Hash: SHA256

             AUSCERT External Security Bulletin Redistribution

            Security Beta update for SUSE Manager Client Tools
                              25 January 2024


        AusCERT Security Bulletin Summary

Product:           SUSE Manager Client Tools
Publisher:         SUSE
Operating System:  SUSE
Resolution:        Patch/Upgrade
CVE Names:         CVE-2023-40577 CVE-2023-3128 CVE-2023-2801
                   CVE-2023-2183 CVE-2023-1410 CVE-2023-1387
                   CVE-2023-0594 CVE-2023-0507 CVE-2022-46146
                   CVE-2022-41723 CVE-2022-41715 CVE-2022-39324
                   CVE-2022-39307 CVE-2022-39306 CVE-2022-39229
                   CVE-2022-39201 CVE-2022-36062 CVE-2022-35957
                   CVE-2022-32149 CVE-2022-31130 CVE-2022-31123
                   CVE-2022-31107 CVE-2022-31097 CVE-2022-29170
                   CVE-2022-27664 CVE-2022-27191 CVE-2022-23552
                   CVE-2022-21713 CVE-2022-21703 CVE-2022-21702
                   CVE-2022-21698 CVE-2022-21673 CVE-2022-0155
                   CVE-2021-43815 CVE-2021-43813 CVE-2021-43798
                   CVE-2021-43138 CVE-2021-41244 CVE-2021-41174
                   CVE-2021-39226 CVE-2021-36222 CVE-2021-3918
                   CVE-2021-3807 CVE-2021-3711 CVE-2020-7753

Original Bulletin: 

Comment: CVSS (Max):  9.8 CVE-2021-3711 (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
         CVSS Source: huntr.dev, NIST, [SUSE]
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
         The following are listed in the CISA Known Exploited Vulnerabilities (KEV) Catalog:
         CISA KEV CVE(s): CVE-2021-39226
         CISA KEV URL: https://www.cisa.gov/known-exploited-vulnerabilities-catalog

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Beta update for SUSE Manager Client Tools

Announcement ID:  SUSE-SU-2024:0191-1
     Rating:      moderate
                    o bsc#1047218
                    o bsc#1172110
                    o bsc#1188571
                    o bsc#1189520
                    o bsc#1191454
                    o bsc#1192154
                    o bsc#1192383
                    o bsc#1192696
                    o bsc#1192763
                    o bsc#1193492
                    o bsc#1193686
                    o bsc#1193688
                    o bsc#1194873
                    o bsc#1195726
                    o bsc#1195727
                    o bsc#1195728
                    o bsc#1196338
                    o bsc#1196652
                    o bsc#1197507
                    o bsc#1198903
                    o bsc#1199810
                    o bsc#1200480
                    o bsc#1200591
                    o bsc#1200725
                    o bsc#1201003
                    o bsc#1201059
                    o bsc#1201535
                    o bsc#1201539
                    o bsc#1203283
                    o bsc#1203596
                    o bsc#1203597
                    o bsc#1203599
                    o bsc#1204032
                    o bsc#1204089
                    o bsc#1204126
                    o bsc#1204302
                    o bsc#1204303
                    o bsc#1204304
                    o bsc#1204305
                    o bsc#1204501
                    o bsc#1205207
                    o bsc#1205225
                    o bsc#1205227
                    o bsc#1205759
                    o bsc#1207352
                    o bsc#1207749
   References:      o bsc#1207750
                    o bsc#1207830
                    o bsc#1208046
                    o bsc#1208049
                    o bsc#1208051
                    o bsc#1208060
                    o bsc#1208062
                    o bsc#1208064
                    o bsc#1208065
                    o bsc#1208270
                    o bsc#1208293
                    o bsc#1208298
                    o bsc#1208612
                    o bsc#1208692
                    o bsc#1208719
                    o bsc#1208819
                    o bsc#1208821
                    o bsc#1208965
                    o bsc#1209113
                    o bsc#1209645
                    o bsc#1210458
                    o bsc#1210907
                    o bsc#1211525
                    o bsc#1212099
                    o bsc#1212100
                    o bsc#1212279
                    o bsc#1212641
                    o bsc#1218843
                    o bsc#1218844
                    o jsc#MSQA-718
                    o jsc#PED-2145
                    o jsc#PED-2617
                    o jsc#PED-3576
                    o jsc#PED-3578
                    o jsc#PED-3694
                    o jsc#PED-4556
                    o jsc#PED-5405
                    o jsc#PED-5406
                    o jsc#PED-7353
                    o jsc#SLE-23422
                    o jsc#SLE-23439
                    o jsc#SLE-24238
                    o jsc#SLE-24239
                    o jsc#SLE-24565
                    o jsc#SLE-24791
                    o jsc#SUMA-114

