SUSE-SU-2022:2139-1

Source
https://www.suse.com/support/update/announcement/2022/suse-su-20222139-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2022:2139-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2022:2139-1
Related
Published
2022-06-20T12:56:16Z
Modified
2022-06-20T12:56:16Z
Summary
Security update for golang-github-prometheus-alertmanager
Details

This update for golang-github-prometheus-alertmanager fixes the following issues:

Update golang-github-prometheus-alertmanager from version 0.21.0 to version 0.23.0 (bsc#1196338, jsc#SLE-24077)

  • CVE-2022-21698: Denial of service using InstrumentHandlerCounter
  • Update vendor tarball with prometheus/client_golang 1.11.1
  • Update required Go version to 1.16
  • Use %autosetup macro
  • Update to version 0.23.0:
    • Release 0.23.0
    • Release 0.23.0-rc.0
    • amtool: Detect version drift and warn users (#2672)
    • Add ability to skip TLS verification for amtool (#2663)
    • Fix empty isEqual in amtool. (#2668)
    • Fix main tests (#2670)
    • cli: add new template render command (#2538)
    • OpsGenie: refer to alert instead of incident (#2609)
    • Docs: targetmatch and sourcematch are DEPRECATED (#2665)
    • Fix test not waiting for cluster member to be ready
  • Add go_modules to _service.
  • Added hardening to systemd service(s) with a modified prometheus-alertmanager.service (bsc#1181400)
References

Affected packages

SUSE:Manager Client Tools 15 / golang-github-prometheus-alertmanager

Package

Name
golang-github-prometheus-alertmanager
Purl
pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Client%20Tools%2015

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.0-150100.4.7.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-alertmanager": "0.23.0-150100.4.7.1"
        }
    ]
}

SUSE:Manager Proxy Module 4.1 / golang-github-prometheus-alertmanager

Package

Name
golang-github-prometheus-alertmanager
Purl
pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Proxy%20Module%204.1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.0-150100.4.7.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-alertmanager": "0.23.0-150100.4.7.1"
        }
    ]
}

SUSE:Manager Proxy Module 4.2 / golang-github-prometheus-alertmanager

Package

Name
golang-github-prometheus-alertmanager
Purl
pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Proxy%20Module%204.2

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.0-150100.4.7.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-alertmanager": "0.23.0-150100.4.7.1"
        }
    ]
}

SUSE:Manager Proxy Module 4.3 / golang-github-prometheus-alertmanager

Package

Name
golang-github-prometheus-alertmanager
Purl
pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Proxy%20Module%204.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.0-150100.4.7.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-alertmanager": "0.23.0-150100.4.7.1"
        }
    ]
}

SUSE:Enterprise Storage 6 / golang-github-prometheus-alertmanager

Package

Name
golang-github-prometheus-alertmanager
Purl
pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Enterprise%20Storage%206

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.0-150100.4.7.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-alertmanager": "0.23.0-150100.4.7.1"
        }
    ]
}

openSUSE:Leap 15.3 / golang-github-prometheus-alertmanager

Package

Name
golang-github-prometheus-alertmanager
Purl
pkg:rpm/opensuse/golang-github-prometheus-alertmanager&distro=openSUSE%20Leap%2015.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.0-150100.4.7.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-alertmanager": "0.23.0-150100.4.7.1"
        }
    ]
}

openSUSE:Leap 15.4 / golang-github-prometheus-alertmanager

Package

Name
golang-github-prometheus-alertmanager
Purl
pkg:rpm/opensuse/golang-github-prometheus-alertmanager&distro=openSUSE%20Leap%2015.4

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.23.0-150100.4.7.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-alertmanager": "0.23.0-150100.4.7.1"
        }
    ]
}