Test ID:	1.3.6.1.4.1.25623.1.0.854755
Category:	SuSE Local Security Checks
Title:	openSUSE: Security Advisory for node_exporter (SUSE-SU-2022:2140-1)
Summary:	The remote host is missing an update for the 'node_exporter'; package(s) announced via the SUSE-SU-2022:2140-1 advisory.
Description:	Summary: The remote host is missing an update for the 'node_exporter' package(s) announced via the SUSE-SU-2022:2140-1 advisory. Vulnerability Insight: This security update for golang-github-prometheus-node_exporter provides: Update golang-github-prometheus-node_exporter from version 1.1.2 to version 1.3.0 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239) - CVE-2022-21698: Denial of service using InstrumentHandlerCounter - Update vendor tarball with prometheus/client_golang 1.11.1 - Update to 1.3.0 * [CHANGE] Add path label to rapl collector #2146 * [CHANGE] Exclude filesystems under /run/credentials #2157 * [CHANGE] Add TCPTimeouts to netstat default filter #2189 * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771 * [FEATURE] Add darwin powersupply collector #1777 * [FEATURE] Add support for monitoring GPUs on Linux #1998 * [FEATURE] Add Darwin thermal collector #2032 * [FEATURE] Add os release collector #2094 * [FEATURE] Add netdev.address-info collector #2105 * [FEATURE] Add clocksource metrics to time collector #2197 * [ENHANCEMENT] Support glob textfile collector directories #1985 * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080 * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165 * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123 * [ENHANCEMENT] Add DMI collector #2131 * [ENHANCEMENT] Add threads metrics to processes collector #2164 * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169 * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189 * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208 * [BUGFIX] ethtool: Sanitize metric names #2093 * [BUGFIX] Fix ethtool collector for multiple interfaces #2126 * [BUGFIX] Fix possible panic on macOS #2133 * [BUGFIX] Collect flag_info and bug_info only for one core #2156 * [BUGFIX] Prevent duplicate ethtool metric names #2187 - Update to 1.2.2 * Bug fixes Fix processes collector long int parsing #2112 - Update to 1.2.1 * Removed Remove obsolete capture permission denied error fix already included upstream * Bug fixes Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector log noise #2091 Fix rapl collector log noise #2092 - Update to 1.2.0 * Changes Rename filesystem collector flags to match other collectors #2012 Make node_exporter print usage to STDOUT #203 * Features Add conntrack statistics metrics #1155 Add ethtool stats collector #1832 Add flag to ignore network speed ... Description truncated. Please see the references for more information. Affected Software/OS: 'node_exporter' package(s) on openSUSE Leap 15.3, openSUSE Leap 15.4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2022-21698 https://github.com/prometheus/client_golang/security/advisories/GHSA-cg3q-j54f-5p7p https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5OGNAFVXSMTTT2UPH6CS3IH6L3KM42Q7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KDETHL5XCT6RZN2BBNOCEXRZ2W3SFU3/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IK53GWZ475OQ6ENABKMJMTOBZG6LXUR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DLUJZV3HBP56ADXU6QH2V7RNYUPMVBXQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FY3N7H6VSDZM37B4SKM2PFFCUWU7QYWN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SASRKYHT5ZFSVMJUQUG3UAEQRJYGJKAR/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKORFJTRRDJCWBTJPISKKCVMMMJBIRLG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RN7JGC2LVHPEGSJYODFUV5FEKPBVG4D7/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3L6GDN5S5QZSCFKWD3GKL2RDZQ6B4UWA/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HLAQRRGNSO5MYCPAXGPH2OCSHOGHSQMQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MH6ALXEQXIFQRQFNJ5Y2MJ5DFPIX76VN/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2PFW6Q2LXXWTFRTMTRN4ZGADFRQPKJ3D/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7V7I72LSQ3IET3QJR6QPAVGJZ4CBDLN5/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36GUEPA5TPSC57DZTPYPBL6T7UPQ2FRH/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J5WPM42UR6XIBQNQPNQHM32X7S4LJTRX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KBMVIQFKQDSSTHVVJWJ4QH6TW3JVB7XZ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AK7CJBCGERCRXYUR2EWDSSDVAQMTAZGX/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/ https://github.com/prometheus/client_golang/pull/962 https://github.com/prometheus/client_golang/pull/987 https://github.com/prometheus/client_golang/releases/tag/v1.11.1
Copyright	Copyright (C) 2022 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.