{"affected":[{"ecosystem_specific":{"binaries":[{"golang-github-lusitaniae-apache_exporter":"1.0.0-1.21.2","golang-github-prometheus-alertmanager":"0.26.0-1.24.2","golang-github-prometheus-prometheus":"2.45.0-1.50.2","grafana":"9.5.8-1.60.1","mgr-daemon":"4.3.8-1.44.2","prometheus-postgres_exporter":"0.10.1-1.17.2","python2-spacewalk-check":"4.3.18-52.95.2","python2-spacewalk-client-setup":"4.3.18-52.95.2","python2-spacewalk-client-tools":"4.3.18-52.95.2","spacecmd":"4.3.26-38.136.2","spacewalk-check":"4.3.18-52.95.2","spacewalk-client-setup":"4.3.18-52.95.2","spacewalk-client-tools":"4.3.18-52.95.2"}]},"package":{"ecosystem":"SUSE:Manager Client Tools 12","name":"golang-github-lusitaniae-apache_exporter","purl":"pkg:rpm/suse/golang-github-lusitaniae-apache_exporter&distro=SUSE%20Manager%20Client%20Tools%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.0.0-1.21.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-lusitaniae-apache_exporter":"1.0.0-1.21.2","golang-github-prometheus-alertmanager":"0.26.0-1.24.2","golang-github-prometheus-prometheus":"2.45.0-1.50.2","grafana":"9.5.8-1.60.1","mgr-daemon":"4.3.8-1.44.2","prometheus-postgres_exporter":"0.10.1-1.17.2","python2-spacewalk-check":"4.3.18-52.95.2","python2-spacewalk-client-setup":"4.3.18-52.95.2","python2-spacewalk-client-tools":"4.3.18-52.95.2","spacecmd":"4.3.26-38.136.2","spacewalk-check":"4.3.18-52.95.2","spacewalk-client-setup":"4.3.18-52.95.2","spacewalk-client-tools":"4.3.18-52.95.2"}]},"package":{"ecosystem":"SUSE:Manager Client Tools 12","name":"golang-github-prometheus-alertmanager","purl":"pkg:rpm/suse/golang-github-prometheus-alertmanager&distro=SUSE%20Manager%20Client%20Tools%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.26.0-1.24.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-lusitaniae-apache_exporter":"1.0.0-1.21.2","golang-github-prometheus-alertmanager":"0.26.0-1.24.2","golang-github-prometheus-prometheus":"2.45.0-1.50.2","grafana":"9.5.8-1.60.1","mgr-daemon":"4.3.8-1.44.2","prometheus-postgres_exporter":"0.10.1-1.17.2","python2-spacewalk-check":"4.3.18-52.95.2","python2-spacewalk-client-setup":"4.3.18-52.95.2","python2-spacewalk-client-tools":"4.3.18-52.95.2","spacecmd":"4.3.26-38.136.2","spacewalk-check":"4.3.18-52.95.2","spacewalk-client-setup":"4.3.18-52.95.2","spacewalk-client-tools":"4.3.18-52.95.2"}]},"package":{"ecosystem":"SUSE:Manager Client Tools 12","name":"golang-github-prometheus-prometheus","purl":"pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Client%20Tools%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.45.0-1.50.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-lusitaniae-apache_exporter":"1.0.0-1.21.2","golang-github-prometheus-alertmanager":"0.26.0-1.24.2","golang-github-prometheus-prometheus":"2.45.0-1.50.2","grafana":"9.5.8-1.60.1","mgr-daemon":"4.3.8-1.44.2","prometheus-postgres_exporter":"0.10.1-1.17.2","python2-spacewalk-check":"4.3.18-52.95.2","python2-spacewalk-client-setup":"4.3.18-52.95.2","python2-spacewalk-client-tools":"4.3.18-52.95.2","spacecmd":"4.3.26-38.136.2","spacewalk-check":"4.3.18-52.95.2","spacewalk-client-setup":"4.3.18-52.95.2","spacewalk-client-tools":"4.3.18-52.95.2"}]},"package":{"ecosystem":"SUSE:Manager Client Tools 12","name":"grafana","purl":"pkg:rpm/suse/grafana&distro=SUSE%20Manager%20Client%20Tools%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"9.5.8-1.60.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-lusitaniae-apache_exporter":"1.0.0-1.21.2","golang-github-prometheus-alertmanager":"0.26.0-1.24.2","golang-github-prometheus-prometheus":"2.45.0-1.50.2","grafana":"9.5.8-1.60.1","mgr-daemon":"4.3.8-1.44.2","prometheus-postgres_exporter":"0.10.1-1.17.2","python2-spacewalk-check":"4.3.18-52.95.2","python2-spacewalk-client-setup":"4.3.18-52.95.2","python2-spacewalk-client-tools":"4.3.18-52.95.2","spacecmd":"4.3.26-38.136.2","spacewalk-check":"4.3.18-52.95.2","spacewalk-client-setup":"4.3.18-52.95.2","spacewalk-client-tools":"4.3.18-52.95.2"}]},"package":{"ecosystem":"SUSE:Manager Client Tools 12","name":"mgr-daemon","purl":"pkg:rpm/suse/mgr-daemon&distro=SUSE%20Manager%20Client%20Tools%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.3.8-1.44.