| Description: | Summary:
The remote host is missing an update for the 'firewalld, golang-github-prometheus-prometheus' package(s) announced via the SUSE-SU-2022:1435-1 advisory.
Vulnerability Insight:
This update for firewalld, golang-github-prometheus-prometheus fixes the following issues:
Security fixes for golang-github-prometheus-prometheus:
CVE-2022-21698: Denial of Service through unbounded cardinality, and
potential memory exhaustion, when handling requests with non-standard
HTTP methods (bsc#1196338).
Other non security changes for golang-github-prometheus-prometheus:
Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15,
15-SP1 and 15-SP2, and require `firewalld`.
Only recommends `firewalld-prometheus-config` as prometheus does not
require it to run.
Create `firewalld-prometheus-config` subpackage (bsc#1197042,
jsc#SLE-24373, jsc#SLE-24374, jsc#SLE-24375)
Other non security changes for firewalld:
Provide dummy `firewalld-prometheus-config` package (bsc#1197042)
Affected Software/OS:
'firewalld, golang-github-prometheus-prometheus' package(s) on SUSE Enterprise Storage 6, SUSE Linux Enterprise Micro 5.1, SUSE Linux Enterprise Micro 5.2, SUSE Linux Enterprise Module for Basesystem 15-SP3, SUSE Linux Enterprise Module for Desktop Applications 15-SP3, SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1, SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2, SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3.
Solution:
Please install the updated package(s).
CVSS Score:
5.0
CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
