-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2020.2492
               Security update for SUSE Manager Client Tools
                               22 July 2020

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           SUSE Manager Tools 15
                   SUSE OpenStack Cloud
                   SUSE Linux Enterprise Server
                   SUSE Enterprise Storage
Publisher:         SUSE
Operating System:  SUSE
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Cross-site Scripting            -- Remote with User Interaction
                   Denial of Service               -- Existing Account            
                   Access Confidential Data        -- Remote/Unauthenticated      
                   Unauthorised Access             -- Remote/Unauthenticated      
Resolution:        Patch/Upgrade
CVE Names:         CVE-2020-13379 CVE-2020-12245 CVE-2019-15043
                   CVE-2019-10215  

Reference:         ESB-2020.2315
                   ESB-2020.2302
                   ESB-2020.1508
                   ESB-2019.4276

Original Bulletin: 
   https://www.suse.com/support/update/announcement/2020/suse-su-20201970-1
   https://www.suse.com/support/update/announcement/2020/suse-su-20201972-1

Comment: This bulletin contains two (2) SUSE security advisories.

- --------------------------BEGIN INCLUDED TEXT--------------------

SUSE Security Update: Security update for SUSE Manager Client Tools

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:1970-1
Rating:            moderate
References:        #1113160 #1134195 #1138822 #1141661 #1142038 #1143913
                   #1148177 #1153090 #1153277 #1154940 #1154968 #1155372
                   #1163871 #1165921 #1168310 #1170231 #1170557 #1171687
                   #1172462
Cross-References:  CVE-2019-10215 CVE-2019-15043 CVE-2020-12245 CVE-2020-13379
Affected Products:
                   SUSE OpenStack Cloud Crowbar 9
                   SUSE OpenStack Cloud Crowbar 8
                   SUSE OpenStack Cloud 9
                   SUSE OpenStack Cloud 8
                   SUSE Manager Tools 12
                   SUSE Linux Enterprise Server for SAP 12-SP4
                   SUSE Linux Enterprise Server for SAP 12-SP3
                   SUSE Linux Enterprise Server 12-SP5
                   SUSE Linux Enterprise Server 12-SP4-LTSS
                   SUSE Linux Enterprise Server 12-SP3-LTSS
                   SUSE Linux Enterprise Server 12-SP3-BCL
                   SUSE Enterprise Storage 5
                   HPE Helion Openstack 8
______________________________________________________________________________

An update that solves four vulnerabilities and has 15 fixes is now available.

Description:


This update fixes the following issues:
cobbler:

  o Calculate relative path for kernel and inited when generating grub entry
    (bsc#1170231) Added: fix-grub2-entry-paths.diff
  o Fix os-release version detection for SUSE Modified: sles15.patch
  o Jinja2 template library fix (bsc#1141661)
  o Removes string replace for textmode fix (bsc#1134195)


golang-github-prometheus-node_exporter:

  o Update to 0.18.1 * [BUGFIX] Fix incorrect sysctl call in BSD meminfo
    collector, resulting in broken swap metrics on FreeBSD #1345 * [BUGFIX] Fix
    rollover bug in mountstats collector #1364 * Renamed interface label to
    device in netclass collector for consistency with * other network metrics #
    1224 * The cpufreq metrics now separate the cpufreq and scaling data based
    on what the driver provides. #1248 * The labels for the network_up metric
    have changed, see issue #1236 * Bonding collector now uses mii_status
    instead of operstatus #1124 * Several systemd metrics have been turned off
    by default to improve performance #1254 * These include unit_tasks_current,
    unit_tasks_max, service_restart_total, and unit_start_time_seconds * The
    systemd collector blacklist now includes automount, device, mount, and
    slice units by default. #1255 * [CHANGE] Bonding state uses mii_status #
    1124 * [CHANGE] Add a limit to the number of in-flight requests #1166 *
    [CHANGE] Renamed interface label to device in netclass collector #1224 *
    [CHANGE] Add separate cpufreq and scaling metrics #1248 * [CHANGE] Several
    systemd metrics have been turned off by default to improve performance #
    1254 * [CHANGE] Expand systemd collector blacklist #1255 * [CHANGE] Split
    cpufreq metrics into a separate collector #1253 * [FEATURE] Add a flag to
    disable exporter metrics #1148 * [FEATURE] Add kstat-based Solaris metrics
    for boottime, cpu and zfs collectors #1197 * [FEATURE] Add uname collector
    for FreeBSD #1239 * [FEATURE] Add diskstats collector for OpenBSD #1250 *
    [FEATURE] Add pressure collector exposing pressure stall information for
    Linux #1174 * [FEATURE] Add perf exporter for Linux #1274 * [ENHANCEMENT]
    Add Infiniband counters #1120 * [ENHANCEMENT] Add TCPSynRetrans to netstat
    default filter #1143 * [ENHANCEMENT] Move network_up labels into new metric
    network_info #1236 * [ENHANCEMENT] Use 64-bit counters for Darwin netstat *
    [BUGFIX] Add fallback for missing /proc/1/mounts #1172 * [BUGFIX] Fix
    node_textfile_mtime_seconds to work properly on symlinks #1326
  o Add network-online (Wants and After) dependency to systemd unit bsc#1143913