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-lusitaniae-apache_exporter":"1.0.0-1.21.2","golang-github-prometheus-alertmanager":"0.26.0-1.24.2","golang-github-prometheus-prometheus":"2.45.0-1.50.2","grafana":"9.5.8-1.60.1","mgr-daemon":"4.3.8-1.44.2","prometheus-postgres_exporter":"0.10.1-1.17.2","python2-spacewalk-check":"4.3.18-52.95.2","python2-spacewalk-client-setup":"4.3.18-52.95.2","python2-spacewalk-client-tools":"4.3.18-52.95.2","spacecmd":"4.3.26-38.136.2","spacewalk-check":"4.3.18-52.95.2","spacewalk-client-setup":"4.3.18-52.95.2","spacewalk-client-tools":"4.3.18-52.95.2"}]},"package":{"ecosystem":"SUSE:Manager Client Tools 12","name":"prometheus-postgres_exporter","purl":"pkg:rpm/suse/prometheus-postgres_exporter&distro=SUSE%20Manager%20Client%20Tools%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.10.1-1.17.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-lusitaniae-apache_exporter":"1.0.0-1.21.2","golang-github-prometheus-alertmanager":"0.26.0-1.24.2","golang-github-prometheus-prometheus":"2.45.0-1.50.2","grafana":"9.5.8-1.60.1","mgr-daemon":"4.3.8-1.44.2","prometheus-postgres_exporter":"0.10.1-1.17.2","python2-spacewalk-check":"4.3.18-52.95.2","python2-spacewalk-client-setup":"4.3.18-52.95.2","python2-spacewalk-client-tools":"4.3.18-52.95.2","spacecmd":"4.3.26-38.136.2","spacewalk-check":"4.3.18-52.95.2","spacewalk-client-setup":"4.3.18-52.95.2","spacewalk-client-tools":"4.3.18-52.95.2"}]},"package":{"ecosystem":"SUSE:Manager Client Tools 12","name":"spacecmd","purl":"pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Client%20Tools%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.3.26-38.136.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-lusitaniae-apache_exporter":"1.0.0-1.21.2","golang-github-prometheus-alertmanager":"0.26.0-1.24.2","golang-github-prometheus-prometheus":"2.45.0-1.50.2","grafana":"9.5.8-1.60.1","mgr-daemon":"4.3.8-1.44.2","prometheus-postgres_exporter":"0.10.1-1.17.2","python2-spacewalk-check":"4.3.18-52.95.2","python2-spacewalk-client-setup":"4.3.18-52.95.2","python2-spacewalk-client-tools":"4.3.18-52.95.2","spacecmd":"4.3.26-38.136.2","spacewalk-check":"4.3.18-52.95.2","spacewalk-client-setup":"4.3.18-52.95.2","spacewalk-client-tools":"4.3.18-52.95.2"}]},"package":{"ecosystem":"SUSE:Manager Client Tools 12","name":"spacewalk-client-tools","purl":"pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Client%20Tools%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.3.18-52.95.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"\nThis update fixes the following issues:\n\ngolang-github-lusitaniae-apache_exporter:\n\n- Do not strip if SUSE Linux Enterprise 15 SP3\n- Exclude debug for Red Hat Enterprise Linux >= 8\n- Build with Go >= 1.20 when the OS is not Red Hat Enterprise Linux\n\ngolang-github-prometheus-alertmanager:\n\n- Create position independent executables (PIE)\n- Add System/Monitoring group tag\n- Update to version 0.26.0 (jsc#PED-7353):\n  https://github.com/prometheus/alertmanager/releases/tag/v0.26.0\n  * CVE-2023-40577: Fix stored XSS via the /api/v1/alerts endpoint\n    in the Alertmanager UI (bsc#1218838)\n  * Configuration: Fix empty list of receivers and inhibit_rules\n    would cause the alertmanager to crash\n  * Templating: Fixed a race condition when using the title\n    function. It is now race-safe\n  * API: Fixed duplicate receiver names in the api/v2/receivers API\n    endpoint\n  * API: Attempting to delete a silence now returns the correct\n    status code, 404 instead of 500\n  * Clustering: Fixes a panic when tls_client_config is empty\n  * Webhook: url is now marked as a secret. It will no longer show\n    up in the logs as clear-text\n  * Metrics: New label reason for\n    alertmanager_notifications_failed_total metric to indicate the\n    type of error of the alert delivery\n  * Clustering: New flag --cluster.label, to help to block any\n    traffic that is not meant for the cluster\n  * Integrations: Add Microsoft Teams as a supported integration\n- Update to version 0.25.0:\n  https://github.com/prometheus/alertmanager/releases/tag/v0.25.0\n  * Fail configuration loading if api_key and api_key_file are\n    defined at the same time\n  * Fix the alertmanager_alerts metric to avoid counting resolved\n    alerts as active. Also added a new alertmanager_marked_alerts\n    