Описание
Security update for golang-github-prometheus-node_exporter
This update for golang-github-prometheus-node_exporter fixes the following issues:
golang-github-prometheus-node_exporter was updated to version 1.9.1:
-
Security issues fixed:
- CVE-2025-22870: Bumped golang.org/x/net to version 0.37.0 (bsc#1238686)
-
Other bugs fixed:
- pressure: Fixed missing IRQ on older kernels
- Fix Darwin memory leak
Список пакетов
Container suse/manager/5.0/x86_64/server:latest
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS
SUSE Linux Enterprise Module for Basesystem 15 SP6
SUSE Linux Enterprise Module for Basesystem 15 SP7
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server 15 SP4-LTSS
SUSE Linux Enterprise Server 15 SP5-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP4
SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE Manager Client Tools for SLE Micro 5
SUSE Manager Proxy 4.3
SUSE Manager Server 4.3
openSUSE Leap 15.6
Ссылки
- Link for SUSE-SU-2025:01988-1
- E-Mail link for SUSE-SU-2025:01988-1
- SUSE Security Ratings
- SUSE Bug 1236516
- SUSE Bug 1238686
- SUSE CVE CVE-2023-45288 page
- SUSE CVE CVE-2025-22870 page
Описание
An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed MaxHeaderBytes, no memory is allocated to store the excess headers, but they are still parsed. This permits an attacker to cause an HTTP/2 endpoint to read arbitrary amounts of header data, all associated with a request which is going to be rejected. These headers can include Huffman-encoded data which is significantly more expensive for the receiver to decode than for an attacker to send. The fix sets a limit on the amount of excess header frames we will process before closing a connection.
Затронутые продукты
Ссылки
- CVE-2023-45288
- SUSE Bug 1221400
Описание
Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied.
Затронутые продукты
Ссылки
- CVE-2025-22870
- SUSE Bug 1238572
- SUSE Bug 1238611