SUSE-SU-2022:1545-1

This update fixes the following issues:

golang-github-prometheus-alertmanager:

• CVE-2022-21698: Denial of service using InstrumentHandlerCounter
  • Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077)
• Update to version 0.23.0:
  • amtool: Detect version drift and warn users (#2672)
  • Add ability to skip TLS verification for amtool (#2663)
  • Fix empty isEqual in amtool. (#2668)
  • Fix main tests (#2670)
  • cli: add new template render command (#2538)
  • OpsGenie: refer to alert instead of incident (#2609)
  • Docs: targetmatch and sourcematch are DEPRECATED (#2665)
  • Fix test not waiting for cluster member to be ready
• Added hardening to systemd service(s) (bsc#1181400).

golang-github-prometheus-prometheus:

• Build firewalld-prometheus-config only for SUSE Linux Enterprise 15, 15.1 and 15.2, and require firewalld for it
• Firewalld-prometheus-config needs to be a Recommends, not a Requires, as prometheus does not require it to run
• Create firewalld-prometheus-config subpackage (bsc#1197042)
• CVE-2022-21698: Denial of service using InstrumentHandlerCounter.
  • Update vendor tarball with prometheus/client_golang 1.12.1 (bsc#1196338)

mgr-cfg:

• Version 4.3.6-1
  • Fix the condition for preventing building python 2 subpackage for SLE15 (bsc#1197579)

mgr-osad:

• Version 4.3.6-1
  • Fix the condition for preventing building python 2 subpackage for SLE15

mgr-push:

• Version 4.3.4-1
  • Fix the condition for preventing building python 2 subpackage for SLE15

mgr-virtualization:

• Version 4.3.5-1
  • Fix the condition for preventing building python 2 subpackage for SLE15

rhnlib:

• Version 4.3.4-1
  • Fix the condition for preventing building python 2 subpackage for SLE15

salt:

• Prevent data pollution between actions proceesed at the same time (bsc#1197637)
• Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533)
• Fixes for Python 3.10
• Fix salt-ssh opts poisoning (bsc#1197637)
• Fix multiple security issues for salt (bsc#1197417):
  • CVE-2022-22935: Sign authentication replies to prevent MiTM.
  • CVE-2022-22934: Sign pillar data to prevent MiTM attacks.
  • CVE-2022-22936: Prevent job and fileserver replays.
  • CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth.

spacecmd:

• Version 4.3.10-1
  • parse boolean parameters correctly (bsc#1197689)
  • Add parameter to set containerized proxy SSH port

spacewalk-client-tools:

• Version 4.3.9-1
  • Fix the condition for preventing building python 2 subpackage for SLE15

spacewalk-koan:

• Version 4.3.5-1
  • Fix the condition for preventing building python 2 subpackage for SLE15

spacewalk-oscap:

• Version 4.3.5-1
  • Fix the condition for preventing building python 2 subpackage for SLE15

suseRegisterInfo:

• Version 4.3.3-1
  • Fix the condition for preventing building python 2 subpackage for SLE15

uyuni-common-libs:

• Version 4.3.4-1
  • implement more decompression algorithms for reposync (bsc#1196704)

uyuni-proxy-systemd-services:

• Version 4.3.2-1
  • Harmonize systemd services names and container names
  • Adapted to work on Enterprise Linux.
  • Add package to SLE and Client tools (jsc#SLE-24145)