messages in notifications
- Support HEAD method for the /-/healty and /-/ready endpoints
- Add support for reading global and local SMTP passwords from files
- UI: Add 'Link' button to alerts in list
- UI: Allow to choose the first day of the week as Sunday or Monday
- Update to version 0.24.0:
https://github.com/prometheus/alertmanager/releases/tag/v0.24.0
- Fix HTTP client configuration for the SNS receiver
- Fix unclosed file descriptor after reading the silences snapshot file
- Fix field names for mute_time_intervals in JSON marshaling
- Ensure that the root route doesn't have any matchers
- Truncate the message's title to 1024 chars to avoid hitting Slack limits
- Fix the default HTML email template (email.default.html) to match with the canonical source
- Detect SNS FIFO topic based on the rendered value
- Avoid deleting and recreating a silence when an update is possible
- api/v2: Return 200 OK when deleting an expired silence
- amtool: Fix the silence's end date when adding a silence. The end date is (start date + duration) while it used to be (current time + duration). The new behavior is consistent with the update operation
- Add the /api/v2 prefix to all endpoints in the OpenAPI specification and generated client code
- Add --cluster.tls-config experimental flag to secure cluster traffic via mutual TLS
- Add Telegram integration
mgr-daemon:
- Version 4.3.8-1
- Update translation strings
prometheus-postgres_exporter:
- Remove duplicated call to systemd requirements
- Do not build debug if Red Hat Enterprise Linux >= 8
- Do not strip if SUSE Linux Enterprise 15 SP3
- Build at least with with Go >= 1.18 on Red Hat Enterprise Linux
- Build with Go >= 1.20 elsewhere
spacecmd:
- Version 4.3.26-1
- Update translation strings
spacewalk-client-tools:
- Version 4.3.18-1
- Update translation strings
- ID
- SUSE-SU-2024:0486-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2024/suse-su-20240486-1/
- Published
-
2024-02-15T13:35:33
(7 months ago) - Modified
-
2024-02-15T13:35:33
(7 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS2-2022-1887
- ALAS2-2023-1913
- ALPINE:CVE-2021-43798
- ALPINE:CVE-2021-43815
- ALPINE:CVE-2022-41715
- ALPINE:CVE-2023-40577
- ALSA-2021:5171
- ALSA-2022:0350
- ALSA-2022:6595
- ALSA-2023:0328
- ALSA-2023:0446
- ALSA-2023:2167
- ALSA-2023:2204
- ALSA-2023:2357
- ALSA-2023:2780
- ALSA-2023:2784
- ALSA-2023:2866
- ALSA-2024:0121
- ALSA-2024:3254
- ASA-202112-11
- ELSA-2021-5171
- ELSA-2022-0350
- ELSA-2022-24267
- ELSA-2022-6449
- ELSA-2022-6595
- ELSA-2023-0328
- ELSA-2023-0446
- ELSA-2023-18908
- ELSA-2023-2167
- ELSA-2023-2204
- ELSA-2023-2357
- ELSA-2023-2592
- ELSA-2023-2780
- ELSA-2023-2784
- ELSA-2023-2866
- ELSA-2024-0121
- ELSA-2024-2988
- ELSA-2024-3254
- FEDORA-2022-0e313cc582
- FEDORA-2022-59a20edab2
- FEDORA-2023-18fd476362
- FEDORA-2023-2e38c3756f
- FEDORA-2023-86d75130fe
- FEDORA-2023-a4f0b29f6c
- FEDORA-2023-ce8943223c
- FREEBSD:854C2AFB-4424-11ED-AF97-ADCABF310F9B
- FREEBSD:C2A7DE31-5B42-11EC-8398-6C3BE5272ACD
- FREEBSD:E33880ED-5802-11EC-8398-6C3BE5272ACD
- GLSA-202311-09
- GO-2022-1039
- NPM:GHSA-74FJ-2J2H-C42Q
- NPM:GHSA-896R-F27R-55MW
- NPM:GHSA-93Q8-GQ69-WQMW
- NPM:GHSA-FWR7-V2MV-HH25
- NPM:GHSA-W5P7-H5W8-2HFQ
- openSUSE-SU-2022:0657-1
- openSUSE-SU-2022:0704-1
- openSUSE-SU-2022:0715-1
- RHEA-2022:5139
- RHSA-2021:5171
- RHSA-2022:0350
- RHSA-2022:6449
- RHSA-2022:6595
- RHSA-2023:0328
- RHSA-2023:0446
- RHSA-2023:2167
- RHSA-2023:2204
- RHSA-2023:2357
- RHSA-2023:2592
- RHSA-2023:2780
- RHSA-2023:2784
- RHSA-2023:2866
- RHSA-2024:0121
- RHSA-2024:2988
- RHSA-2024:3254
- RLEA-2022:5139
- RLSA-2021:5171
- RLSA-2022:0350
- RLSA-2022:6449
- RLSA-2023:0328
- RLSA-2023:0446
- SUSE-SU-2022:0531-1
- SUSE-SU-2022:0563-1
- SUSE-SU-2022:0569-1
- SUSE-SU-2022:0570-1
- SUSE-SU-2022:0657-1
- SUSE-SU-2022:0704-1
- SUSE-SU-2022:0715-1
- SUSE-SU-2022:0751-1
- SUSE-SU-2022:1396-1
- SUSE-SU-2022:1717-1
- SUSE-SU-2022:2134-1
- SUSE-SU-2022:3313-1
- SUSE-SU-2022:3314-1
- SUSE-SU-2022:3668-1
- SUSE-SU-2022:3669-1
- SUSE-SU-2022:3676-1
- SUSE-SU-2022:3761-1
- SUSE-SU-2022:4428-1
- SUSE-SU-2022:4437-1
- SUSE-SU-2022:4439-1
- SUSE-SU-2023:2182-1
- SUSE-SU-2023:2183-1
- SUSE-SU-2023:2312-1
- SUSE-SU-2023:2575-1
- SUSE-SU-2023:2578-1
- SUSE-SU-2023:2579-1
- SUSE-SU-2023:2598-1
- SUSE-SU-2024:0191-1
- SUSE-SU-2024:0196-1
- SUSE-SU-2024:0487-1
- SUSE-SU-2024:0512-1
- USN-6038-1
- USN-6103-1
- USN-6935-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |