File _patchinfo of Package patchinfo.23829

<patchinfo incident="23829">
  <issue tracker="bnc" id="1197042">Package conflict with recent version of prometheus and firewalld</issue>
  <issue tracker="bnc" id="1196338">VUL-0: CVE-2022-21698: rook,golang-github-prometheus-alertmanager,golang-github-prometheus-node_exporter,golang-github-prometheus-prometheus: prometheus/client_golang: Denial of service using InstrumentHandlerCounter</issue>
  <issue tracker="cve" id="2022-21698"/>
  <issue tracker="jsc" id="SLE-24373"/>
  <issue tracker="jsc" id="SLE-24375"/>
  <issue tracker="jsc" id="SLE-24374"/>
  <packager>jordimassaguerpla</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for firewalld, golang-github-prometheus-prometheus</summary>
  <description>This update for firewalld, golang-github-prometheus-prometheus fixes the following issues:

Security fixes for golang-github-prometheus-prometheus:

- CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling 
  requests with non-standard HTTP methods (bsc#1196338).

Other non security changes for golang-github-prometheus-prometheus:

- Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15, 15-SP1 and 15-SP2, and require `firewalld`.
- Only recommends `firewalld-prometheus-config` as prometheus does not require it to run.
- Create `firewalld-prometheus-config` subpackage (bsc#1197042, jsc#SLE-24373, jsc#SLE-24374, jsc#SLE-24375)

Other non security changes for firewalld:
- Provide dummy `firewalld-prometheus-config` package (bsc#1197042)
</description>
</patchinfo>