SUSE-SU-2022:1435-1 -- SLES firewall-macros, firewalld, python3-firewall, firewall-applet, firewall-configID: oval:org.secpod.oval:def:89047538 | Date: (C)2022-11-04 (M)2023-11-13 |
Class: PATCH | Family: unix |
This update for firewalld, golang-github-prometheus-prometheus fixes the following issues: Security fixes for golang-github-prometheus-prometheus: - CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods . Other non security changes for golang-github-prometheus-prometheus: - Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15, 15-SP1 and 15-SP2, and require `firewalld`. - Only recommends `firewalld-prometheus-config` as prometheus does not require it to run. - Create `firewalld-prometheus-config` subpackage Other non security changes for firewalld: - Provide dummy `firewalld-prometheus-config` package
Platform: |
SUSE Linux Enterprise Server 15 SP3 |
SUSE Linux Enterprise Desktop 15 SP3 |
Product: |
firewall-macros |
firewalld |
python3-firewall |
firewall-applet |
firewall-config |