File _patchinfo of Package patchinfo.20518
<patchinfo incident="20518">
<rating>moderate</rating>
<packager>juliogonzalezgil</packager>
<category>security</category>
<summary>Security update for SUSE Manager Client Tools</summary>
<description>
This update fixes the following issues:
ansible:
- The support level for ansible is l2, not l3
dracut-saltboot:
- Force installation of libexpat.so.1 (bsc#1188846)
- Use kernel parameters from PXE formula also for local boot
golang-github-prometheus-prometheus:
- Provide and reload firewalld configuration only for:
+ openSUSE Leap 15.0, 15.1, 15.2
+ SUSE Linux Enterprise 15, 15 SP1, 15 SP2
- Upgrade to upstream version 2.27.1 (jsc#SLE-18254)
+ Bugfix:
* SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242)
* UI: Provide errors instead of blank page on TSDB Status Page. #8654 #8659
* TSDB: Do not panic when writing very large records to the WAL. #8790
* TSDB: Avoid panic when mmaped memory is referenced after the file is closed. #8723
* Scaleway Discovery: Fix nil pointer dereference. #8737
* Consul Discovery: Restart no longer required after config update with no targets. #8766
+ Features:
* Promtool: Retroactive rule evaluation functionality.
* Configuration: Environment variable expansion for external labels.
Behind '--enable-feature=expand-external-labels' flag.
* Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control the max chunks file size of the blocks for
small Prometheus instances.
* UI: Add a dark theme.
* AWS Lightsail Discovery: Add AWS Lightsail Discovery.
* Docker Discovery: Add Docker Service Discovery.
* OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used.
* Remote Write: Send exemplars via remote write. Experimental and disabled by default.
+ Enhancements:
* Digital Ocean Discovery: Add '__meta_digitalocean_vpc' label.
* Scaleway Discovery: Read Scaleway secret from a file.
* Scrape: Add configurable limits for label size and count.
* UI: Add 16w and 26w time range steps.
* Templating: Enable parsing strings in humanize functions.
- Update package with changes from `server:monitoring` (bsc#1175478)
Left out removal of 'firewalld' related configuration files as SUSE Linux Enterprise 15-SP1's
`firewalld` package does not contain 'prometheus' configuration yet.
mgr-cfg:
- No visible impact for the user
mgr-custom-info:
- No visible impact for the user
mgr-osad:
- No visible impact for the user
mgr-push:
- No visible impact for the user
mgr-virtualization:
- No visible impact for the user
rhnlib:
- No visible impact for the user
spacecmd:
- Make spacecmd aware of retracted patches/packages
- Enhance help for installation types when creating distributions (bsc#1186581)
- Parse empty argument when nothing in between the separator
spacewalk-client-tools:
- Update translation strings
spacewalk-koan:
- Fix for spacewalk-koan tests after switching to the new
Docker images
spacewalk-oscap:
- No visible impact for the user
suseRegisterInfo:
- No visible impact for the user
uyuni-common-libs:
- Handle broken RPM packages to prevent exceptions
causing fails on repository synchronization (bsc#1186650)
- Maintainer field in debian packages are only recommended (bsc#1186508)
</description>
<issue tracker="bnc" id="1175478">golang-github-prometheus-prometheus fails to build in Devel 6.0</issue>
<issue tracker="bnc" id="1186508">reposync can't sync deb packages without Maintainer</issue>
<issue tracker="bnc" id="1186581">when creating a distribution via spacecmd sles cannot be selected as distro type</issue>
<issue tracker="bnc" id="1186650">custom channel "centos7-influxdb-rhel-7-server-stable-x86_64" sync error</issue>
<issue tracker="cve" id="2021-29622"/>
<issue tracker="cve" id="2021-28146"/>
<issue tracker="cve" id="2021-28147"/>
<issue tracker="cve" id="2021-28148"/>
<issue tracker="cve" id="2021-27962"/>
<issue tracker="bnc" id="1186242">VUL-0: CVE-2021-29622: golang-github-prometheus-prometheus: Open Redirect security issue</issue>
<issue tracker="jsc" id="SLE-18254"/>
<issue tracker="bnc" id="1188846">PXE boot retail terminal doesn't boot</issue>
</patchinfo>
