{"affected":[{"ecosystem_specific":{"binaries":[{"golang-github-prometheus-node_exporter":"1.3.0-150000.3.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-ESPOS","name":"golang-github-prometheus-node_exporter","purl":"pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.3.0-150000.3.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-prometheus-node_exporter":"1.3.0-150000.3.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise High Performance Computing 15-LTSS","name":"golang-github-prometheus-node_exporter","purl":"pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.3.0-150000.3.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-prometheus-node_exporter":"1.3.0-150000.3.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 15-LTSS","name":"golang-github-prometheus-node_exporter","purl":"pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.3.0-150000.3.12.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-prometheus-node_exporter":"1.3.0-150000.3.12.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15","name":"golang-github-prometheus-node_exporter","purl":"pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.3.0-150000.3.12.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for golang-github-prometheus-node_exporter fixes the following issues:\n\n- CVE-2022-21698: Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)\n\n- Update to 1.3.0\n  * [CHANGE] Add path label to rapl collector #2146\n  * [CHANGE] Exclude filesystems under /run/credentials #2157\n  * [CHANGE] Add TCPTimeouts to netstat default filter #2189\n  * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771\n  * [FEATURE] Add darwin powersupply collector #1777\n  * [FEATURE] Add support for monitoring GPUs on Linux #1998\n  * [FEATURE] Add Darwin thermal collector #2032\n  * [FEATURE] Add os release collector #2094\n  * [FEATURE] Add netdev.address-info collector #2105\n  * [FEATURE] Add clocksource metrics to time collector #2197\n  * [ENHANCEMENT] Support glob textfile collector directories #1985\n  * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080\n  * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165\n  * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123\n  * [ENHANCEMENT] Add DMI collector #2131\n  * [ENHANCEMENT] Add threads metrics to processes collector #2164\n  * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector #2169\n  * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189\n  * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208\n  * [BUGFIX] ethtool: Sanitize metric names #2093\n  * [BUGFIX] Fix ethtool collector for multiple interfaces #2126\n  * [BUGFIX] Fix possible panic on macOS #2133\n  * [BUGFIX] Collect flag_info and bug_info only for one core #2156\n  * [BUGFIX] Prevent duplicate ethtool metric names #2187\n\n- Update to 1.2.2\n  * Bug fixes\n     Fix processes collector long int parsing #2112\n\n- Update to 1.2.1\n  * Removed\n     Remove obsolete capture permission denied error patch that was already included upstream.\n  * Bug fixes\n     Fix zoneinfo parsing prometheus/procfs#386\n     Fix nvme collector log noise #2091\n     Fix rapl collector log noise #2092\n\n- Update to 1.2.0\n  * Changes\n     Rename filesystem collector flags to match other collectors #2012\n     Make node_exporter print usage to STDOUT #203\n  * Features\n     Add conntrack statistics metrics #1155\n     Add ethtool stats collector #1832\n     Add flag to ignore network speed if it is unknown #1989\n     Add tapestats collector for Linux #2044\n     Add nvme collector #2062\n  * Enhancements\n     Add ErrorLog plumbing to promhttp #1887\n     Add more Infiniband counters #2019\n     netclass: retrieve interface names and filter before parsing #2033\n     Add time zone offset metric #2060\n  * Bug fixes\n     Handle errors from disabled PSI subsystem #1983\n     Fix panic when using backwards compatible flags #2000\n     Fix wrong value for OpenBSD memory buffer cache #2015\n     Only initiate collectors once #2048\n     Handle small backwards jumps in CPU idle #2067\n\n- Capture permission denied error for 'energy_uj' file (bsc#1190535)\n\n- Update to 1.1.2\n  * Bug fixes\n    + Handle errors from disabled PSI subsystem #1983\n    + Sanitize strings from /sys/class/power_supply #1984\n    + Silence missing netclass errors #1986\n\n- Trim old specfile constructs\n\n- Migrate to obs_scm\n- Migrate to go_modules\n- Update to 1.1.1\n  * Bug fixes\n    + Fix ineffassign issue #1957\n    + Fix some noisy log lines #1962\n- Update to 1.1.0\n  * Changes\n    + Improve filter flag names #1743\n    + Add btrfs and powersupplyclass to list of exporters enabled by default #1897\n  * Features\n    + Add fibre channel collector #1786\n    + Expose cpu bugs and flags as info metrics. #1788\n    + Add network_route collector #1811\n    + Add zoneinfo collector #1922\n  * Enhancements\n    + Add more InfiniBand counters #1694\n    + Add flag to aggr ipvs metrics to avoid high cardinality metrics #1709    \n    + Adding backlog/current queue length to qdisc collector #1732    \n    + Include TCP OutRsts in netstat metrics #1733    \n    + Add pool size to entropy collector #1753    \n    + Remove CGO dependencies for OpenBSD amd64 #1774    \n    + bcache: add writeback_rate_debug stats #1658    \n    + Add check state for mdadm arrays via node_md_state metric #1810    \n    + Expose XFS inode statistics #1870    \n    + Expose zfs zpool state #1878    \n    + Added an ability to pass collector.supervisord.url via SUPERVISORD_URL environment variable #1947\n  * Bug fixes\n    + filesystem_freebsd: Fix label values #1728\n    + Fix various procfs parsing errors #1735\n    + Handle no data from powersupplyclass #1747\n    + udp_queues_linux.go: change upd to udp in two error strings #1769\n    + Fix node_scrape_collector_success behaviour #1816\n    + Fix NodeRAIDDegraded to not use a string rule expressions #1827\n    + Fix node_md_disks state label from fail to failed #1862\n    + Handle EPERM for syscall in timex collector #1938\n    + bcache: fix typo in a metric name #1943\n    + Fix XFS read/write stats (https://github.com/prometheus/procfs/pull/343)\n\n- Do not include sources (bsc#1151558)\n- Remove rc symlink\n","id":"SUSE-SU-2022:2137-1","modified":"2022-06-20T12:47:07Z","published":"2022-06-20T12:47:07Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20222137-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1151558"},{"type":"REPORT","url":"https://bugzilla.suse.com/1190535"},{"type":"REPORT","url":"https://bugzilla.suse.com/1196338"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-21698"}],"related":["CVE-2022-21698"],"summary":"Security update for golang-github-prometheus-node_exporter","upstream":["CVE-2022-21698"]}