Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP5:GA
patchinfo.32221
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.32221
<patchinfo incident="32221"> <issue tracker="ijsc" id="MSQA-719"/> <issue tracker="bnc" id="1192154">VUL-0: CVE-2021-3807: nodejs12,nodejs4,nodejs6,nodejs8,nodejs10,nodejs14: node-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes</issue> <issue tracker="bnc" id="1192696">VUL-0: CVE-2021-3918: nodejs14, nodejs10, nodejs12, nodejs8: json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')</issue> <issue tracker="bnc" id="1193492">VUL-0: CVE-2021-43798: grafana: arbitrary file read in the graph native plugin</issue> <issue tracker="bnc" id="1193686">VUL-1: CVE-2021-43815: grafana: directory traversal for .csv files</issue> <issue tracker="bnc" id="1200480">VUL-0: CVE-2021-43138: spacewalk-web: a malicious user can obtain privileges via the mapValues() method</issue> <issue tracker="bnc" id="1204023">VUL-0: CVE-2022-41715: go1.18,go1.19: regexp/syntax: limit memory used by parsing regexps</issue> <issue tracker="bnc" id="1218838">VUL-0: CVE-2023-40577: golang-github-prometheus-alertmanager: prometheus-alertmanager: UI is vulnerable to stored XSS via the /api/v1/alerts endpoint</issue> <issue tracker="bnc" id="1218843">VUL-0: CVE-2020-7753: grafana: nodejs-trim: Regular Expression Denial of Service (ReDoS) in trim function</issue> <issue tracker="bnc" id="1218844">VUL-0: CVE-2022-0155: grafana: follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor</issue> <issue tracker="jsc" id="PED-7353"/> <issue tracker="cve" id="2023-40577"/> <issue tracker="cve" id="2022-41715"/> <issue tracker="cve" id="2020-7753"/> <issue tracker="cve" id="2021-3807"/> <issue tracker="cve" id="2021-3918"/> <issue tracker="cve" id="2021-43138"/> <issue tracker="cve" id="2022-0155"/> <issue tracker="cve" id="2021-43815"/> <issue tracker="cve" id="2021-43798"/> <packager>raulosuna</packager> <rating>moderate</rating> <category>security</category> <summary>Security update for SUSE Manager Client Tools</summary> <description> This update fixes the following issues: golang-github-lusitaniae-apache_exporter: - Do not strip if SUSE Linux Enterprise 15 SP3 - Exclude debug for Red Hat Enterprise Linux >= 8 - Build with Go >= 1.20 when the OS is not Red Hat Enterprise Linux golang-github-prometheus-alertmanager: - Create position independent executables (PIE) - Add System/Monitoring group tag - Update to version 0.26.0 (jsc#PED-7353): https://github.com/prometheus/alertmanager/releases/tag/v0.26.0 * CVE-2023-40577: Fix stored XSS via the /api/v1/alerts endpoint in the Alertmanager UI (bsc#1218838) * Configuration: Fix empty list of receivers and inhibit_rules would cause the alertmanager to crash * Templating: Fixed a race condition when using the title function. It is now race-safe * API: Fixed duplicate receiver names in the api/v2/receivers API endpoint * API: Attempting to delete a silence now returns the correct status code, 404 instead of 500 * Clustering: Fixes a panic when tls_client_config is empty * Webhook: url is now marked as a secret. It will no longer show up in the logs as clear-text * Metrics: New label reason for alertmanager_notifications_failed_total metric to indicate the type of error of the alert delivery * Clustering: New flag --cluster.label, to help to block any traffic that is not meant for the cluster * Integrations: Add Microsoft Teams as a supported integration - Update to version 0.25.0: https://github.com/prometheus/alertmanager/releases/tag/v0.25.0 * Fail configuration loading if api_key and api_key_file are defined at the same time * Fix the alertmanager_alerts metric to avoid counting resolved alerts as active. Also added a new alertmanager_marked_alerts metric that retain the old behavior * Trim contents of Slack API URLs when reading from files * amtool: Avoid panic when the label value matcher is empty * Fail configuration loading if api_url is empty for OpsGenie * Fix email template for resolved notifications * Add proxy_url support for OAuth2 in HTTP client configuration * Reload TLS certificate and key from disk when updated * Add Discord integration * Add Webex integration * Add min_version support to select the minimum TLS version in HTTP client configuration * Add max_version support to select the maximum TLS version in * Emit warning logs when truncating messages in notifications * Support HEAD method for the /-/healty and /-/ready endpoints * Add support for reading global and local SMTP passwords from files * UI: Add 'Link' button to alerts in list * UI: Allow to choose the first day of the week as Sunday or Monday - Update to version 0.24.0: https://github.com/prometheus/alertmanager/releases/tag/v0.24.0 * Fix HTTP client configuration for the SNS receiver * Fix unclosed file descriptor after reading the silences snapshot file * Fix field names for mute_time_intervals in JSON marshaling * Ensure that the root route doesn't have any matchers * Truncate the message's title to 1024 chars to avoid hitting Slack limits * Fix the default HTML email template (email.default.html) to match with the canonical source * Detect SNS FIFO topic based on the rendered value * Avoid deleting and recreating a silence when an update is possible * api/v2: Return 200 OK when deleting an expired silence * amtool: Fix the silence's end date when adding a silence. The end date is (start date + duration) while it used to be (current time + duration). The new behavior is consistent with the update operation * Add the /api/v2 prefix to all endpoints in the OpenAPI specification and generated client code * Add --cluster.tls-config experimental flag to secure cluster traffic via mutual TLS * Add Telegram integration mgr-daemon: - Version 4.3.8-1 * Update translation strings prometheus-postgres_exporter: - Remove duplicated call to systemd requirements - Do not build debug if Red Hat Enterprise Linux >= 8 - Do not strip if SUSE Linux Enterprise 15 SP3 - Build at least with with Go >= 1.18 on Red Hat Enterprise Linux - Build with Go >= 1.20 elsewhere spacecmd: - Version 4.3.26-1 * Update translation strings spacewalk-client-tools: - Version 4.3.18-1 * Update translation strings </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor