SUSE-SU-2023:2187-1

Опубликовано: 11 мая 2023

Источник: suse-cvrf

Описание

Security update for Prometheus Golang clients

This update for golang-github-prometheus-alertmanager and golang-github-prometheus-node_exporter fixes the following issues:

golang-github-prometheus-alertmanager:

Security issues fixed:
- CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208051)

golang-github-prometheus-node_exporter:

Security issues fixed in this version update to version 1.5.0 (jsc#PED-3578):
- CVE-2022-27191: Update go/x/crypto (bsc#1197284)
- CVE-2022-27664: Update go/x/net (bsc#1203185)
- CVE-2022-46146: Update exporter-toolkit (bsc#1208064)
Other non-security bug fixes and changes in this version update to 1.5.0 (jsc#PED-3578):
- NOTE: This changes the Go runtime 'GOMAXPROCS' to 1. This is done to limit the concurrency of the exporter to 1 CPU thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes with high numbers of CPUs/CPU threads.
- [BUGFIX] Fix hwmon label sanitizer
- [BUGFIX] Use native endianness when encoding InetDiagMsg
- [BUGFIX] Fix btrfs device stats always being zero
- [BUGFIX] Fix diskstats exclude flags
- [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning
- [BUGFIX] Fix concurrency issue in ethtool collector
- [BUGFIX] Fix concurrency issue in netdev collector
- [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes
- [BUGFIX] Fix iostat on macos broken by deprecation warning
- [BUGFIX] Fix NodeFileDescriptorLimit alerts
- [BUGFIX] Sanitize rapl zone names
- [BUGFIX] Add file descriptor close safely in test
- [BUGFIX] Fix race condition in os_release.go
- [BUGFIX] Skip ZFS IO metrics if their paths are missing
- [BUGFIX] Handle nil CPU thermal power status on M1
- [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE
- [BUGFIX] Sanitize UTF-8 in dmi collector
- [CHANGE] Merge metrics descriptions in textfile collector
- [FEATURE] Add multiple listeners and systemd socket listener activation
- [FEATURE] [node-mixin] Add darwin dashboard to mixin
- [FEATURE] Add 'isolated' metric on cpu collector on linux
- [FEATURE] Add cgroup summary collector
- [FEATURE] Add selinux collector
- [FEATURE] Add slab info collector
- [FEATURE] Add sysctl collector
- [FEATURE] Also track the CPU Spin time for OpenBSD systems
- [FEATURE] Add support for MacOS version
- [ENHANCEMENT] Add RTNL version of netclass collector
- [ENHANCEMENT] [node-mixin] Add missing selectors
- [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default
- [ENHANCEMENT] [node-mixin] Change disk graph to disk table
- [ENHANCEMENT] [node-mixin] Change io time units to %util
- [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd
- [ENHANCEMENT] Add additional vm_stat memory metrics for darwin
- [ENHANCEMENT] Add device filter flags to arp collector
- [ENHANCEMENT] Add diskstats include and exclude device flags
- [ENHANCEMENT] Add node_softirqs_total metric
- [ENHANCEMENT] Add rapl zone name label option
- [ENHANCEMENT] Add slabinfo collector
- [ENHANCEMENT] Allow user to select port on NTP server to query
- [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev
- [ENHANCEMENT] Enable builds against older macOS SDK
- [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name
- [ENHANCEMENT] systemd: Expose systemd minor version
- [ENHANCEMENT] Use netlink for tcpstat collector
- [ENHANCEMENT] Use netlink to get netdev stats
- [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles
- [ENHANCEMENT] Add btrfs device error stats
Change build requirement to go1.18 or higher (previously this was fixed to version 1.14)