                    o CVE-2020-7753
                    o CVE-2021-36222
                    o CVE-2021-3711
                    o CVE-2021-3807
                    o CVE-2021-3918
                    o CVE-2021-39226
                    o CVE-2021-41174
                    o CVE-2021-41244
                    o CVE-2021-43138
                    o CVE-2021-43798
                    o CVE-2021-43813
                    o CVE-2021-43815
                    o CVE-2022-0155
                    o CVE-2022-21673
                    o CVE-2022-21698
                    o CVE-2022-21702
                    o CVE-2022-21703
                    o CVE-2022-21713
                    o CVE-2022-23552
                    o CVE-2022-27191
                    o CVE-2022-27664
                    o CVE-2022-29170
Cross-References:   o CVE-2022-31097
                    o CVE-2022-31107
                    o CVE-2022-31123
                    o CVE-2022-31130
                    o CVE-2022-32149
                    o CVE-2022-35957
                    o CVE-2022-36062
                    o CVE-2022-39201
                    o CVE-2022-39229
                    o CVE-2022-39306
                    o CVE-2022-39307
                    o CVE-2022-39324
                    o CVE-2022-41715
                    o CVE-2022-41723
                    o CVE-2022-46146
                    o CVE-2023-0507
                    o CVE-2023-0594
                    o CVE-2023-1387
                    o CVE-2023-1410
                    o CVE-2023-2183
                    o CVE-2023-2801
                    o CVE-2023-3128
                    o CVE-2023-40577

                    o CVE-2020-7753 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2021-36222 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
                    o CVE-2021-36222 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2021-3711 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2021-3711 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2021-3807 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2021-3807 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2021-3807 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2021-3918 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/
                    o CVE-2021-3918 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2021-39226 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
                    o CVE-2021-39226 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2021-41174 ( SUSE ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R
                    o CVE-2021-41174 ( NVD ): 6.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/
                    o CVE-2021-41244 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N
                    o CVE-2021-41244 ( NVD ): 7.2 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/
                    o CVE-2021-43138 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R
                    o CVE-2021-43138 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/
                    o CVE-2021-43798 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
                    o CVE-2021-43798 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2021-43813 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N
                    o CVE-2021-43813 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/
                    o CVE-2021-43815 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N
                    o CVE-2021-43815 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/
                    o CVE-2022-0155 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/
                    o CVE-2022-21673 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N
                    o CVE-2022-21673 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/
                    o CVE-2022-21698 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
                    o CVE-2022-21698 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2022-21702 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R
                    o CVE-2022-21702 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/
                    o CVE-2022-21703 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R
                    o CVE-2022-21703 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/
                    o CVE-2022-21713 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N
                    o CVE-2022-21713 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/
                    o CVE-2022-23552 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R
                    o CVE-2022-23552 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/
                    o CVE-2022-27191 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
                    o CVE-2022-27191 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2022-27664 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
                    o CVE-2022-27664 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2022-29170 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N
                    o CVE-2022-29170 ( NVD ): 8.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/
                    o CVE-2022-31097 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R
                    o CVE-2022-31097 ( NVD ): 8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/
  CVSS scores:        S:C/C:H/I:H/A:N
                    o CVE-2022-31107 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N
                    o CVE-2022-31107 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/
                    o CVE-2022-31123 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:R
                    o CVE-2022-31123 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/
                    o CVE-2022-31130 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
                    o CVE-2022-31130 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2022-32149 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
                    o CVE-2022-32149 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2022-35957 ( SUSE ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N
                    o CVE-2022-35957 ( NVD ): 6.6 CVSS:3.1/AV:N/AC:H/PR:H/UI:N/
                    o CVE-2022-36062 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:N
                    o CVE-2022-36062 ( NVD ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/
                    o CVE-2022-39201 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
                    o CVE-2022-39201 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2022-39229 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N
                    o CVE-2022-39229 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/
                    o CVE-2022-39306 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R
                    o CVE-2022-39306 ( NVD ): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/
                    o CVE-2022-39307 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
                    o CVE-2022-39307 ( NVD ): 6.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/
                    o CVE-2022-39324 ( SUSE ): 6.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R
                    o CVE-2022-39324 ( NVD ): 6.7 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/
                    o CVE-2022-41715 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N
                    o CVE-2022-41715 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2022-41723 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
                    o CVE-2022-41723 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2022-46146 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N
                    o CVE-2022-46146 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/
                    o CVE-2023-0507 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/
                    o CVE-2023-0507 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/
                    o CVE-2023-0594 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/
                    o CVE-2023-0594 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/
                    o CVE-2023-1387 ( SUSE ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/
                    o CVE-2023-1387 ( NVD ): 4.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/
                    o CVE-2023-1410 ( SUSE ): 5.7 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/
                    o CVE-2023-1410 ( NVD ): 6.2 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/
                    o CVE-2023-2183 ( SUSE ): 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/
                    o CVE-2023-2183 ( NVD ): 4.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/
                    o CVE-2023-2801 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2023-2801 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2023-3128 ( SUSE ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2023-3128 ( NVD ): 9.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/
                    o CVE-2023-40577 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N
                    o CVE-2023-40577 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/

