SUSE-SU-2025:01990-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-202501990-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:01990-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:01990-1
Related
Published
2025-06-18T02:11:49Z
Modified
2025-06-18T12:59:26.553155Z
Upstream
Summary
Security update for golang-github-prometheus-prometheus
Details

This update for golang-github-prometheus-prometheus fixes the following issues:

  • Security issues fixed:

    • CVE-2023-45288: Require Go >= 1.23 for building (bsc#1236516)
    • CVE-2025-22870: Bump golang.org/x/net to version 0.39.0 (bsc#1238686)

  • Version was updated to 2.53.4 with the following bug fixes:

    • Runtime: fix GOGC is being set to 0 when installed with empty prometheus.yml file resulting high cpu usage
    • Scrape: fix dropping valid metrics after previous scrape failed
References

Affected packages

SUSE:Linux Enterprise Module for Package Hub 15 SP6 / golang-github-prometheus-prometheus

Package

Name
golang-github-prometheus-prometheus
Purl
pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.53.4-150100.4.26.2

Ecosystem specific 

{
    "binaries": [
        {
            "golang-github-prometheus-prometheus": "2.53.4-150100.4.26.2"
        }
    ]
}

SUSE:Linux Enterprise Module for Package Hub 15 SP7 / golang-github-prometheus-prometheus

Package

Name
golang-github-prometheus-prometheus
Purl
pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.53.4-150100.4.26.2

Ecosystem specific 

{
    "binaries": [
        {
            "golang-github-prometheus-prometheus": "2.53.4-150100.4.26.2"
        }
    ]
}

SUSE:Manager Proxy Module 4.3 / golang-github-prometheus-prometheus

Package

Name
golang-github-prometheus-prometheus
Purl
pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Proxy%20Module%204.3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.53.4-150100.4.26.2

Ecosystem specific 

{
    "binaries": [
        {
            "golang-github-prometheus-prometheus": "2.53.4-150100.4.26.2"
        }
    ]
}

openSUSE:Leap 15.6 / golang-github-prometheus-prometheus

Package

Name
golang-github-prometheus-prometheus
Purl
pkg:rpm/opensuse/golang-github-prometheus-prometheus&distro=openSUSE%20Leap%2015.6

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.53.4-150100.4.26.2

Ecosystem specific 

{
    "binaries": [
        {
            "firewalld-prometheus-config": "0.1-150100.4.26.2",
            "golang-github-prometheus-prometheus": "2.53.4-150100.4.26.2"
        }
    ]
}