{"affected":[{"ecosystem_specific":{"binaries":[{"golang-github-prometheus-node_exporter":"1.5.0-1.6.1","golang-packaging":"15.0.16-1.3.2","prometheus-postgres_exporter":"0.10.1-1.6.2"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:ManagerTools:Update","name":"golang-github-prometheus-node_exporter","purl":"pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE:EL-9:Update:Products:ManagerTools:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.5.0-1.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-prometheus-node_exporter":"1.5.0-1.6.1","golang-packaging":"15.0.16-1.3.2","prometheus-postgres_exporter":"0.10.1-1.6.2"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:ManagerTools:Update","name":"golang-packaging","purl":"pkg:rpm/suse/golang-packaging&distro=SUSE:EL-9:Update:Products:ManagerTools:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"15.0.16-1.3.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-prometheus-node_exporter":"1.5.0-1.6.1","golang-packaging":"15.0.16-1.3.2","prometheus-postgres_exporter":"0.10.1-1.6.2"}]},"package":{"ecosystem":"SUSE:EL-9:Update:Products:ManagerTools:Update","name":"prometheus-postgres_exporter","purl":"pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE:EL-9:Update:Products:ManagerTools:Update"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.1-1.6.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-prometheus-node_exporter":"1.5.0-1.6.1","prometheus-postgres_exporter":"0.10.1-1.6.2"}]},"package":{"ecosystem":"SUSE:Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS","name":"golang-github-prometheus-node_exporter","purl":"pkg:rpm/suse/golang-github-prometheus-node_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.5.0-1.6.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-prometheus-node_exporter":"1.5.0-1.6.1","prometheus-postgres_exporter":"0.10.1-1.6.2"}]},"package":{"ecosystem":"SUSE:Manager Client Tools for RHEL, Liberty and Clones 9-CLIENT-TOOLS","name":"prometheus-postgres_exporter","purl":"pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%20for%20RHEL,%20Liberty%20and%20Clones%209-CLIENT-TOOLS"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.1-1.6.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update fixes the following issues:\n\nprometheus-postgres_exporter:\n\n- Security issues fixed:\n  * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208060)\n- Other non-security issues fixed:    \n  * Adapt the systemd service security configuration to be able to start it on for Red Hat Linux Enterprise systems and\n    clones\n  * Add hardening to systemd service(s) (bsc#1181400)\n  * Create the prometheus user for Red Hat Linux Enterprise systems and clones\n  * Fix broken log-level for values other than debug (bsc#1208965)\n\ngolang-github-prometheus-node_exporter:\n\n- Security issues fixed in this version upgrade to 1.5.0:\n  * CVE-2022-27191: Update go/x/crypto (bsc#1197284)\n  * CVE-2022-27664: Update go/x/net (bsc#1203185)\n  * CVE-2022-46146: Update exporter-toolkit (bsc#1208064)\n- Other non-security bug fixes and changes in this version update to 1.5.0:\n  * NOTE: This changes the Go runtime 'GOMAXPROCS' to 1. This is done to limit the concurrency of the exporter to 1 CPU\n    thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes with\n    high numbers of CPUs/CPU threads.\n  * [CHANGE] Default GOMAXPROCS to 1\n  * [CHANGE] Merge metrics descriptions in textfile collector\n  * [BUGFIX] Fix hwmon label sanitizer\n  * [BUGFIX] Use native endianness when encoding InetDiagMsg\n  * [BUGFIX] Fix btrfs device stats always being zero\n  * [BUGFIX] Fix diskstats exclude flags\n  * [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and\n    fsSpaceAvailableWarning\n  * [BUGFIX] Fix concurrency issue in ethtool collector\n  * [BUGFIX] Fix concurrency issue in netdev collector\n  * [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes\n  * [BUGFIX] Fix iostat on macos broken by deprecation warning\n  * [BUGFIX] Fix NodeFileDescriptorLimit alerts\n  * [BUGFIX] Sanitize rapl zone names\n  * [BUGFIX] Add file descriptor close safely in test\n  * [BUGFIX] Fix race condition in os_release.go\n  * [BUGFIX] Skip ZFS IO metrics if their paths are missing\n  * [FEATURE] Add multiple listeners and systemd socket listener activation\n  * [FEATURE] [node-mixin] Add darwin dashboard to mixin\n  * [FEATURE] Add 'isolated' metric on cpu collector on linux\n  * [FEATURE] Add cgroup summary collector\n  * [FEATURE] Add selinux collector\n  * [FEATURE] Add slab info collector\n  * [FEATURE] Add sysctl collector\n  * [FEATURE] Also track the CPU Spin time for OpenBSD systems\n  * [FEATURE] Add support for MacOS version\n  * [ENHANCEMENT] Add RTNL version of netclass collector\n  * [ENHANCEMENT] [node-mixin] Add missing selectors \n  * [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default\n  * [ENHANCEMENT] [node-mixin] Change disk graph to disk table\n  * [ENHANCEMENT] [node-mixin] Change io time units to %util\n  * [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd\n  * [ENHANCEMENT] Add additional vm_stat memory metrics for darwin\n  * [ENHANCEMENT] Add device filter flags to arp collector\n  * [ENHANCEMENT] Add diskstats include and exclude device flags\n  * [ENHANCEMENT] Add node_softirqs_total metric\n  * [ENHANCEMENT] Add rapl zone name label option\n  * [ENHANCEMENT] Add slabinfo collector\n  * [ENHANCEMENT] Allow user to select port on NTP server to query\n  * [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev\n  * [ENHANCEMENT] Enable builds against older macOS SDK \n  * [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name\n  * [ENHANCEMENT] systemd: Expose systemd minor version\n  * [ENHANCEMENT] Use netlink for tcpstat collector\n  * [ENHANCEMENT] Use netlink to get netdev stats\n  * [ENHANCEMENT] Add additional perf counters for stalled frontend/backend cycles \n  * [ENHANCEMENT] Add btrfs device error stats\n","id":"SUSE-SU-2023:2185-1","modified":"2023-05-11T16:54:45Z","published":"2023-05-11T16:54:45Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20232185-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1181400"},{"type":"REPORT","url":"https://bugzilla.suse.com/1197284"},{"type":"REPORT","url":"https://bugzilla.suse.com/1203185"},{"type":"REPORT","url":"https://bugzilla.suse.com/1208060"},{"type":"REPORT","url":"https://bugzilla.suse.com/1208064"},{"type":"REPORT","url":"https://bugzilla.suse.com/1208965"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-27191"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-27664"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-46146"}],"related":["CVE-2022-27191","CVE-2022-27664","CVE-2022-46146"],"summary":"Security update for SUSE Manager Client Tools","upstream":["CVE-2022-27191","CVE-2022-27664","CVE-2022-46146"]}