This update for golang-github-prometheus-alertmanager and golang-github-prometheus-node_exporter fixes the following issues:
golang-github-prometheus-alertmanager:
- Security issues fixed:
- CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208051)
golang-github-prometheus-node_exporter:
- Security issues fixed in this version update to version 1.5.0 (jsc#PED-3578):
- CVE-2022-27191: Update go/x/crypto (bsc#1197284)
- CVE-2022-27664: Update go/x/net (bsc#1203185)
- CVE-2022-46146: Update exporter-toolkit (bsc#1208064)
- Other non-security bug fixes and changes in this version update to 1.5.0 (jsc#PED-3578):
- NOTE: This changes the Go runtime 'GOMAXPROCS' to 1. This is done to limit the concurrency of the exporter to 1 CPU
thread at a time in order to avoid a race condition problem in the Linux kernel and parallel IO issues on nodes with
high numbers of CPUs/CPU threads.
- [BUGFIX] Fix hwmon label sanitizer
- [BUGFIX] Use native endianness when encoding InetDiagMsg
- [BUGFIX] Fix btrfs device stats always being zero
- [BUGFIX] Fix diskstats exclude flags
- [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and fsSpaceAvailableWarning
- [BUGFIX] Fix concurrency issue in ethtool collector
- [BUGFIX] Fix concurrency issue in netdev collector
- [BUGFIX] Fix diskstat reads and write metrics for disks with different sector sizes
- [BUGFIX] Fix iostat on macos broken by deprecation warning
- [BUGFIX] Fix NodeFileDescriptorLimit alerts
- [BUGFIX] Sanitize rapl zone names
- [BUGFIX] Add file descriptor close safely in test
- [BUGFIX] Fix race condition in os_release.go
- [BUGFIX] Skip ZFS IO metrics if their paths are missing
- [BUGFIX] Handle nil CPU thermal power status on M1
- [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE
- [BUGFIX] Sanitize UTF-8 in dmi collector
- [CHANGE] Merge metrics descriptions in textfile collector
- [FEATURE] Add multiple listeners and systemd...