golang-github-prometheus-prometheus:

  o Update change log and spec file + Modified spec file: default to golang
    1.14 to avoid "have choice" build issues in OBS. + Rebase and update
    patches for version 2.18.0 + Changed:
    * 0002-Default-settings.patch Changed
  o Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #
    7148 + Changes * Federation: Only use local TSDB for federation (ignore
    remote read). #7096 * Rules: `rule_evaluations_total` and
    `rule_evaluation_failures_total` have a `rule_group` label now. #7094 +
    Enhancements * TSDB: Significantly reduce WAL size kept around after a
    block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000
    + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React
    UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked
    resharding edge case. #7122 * Remote Write: Fixed remote write not updating
    on relabel configs change. #7073
  o Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #
    7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix
    reloads hanging when deleting a rule group that is being evaluated #7138 *
    TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135
    * TSDB: Make isolation more robust to panics in web handlers #7129 #7136
  o Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression
    that increased memory and CPU usage #7051
  o Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This
    release implements isolation in TSDB. API queries and recording rules are
    guaranteed to only see full scrapes and full recording rules. This comes
    with a certain overhead in resource usage. Depending on the situation,
    there might be some increase in memory usage, CPU usage, or query latency.
    + Enhancements * PromQL: Allow more keywords as metric names #6933 * React
    UI: Add normalization of localhost URLs in targets page #6794 * Remote
    read: Read from remote storage concurrently #6770 * Rules: Mark deleted
    rule series as stale after a reload #6745 * Scrape: Log scrape append
    failures as debug rather than warn #6852 * TSDB: Improve query performance
    for queries that partially hit the head #6676 * Consul SD: Expose service
    health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta
    label #6914 * Kubernetes SD: Expose service type as meta label for K8s
    service role #6684 * Kubernetes SD: Expose label_selector and
    field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #
    6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834
    #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new
    targets page not loading when using non-ASCII characters #6892 * Remote
    read: Fix duplication of metrics read from remote storage with external
    labels #6967 #7018 * Remote write: Register WAL watcher and live reader
    metrics for all remotes, not just the first one #6998 * Scrape: Prevent
    removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous
    response.WriteHeader call' errors when scrape fails under some
    circonstances #6986 * Scrape: Fix crash when reloads are separated by two
    scrape intervals #7011
  o Changes from 2.16.0 + Features * React UI: Support local timezone on /graph
    #6692 * PromQL: add absent_over_time query function #6490 * Adding optional
    logging of queries to their own file #6520 + Enhancements * React UI: Add
    support for rules page and "Xs ago" duration displays #6503 * React UI:
    alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB:
    Export metric for WAL write errors #6647 * TSDB: Improve query performance
    for queries that only touch the most recent 2h of data. #6651 * PromQL:
    Refactoring in parser errors to improve error messages #6634 * PromQL:
    Support trailing commas in grouping opts #6480 * Scrape: Reduce memory
    usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to
    track bytes and entries in the metadata cache #6675 * promtool: Add support
    for line-column numbers for invalid rules output #6533 * Avoid restarting
    rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send
    cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot
    fix for stacked graphs #6603 * React UI: broken graph page browser history
    so that back button works as expected #6659 * TSDB: ensure
    compactionsSkipped metric is registered, and log proper error if one is
    returned from head.Init #6616 * TSDB: return an error on ingesting series
    with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 *
    PromQL: Respect query.timeout even when we reach query.max-concurrency #
    6712 * PromQL: Fix string and parentheses handling in engine, which
    affected React UI #6612 * PromQL: Remove output labels returned by absent()
    if they are produced by multiple identical label matchers #6493 * Scrape:
    Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read:
    return the correct error if configs can't be marshal'd to JSON #6622 *
    Remote write: Make remote client `Store` use passed context, which can
    affect shutdown timing #6673 * Remote write: Improve sharding calculation
    in cases where we would always be consistently behind by tracking
    pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted
    when a rule group is removed #6693
  o Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built
    with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues
    on Windows. #6547
  o Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries
    against same data. #6512
  o Changes from 2.15.0 + Features * API: Added new endpoint for exposing per
    metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed
    `prometheus_sd_kubernetes_cache_*` metrics. Additionally
    `prometheus_sd_kubernetes_workqueue_latency_seconds` and
    `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show
    correct values in seconds. #6393 * Remote write: Changed `query` label on
    `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 +
    Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB
    blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during
    compaction which should result in lower memory footprint during compaction.
    #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL
    size is now used for size based retention calculation. #5886 * Remote read:
    Added query grouping and range hints to the remote read request #6401 *
    Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter
    per queue. #6344 * promql: Improved PromQL parser performance. #6356 *
    React UI: Implemented missing pages like `/targets` #6276, TSDB status page
    #6281 #6267 and many other fixes and performance improvements. * promql:
    Prometheus now accepts spaces between time range and square bracket. e.g `[
    5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not
    miss targets when configurations are similar. #6455 * Remote write: Value
    of `prometheus_remote_storage_shards_desired` gauge shows raw value of
    desired shards and it's updated correctly. #6378 * Rules: Prometheus now
    fails the evaluation of rules and alerts where metric results collide with
    labels specified in `labels` field. #6469 * API: Targets Metadata API `/
    targets/metadata` now accepts empty `match_targets` parameter as in the
    spec. #6303
  o Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/
    api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 *
    React UI: implement the new experimental React based UI. #5694 and many
    more * Can be found by under `/new`. * Not all pages are implemented yet. *
    Status: Cardinality statistics added to the Runtime & Build Information
    page. #6125 + Enhancements * Remote write: fix delays in remote write after
    a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug
    fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle
    endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #
    6149 * Promtool: Remove false duplicate rule warnings when checking rule
    files with alerts. #6270 * Remote write: restore use of deduplicating
    logger in remote write. #6113 * Remote write: do not reshard when unable to
    send samples. #6111 * Service discovery: errors are no longer logged on
    context cancellation. #6116, #6133 * UI: handle null response from API
    properly. #6071
  o Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #
    6110 * promql: fix potential panic in the query logger. #6094 * Multiple
    errors of http: superfluous response.WriteHeader call in the logs. #6145
  o Changes from 2.13.0 + Enhancements * Metrics: renamed
    prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and
    changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service
    discovery: add new node address types for kubernetes. #5902 * UI: show
    warnings if query have returned some warnings. #5964 * Remote write: reduce
    memory usage of the series cache. #5849 * Remote read: use remote read
    streaming to reduce memory usage. #5703 * Metrics: added metrics for remote
    write max/min/desired shards to queue manager. #5787 * Promtool: show the
    warnings during label query. #5924 * Promtool: improve error messages when
    parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes
    * UI: Fix a Stored DOM XSS vulnerability with query history

[CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2019-102
15). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #
6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #
5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI:
avoid truncated Y-axis values. #6014

- --------------------------------------------------------------------------------

SUSE Security Update: Security update for SUSE Manager Client Tools

______________________________________________________________________________

Announcement ID:   SUSE-SU-2020:1972-1
Rating:            moderate
References:        #1113160 #1138822 #1142038 #1148177 #1153090 #1153277
                   #1154940 #1154968 #1155372 #1163871 #1165921 #1168310
                   #1170231 #1170557 #1170824 #1171687 #1172462
Cross-References:  CVE-2019-10215 CVE-2019-15043 CVE-2020-12245 CVE-2020-13379
Affected Products:
                   SUSE Manager Tools 15
______________________________________________________________________________

An update that solves four vulnerabilities and has 13 fixes is now available.

