SUSE-SU-2022:1435-1 -- SLES firewall-macros, firewalld, python3-firewall, firewall-applet, firewall-config| ID: oval:org.secpod.oval:def:89047538 | Date: (C)2022-11-04 (M)2023-11-13 |
| Class: PATCH | Family: unix |
This update for firewalld, golang-github-prometheus-prometheus fixes the following issues: Security fixes for golang-github-prometheus-prometheus: - CVE-2022-21698: Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods . Other non security changes for golang-github-prometheus-prometheus: - Build `firewalld-prometheus-config` only for SUSE Linux Enterprise 15, 15-SP1 and 15-SP2, and require `firewalld`. - Only recommends `firewalld-prometheus-config` as prometheus does not require it to run. - Create `firewalld-prometheus-config` subpackage Other non security changes for firewalld: - Provide dummy `firewalld-prometheus-config` package
| Platform: |
| SUSE Linux Enterprise Server 15 SP3 |
| SUSE Linux Enterprise Desktop 15 SP3 |
| Product: |
| firewall-macros |
| firewalld |
| python3-firewall |
| firewall-applet |
| firewall-config |
