| Description: | Summary:
The remote host is missing an update for the 'golang-github-prometheus-alertmanager'
package(s) announced via the SUSE-SU-2022:2139-1 advisory.
Vulnerability Insight:
This update for golang-github-prometheus-alertmanager fixes the following
issues:
Update golang-github-prometheus-alertmanager from version 0.21.0 to
version 0.23.0 (bsc#1196338, jsc#SLE-24077)
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter
- Update vendor tarball with prometheus/client_golang 1.11.1
- Update required Go version to 1.16
- Use %autosetup macro
- Update to version 0.23.0:
* Release 0.23.0
* Release 0.23.0-rc.0
* amtool: Detect version drift and warn users (#2672)
* Add ability to skip TLS verification for amtool (#2663)
* Fix empty isEqual in amtool. (#2668)
* Fix main tests (#2670)
* cli: add new template render command (#2538)
* OpsGenie: refer to alert instead of incident (#2609)
* Docs: target_match and source_match are DEPRECATED (#2665)
* Fix test not waiting for cluster member to be ready
- Add go_modules to _service.
- Added hardening to systemd service(s) with a modified
prometheus-alertmanager.service (bsc#1181400)
Affected Software/OS:
'golang-github-prometheus-alertmanager' package(s) on openSUSE Leap 15.3, openSUSE Leap 15.4.
Solution:
Please install the updated package(s).
CVSS Score:
5.0
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