metric that retain the old behavior\n  * Trim contents of Slack API URLs when reading from files\n  * amtool: Avoid panic when the label value matcher is empty\n  * Fail configuration loading if api_url is empty for OpsGenie\n  * Fix email template for resolved notifications\n  * Add proxy_url support for OAuth2 in HTTP client configuration\n  * Reload TLS certificate and key from disk when updated\n  * Add Discord integration\n  * Add Webex integration\n  * Add min_version support to select the minimum TLS version in\n    HTTP client configuration\n  * Add max_version support to select the maximum TLS version in\n  * Emit warning logs when truncating messages in notifications\n  * Support HEAD method for the /-/healty and /-/ready endpoints\n  * Add support for reading global and local SMTP passwords from\n    files\n  * UI: Add 'Link' button to alerts in list\n  * UI: Allow to choose the first day of the week as Sunday or\n    Monday\n- Update to version 0.24.0:\n  https://github.com/prometheus/alertmanager/releases/tag/v0.24.0\n  * Fix HTTP client configuration for the SNS receiver\n  * Fix unclosed file descriptor after reading the silences\n    snapshot file\n  * Fix field names for mute_time_intervals in JSON marshaling\n  * Ensure that the root route doesn't have any matchers\n  * Truncate the message's title to 1024 chars to avoid hitting\n    Slack limits\n  * Fix the default HTML email template (email.default.html) to\n    match with the canonical source\n  * Detect SNS FIFO topic based on the rendered value\n  * Avoid deleting and recreating a silence when an update is\n    possible\n  * api/v2: Return 200 OK when deleting an expired silence\n  * amtool: Fix the silence's end date when adding a silence. The\n    end date is (start date + duration) while it used to be\n    (current time + duration). The new behavior is consistent with\n    the update operation\n  * Add the /api/v2 prefix to all endpoints in the OpenAPI\n    specification and generated client code\n  * Add --cluster.tls-config experimental flag to secure cluster\n    traffic via mutual TLS\n  * Add Telegram integration\n\nmgr-daemon:\n\n- Version 4.3.8-1\n  * Update translation strings\n\nprometheus-postgres_exporter:\n\n- Remove duplicated call to systemd requirements\n- Do not build debug if Red Hat Enterprise Linux >= 8\n- Do not strip if SUSE Linux Enterprise 15 SP3\n- Build at least with with Go >= 1.18 on Red Hat Enterprise Linux\n- Build with Go >= 1.20 elsewhere\n\nspacecmd:\n\n- Version 4.3.26-1\n  * Update translation strings\n\nspacewalk-client-tools:\n\n- Version 4.3.18-1\n  * Update translation strings\n\n","id":"SUSE-SU-2024:0486-1","modified":"2024-02-15T13:35:33Z","published":"2024-02-15T13:35:33Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20240486-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1192154"},{"type":"REPORT","url":"https://bugzilla.suse.com/1192696"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193492"},{"type":"REPORT","url":"https://bugzilla.suse.com/1193686"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200480"},{"type":"REPORT","url":"https://bugzilla.suse.com/1204023"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218838"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218843"},{"type":"REPORT","url":"https://bugzilla.suse.com/1218844"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-7753"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3807"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-3918"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-43138"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-43798"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-43815"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-0155"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-41715"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-40577"}],"related":["CVE-2020-7753","CVE-2021-3807","CVE-2021-3918","CVE-2021-43138","CVE-2021-43798","CVE-2021-43815","CVE-2022-0155","CVE-2022-41715","CVE-2023-40577"],"summary":"Security update for SUSE Manager Client Tools","upstream":["CVE-2020-7753","CVE-2021-3807","CVE-2021-3918","CVE-2021-43138","CVE-2021-43798","CVE-2021-43815","CVE-2022-0155","CVE-2022-41715","CVE-2023-40577"]}