SUSE-SU-2023:2182-1

This update fixes the following issues:

prometheus-blackbox_exporter:

• Security issues fixed:
  • CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208062)
• Other non-security bugs fixed and changes:
  • Add min_version parameter of tls_config to allow enabling TLS 1.0 and 1.1 (bsc#1209113)
  • On SUSE Linux Enterprise build always with Go >= 1.19 (bsc#1203599)

prometheus-postgres_exporter:

• Security issues fixed:
  • CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208060)
• Other non-security bugs fixed and changes:
  • Adapt the systemd service security configuration to be able to start it on for Red Hat Linux Enterprise systems and clones
  • Create the prometheus user for Red Hat Linux Enterprise systems and clones
  • Fix broken log-level for values other than debug (bsc#1208965)

golang-github-prometheus-prometheus:

• Security issues fixed in this version update to 2.37.6:
  • CVE-2022-46146: Fix basic authentication bypass vulnerability (bsc#1208049, jsc#PED-3576)
  • CVE-2022-41715: Update our regexp library to fix upstream (bsc#1204023)
• Other non-security bugs fixed and changes in this version update to 2.37.6:
  • [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak.
  • [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup.
  • [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing more than desired.
  • [BUGFIX] Properly close file descriptor when logging unfinished queries.
  • [BUGFIX] TSDB: In the WAL watcher metrics, expose the type='exemplar' label instead of type='unknown' for exemplar records.
  • [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts were queued.
  • [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus config file.
  • [BUGFIX] Promtool: Fix promtool check config not erroring properly on failures.
  • [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on...