File _patchinfo of Package patchinfo.23829
<patchinfo incident="23829">
<issue tracker="bnc" id="1197042">Package conflict with recent version of prometheus and firewalld</issue>
<issue tracker="bnc" id="1196338">VUL-0: CVE-2022-21698: rook,golang-github-prometheus-alertmanager,golang-github-prometheus-node_exporter,golang-github-prometheus-prometheus: prometheus/client_golang: Denial of service using InstrumentHandlerCounter</issue>
<issue tracker="cve" id="2022-21698"/>
<issue tracker="jsc" id="SLE-24373"/>
<issue tracker="jsc" id="SLE-24375"/>
<issue tracker="jsc" id="SLE-24374"/>
<packager>jordimassaguerpla</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for firewalld, golang-github-prometheus-prometheus</summary>
<description>This update for firewalld, golang-github-prometheus-prometheus fixes the following issues:
Security fixes for golang-github-prometheus-prometheus:
- CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling
requests with non-standard HTTP methods (bsc#1196338).
Other non security changes for golang-github-prometheus-prometheus:
- Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15, 15-SP1 and 15-SP2, and require `firewalld`.
- Only recommends `firewalld-prometheus-config` as prometheus does not require it to run.
- Create `firewalld-prometheus-config` subpackage (bsc#1197042, jsc#SLE-24373, jsc#SLE-24374, jsc#SLE-24375)
Other non security changes for firewalld:
- Provide dummy `firewalld-prometheus-config` package (bsc#1197042)
</description>
</patchinfo>