Description:


This update fixes the following issues:
dracut-saltboot:

  o Print a list of available disk devices (bsc#1170824)
  o Install wipefs to initrd
  o Force install crypt modules


golang-github-prometheus-prometheus:

  o Update change log and spec file + Modified spec file: default to golang
    1.14 to avoid "have choice" build issues in OBS. + Rebase and update
    patches for version 2.18.0
  o Update to 2.18.0 + Features * Tracing: Added experimental Jaeger support #
    7148 + Changes * Federation: Only use local TSDB for federation (ignore
    remote read). #7096 * Rules: `rule_evaluations_total` and
    `rule_evaluation_failures_total` have a `rule_group` label now. #7094 +
    Enhancements * TSDB: Significantly reduce WAL size kept around after a
    block cut. #7098 * Discovery: Add `architecture` meta label for EC2. #7000
    + Bug fixes * UI: Fixed wrong MinTime reported by /status. #7182 * React
    UI: Fixed multiselect legend on OSX. #6880 * Remote Write: Fixed blocked
    resharding edge case. #7122 * Remote Write: Fixed remote write not updating
    on relabel configs change. #7073
  o Changes from 2.17.2 + Bug fixes * Federation: Register federation metrics #
    7081 * PromQL: Fix panic in parser error handling #7132 * Rules: Fix
    reloads hanging when deleting a rule group that is being evaluated #7138 *
    TSDB: Fix a memory leak when prometheus starts with an empty TSDB WAL #7135
    * TSDB: Make isolation more robust to panics in web handlers #7129 #7136
  o Changes from 2.17.1 + Bug fixes * TSDB: Fix query performance regression
    that increased memory and CPU usage #7051
  o Changes from 2.17.0 + Features * TSDB: Support isolation #6841 * This
    release implements isolation in TSDB. API queries and recording rules are
    guaranteed to only see full scrapes and full recording rules. This comes
    with a certain overhead in resource usage. Depending on the situation,
    there might be some increase in memory usage, CPU usage, or query latency.
    + Enhancements * PromQL: Allow more keywords as metric names #6933 * React
    UI: Add normalization of localhost URLs in targets page #6794 * Remote
    read: Read from remote storage concurrently #6770 * Rules: Mark deleted
    rule series as stale after a reload #6745 * Scrape: Log scrape append
    failures as debug rather than warn #6852 * TSDB: Improve query performance
    for queries that partially hit the head #6676 * Consul SD: Expose service
    health as meta label #5313 * EC2 SD: Expose EC2 instance lifecycle as meta
    label #6914 * Kubernetes SD: Expose service type as meta label for K8s
    service role #6684 * Kubernetes SD: Expose label_selector and
    field_selector #6807 * Openstack SD: Expose hypervisor id as meta label #
    6962 + Bug fixes * PromQL: Do not escape HTML-like chars in query log #6834
    #6795 * React UI: Fix data table matrix values #6896 * React UI: Fix new
    targets page not loading when using non-ASCII characters #6892 * Remote
    read: Fix duplication of metrics read from remote storage with external
    labels #6967 #7018 * Remote write: Register WAL watcher and live reader
    metrics for all remotes, not just the first one #6998 * Scrape: Prevent
    removal of metric names upon relabeling #6891 * Scrape: Fix 'superfluous
    response.WriteHeader call' errors when scrape fails under some
    circonstances #6986 * Scrape: Fix crash when reloads are separated by two
    scrape intervals #7011
  o Changes from 2.16.0 + Features * React UI: Support local timezone on /graph
    #6692 * PromQL: add absent_over_time query function #6490 * Adding optional
    logging of queries to their own file #6520 + Enhancements * React UI: Add
    support for rules page and "Xs ago" duration displays #6503 * React UI:
    alerts page, replace filtering togglers tabs with checkboxes #6543 * TSDB:
    Export metric for WAL write errors #6647 * TSDB: Improve query performance
    for queries that only touch the most recent 2h of data. #6651 * PromQL:
    Refactoring in parser errors to improve error messages #6634 * PromQL:
    Support trailing commas in grouping opts #6480 * Scrape: Reduce memory
    usage on reloads by reusing scrape cache #6670 * Scrape: Add metrics to
    track bytes and entries in the metadata cache #6675 * promtool: Add support
    for line-column numbers for invalid rules output #6533 * Avoid restarting
    rule groups when it is unnecessary #6450 + Bug fixes * React UI: Send
    cookies on fetch() on older browsers #6553 * React UI: adopt grafana flot
    fix for stacked graphs #6603 * React UI: broken graph page browser history
    so that back button works as expected #6659 * TSDB: ensure
    compactionsSkipped metric is registered, and log proper error if one is
    returned from head.Init #6616 * TSDB: return an error on ingesting series
    with duplicate labels #6664 * PromQL: Fix unary operator precedence #6579 *
    PromQL: Respect query.timeout even when we reach query.max-concurrency #
    6712 * PromQL: Fix string and parentheses handling in engine, which
    affected React UI #6612 * PromQL: Remove output labels returned by absent()
    if they are produced by multiple identical label matchers #6493 * Scrape:
    Validate that OpenMetrics input ends with `# EOF` #6505 * Remote read:
    return the correct error if configs can't be marshal'd to JSON #6622 *
    Remote write: Make remote client `Store` use passed context, which can
    affect shutdown timing #6673 * Remote write: Improve sharding calculation
    in cases where we would always be consistently behind by tracking
    pendingSamples #6511 * Ensure prometheus_rule_group metrics are deleted
    when a rule group is removed #6693
  o Changes from 2.15.2 + Bug fixes * TSDB: Fixed support for TSDB blocks built
    with Prometheus before 2.1.0. #6564 * TSDB: Fixed block compaction issues
    on Windows. #6547
  o Changes from 2.15.1 + Bug fixes * TSDB: Fixed race on concurrent queries
    against same data. #6512
  o Changes from 2.15.0 + Features * API: Added new endpoint for exposing per
    metric metadata `/metadata`. #6420 #6442 + Changes * Discovery: Removed
    `prometheus_sd_kubernetes_cache_*` metrics. Additionally
    `prometheus_sd_kubernetes_workqueue_latency_seconds` and
    `prometheus_sd_kubernetes_workqueue_work_duration_seconds` metrics now show
    correct values in seconds. #6393 * Remote write: Changed `query` label on
    `prometheus_remote_storage_*` metrics to `remote_name` and `url`. #6043 +
    Enhancements * TSDB: Significantly reduced memory footprint of loaded TSDB
    blocks. #6418 #6461 * TSDB: Significantly optimized what we buffer during
    compaction which should result in lower memory footprint during compaction.
    #6422 #6452 #6468 #6475 * TSDB: Improve replay latency. #6230 * TSDB: WAL
    size is now used for size based retention calculation. #5886 * Remote read:
    Added query grouping and range hints to the remote read request #6401 *
    Remote write: Added `prometheus_remote_storage_sent_bytes_total` counter
    per queue. #6344 * promql: Improved PromQL parser performance. #6356 *
    React UI: Implemented missing pages like `/targets` #6276, TSDB status page
    #6281 #6267 and many other fixes and performance improvements. * promql:
    Prometheus now accepts spaces between time range and square bracket. e.g `[
    5m]` #6065 + Bug fixes * Config: Fixed alertmanager configuration to not
    miss targets when configurations are similar. #6455 * Remote write: Value
    of `prometheus_remote_storage_shards_desired` gauge shows raw value of
    desired shards and it's updated correctly. #6378 * Rules: Prometheus now
    fails the evaluation of rules and alerts where metric results collide with
    labels specified in `labels` field. #6469 * API: Targets Metadata API `/
    targets/metadata` now accepts empty `match_targets` parameter as in the
    spec. #6303
  o Changes from 2.14.0 + Features * API: `/api/v1/status/runtimeinfo` and `/
    api/v1/status/buildinfo` endpoints added for use by the React UI. #6243 *
    React UI: implement the new experimental React based UI. #5694 and many
    more * Can be found by under `/new`. * Not all pages are implemented yet. *
    Status: Cardinality statistics added to the Runtime & Build Information
    page. #6125 + Enhancements * Remote write: fix delays in remote write after
    a compaction. #6021 * UI: Alerts can be filtered by state. #5758 + Bug
    fixes * Ensure warnings from the API are escaped. #6279 * API: lifecycle
    endpoints return 403 when not enabled. #6057 * Build: Fix Solaris build. #
    6149 * Promtool: Remove false duplicate rule warnings when checking rule
    files with alerts. #6270 * Remote write: restore use of deduplicating
    logger in remote write. #6113 * Remote write: do not reshard when unable to
    send samples. #6111 * Service discovery: errors are no longer logged on
    context cancellation. #6116, #6133 * UI: handle null response from API
    properly. #6071
  o Changes from 2.13.1 + Bug fixes * Fix panic in ARM builds of Prometheus. #
    6110 * promql: fix potential panic in the query logger. #6094 * Multiple
    errors of http: superfluous response.WriteHeader call in the logs. #6145
  o Changes from 2.13.0 + Enhancements * Metrics: renamed
    prometheus_sd_configs_failed_total to prometheus_sd_failed_configs and
    changed to Gauge #5254 * Include the tsdb tool in builds. #6089 * Service
    discovery: add new node address types for kubernetes. #5902 * UI: show
    warnings if query have returned some warnings. #5964 * Remote write: reduce
    memory usage of the series cache. #5849 * Remote read: use remote read
    streaming to reduce memory usage. #5703 * Metrics: added metrics for remote
    write max/min/desired shards to queue manager. #5787 * Promtool: show the
    warnings during label query. #5924 * Promtool: improve error messages when
    parsing bad rules. #5965 * Promtool: more promlint rules. #5515 + Bug fixes
    * UI: Fix a Stored DOM XSS vulnerability with query history

[CVE-2019-10215](http://cve.mitre.org/cgi-bin/cvename.cginame=CVE-2019-102
15). #6098 * Promtool: fix recording inconsistency due to duplicate labels. #
6026 * UI: fixes service-discovery view when accessed from unhealthy targets. #
5915 * Metrics format: OpenMetrics parser crashes on short input. #5939 * UI:
avoid truncated Y-axis values. #6014

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBXxfCrONLKJtyKPYoAQiQFw/5Af/dxu7F4JDVAaKfxq/EDZoFKH6GtuZv
cPoeuvKJWcUBxv4UdItj563q3olZ61GdXb79BBiN7UW7WnebEwhlM1DVXYL6zFXR
xZULVi6OqpjneghA+LQJy8MLSleK3IeLIDUQEiMLobobNFRGAa0+FcMxBuqev00b
uLBWjOQXIj9y8u1V+xrhd6B3llJJaIBgH+XgSkxlRfJ+zss2Adbt756CSSkU9f3U
kb/5j+9G15g23pem7etTsIhHo+dXFcFWPhPjh9DaqLNJ3alvkAGhbnBS4lyqQXLe
S3Rt6VlxLvl3PuFgFo235LBarNZFymhBE1WwAua1zBMgxxzfXPgyH4y46zvYJtKz
lZH/P0jQy6a253EFmNHkOVIdFj0dfT3FlQcN8ZDqbvI82dghUSclJGWgIri5muIK
lkCmkdxlFbGRRDlyDCiZoilFXkOisFtqKAo+1EoZA0Huy6j3sDDIHz0mZlGFIlWs
3OcwNyW4v5cZHxk2VXj1WgHp9/qkxGFu5YGfhXRHUm8qW4Dgr4oImiY8lSln/Vxv
AFprH9pA+RABe4xfbSeYWPfopilddfF85IErfI+cxZpLlp+54Kx422DBLxGy8BN5
qMldCn/5SOIMRB/KLqFpza7pijtuTzR4K5D+bLnFwp8Gf46m749piBwKdkzWpeVG
8xoBHSWRrfI=
=YiA2
-----END PGP SIGNATURE-----