                    o SUSE Linux Enterprise Desktop 12
                    o SUSE Linux Enterprise Desktop 12 SP1
                    o SUSE Linux Enterprise Desktop 12 SP2
                    o SUSE Linux Enterprise Desktop 12 SP3
                    o SUSE Linux Enterprise Desktop 12 SP4
                    o SUSE Linux Enterprise High Performance Computing 12 SP2
                    o SUSE Linux Enterprise High Performance Computing 12 SP3
                    o SUSE Linux Enterprise High Performance Computing 12 SP4
                    o SUSE Linux Enterprise High Performance Computing 12 SP5
                    o SUSE Linux Enterprise Server 12
    Affected        o SUSE Linux Enterprise Server 12 SP1
    Products:       o SUSE Linux Enterprise Server 12 SP2
                    o SUSE Linux Enterprise Server 12 SP3
                    o SUSE Linux Enterprise Server 12 SP4
                    o SUSE Linux Enterprise Server 12 SP5
                    o SUSE Linux Enterprise Server for SAP Applications 12
                    o SUSE Linux Enterprise Server for SAP Applications 12 SP1
                    o SUSE Linux Enterprise Server for SAP Applications 12 SP2
                    o SUSE Linux Enterprise Server for SAP Applications 12 SP3
                    o SUSE Linux Enterprise Server for SAP Applications 12 SP4
                    o SUSE Linux Enterprise Server for SAP Applications 12 SP5
                    o SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2
                    o SUSE Manager Client Tools Beta for SLE 12

An update that solves 45 vulnerabilities, contains 17 features and has 30
security fixes can now be installed.


This update fixes the following issues:


  o Exclude s390 arch
  o Adapted to build on Enterprise Linux.
  o Fix build for RedHat 7
  o Require Go >= 1.14 also for CentOS
  o Add support for CentOS
  o Replace %{?systemd_requires} with %{?systemd_ordering}


  o Exclude s390 architecture (gh#SUSE/spacewalk#19050)
  o Enhanced to build on Enterprise Linux 8.


  o Do not strip if SUSE Linux Enterprise 15 SP3
  o Exclude debug for RHEL >= 8
  o Build with Go >= 1.20 when the OS is not RHEL
  o Fix apparmor profile for SLE 12
  o Upgrade to version 1.0.0 (jsc#PED-5405)
  o Improved flag parsing
  o Added support for custom headers
  o Build using promu
  o Fix sandboxing options
  o Upgrade to version 0.13.4
  o CVE-2022-32149: Fix denial of service vulnerability (bsc#1204501)
  o Upgrade to version 0.13.3
  o CVE-2022-41723: Fix uncontrolled resource consumption (bsc#1208270)
  o Upgrade to version 0.13.1
  o Fix panic caused by missing flagConfig options
  o Upgrade to version 0.13.0
  o CVE-2022-46146: Fix authentication bypass vulnarability (bsc#1208046)
  o Corrected comment in AppArmor profile
  o Added AppArmor profile
  o Added sandboxing options to systemd service unit
  o Exclude s390 architecture (gh#SUSE/spacewalk#19050)
  o Update to upstream release 0.11.0 (jsc#SLE-24791)
  o Add TLS support
  o Switch to logger, please check --log.level and --log.format flags
  o Update to version 0.10.1
  o Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data
  o Update to version 0.10.0
  o Add Apache Proxy and other metrics
  o Update to version 0.8.0
  o Change commandline flags
  o Add metrics: Apache version, request duration total
  o Adapted to build on Enterprise Linux 8
  o Require building with Go 1.15
  o Add support for RedHat 8
  o Adjust dependencies on spec file
  o Disable dwarf compression in go build
  o Add support for Red Hat
  o Add %license macro for LICENSE file


  o Do not create PIE for s390x architecture
  o Require Go 1.20 or newer for building
  o Remove not used build flags
  o Create position independent executables (PIE)
  o Disable striping the binaries only for SLE 15 SP3
  o Add System/Monitoring group tag
  o Rework service file to use obscpio
  o Run tar and recompress services at buildtime
  o Do not generate automatically changelog entries
  o Update to version 0.26.0 (jsc#PED-7353): https://github.com/prometheus/
  o CVE-2023-40577: Fix stored XSS via the /api/v1/alerts endpoint in the
    Alertmanager UI (bsc#1218838)
  o Configuration: Fix empty list of receivers and inhibit_rules would cause
    the alertmanager to crash
  o Templating: Fixed a race condition when using the title function. It is now
  o API: Fixed duplicate receiver names in the api/v2/receivers API endpoint
  o API: Attempting to delete a silence now returns the correct status code,
    404 instead of 500
  o Clustering: Fixes a panic when tls_client_config is empty
  o Webhook: url is now marked as a secret. It will no longer show up in the
    logs as clear-text
  o Metrics: New label reason for alertmanager_notifications_failed_total
    metric to indicate the type of error of the alert delivery
  o Clustering: New flag --cluster.label, to help to block any traffic that is
    not meant for the cluster
  o Integrations: Add Microsoft Teams as a supported integration
  o Update to version 0.25.0: https://github.com/prometheus/alertmanager/
  o Fail configuration loading if api_key and api_key_file are defined at the
    same time
  o Fix the alertmanager_alerts metric to avoid counting resolved alerts as
    active. Also added a new alertmanager_marked_alerts metric that retain the
    old behavior
  o Trim contents of Slack API URLs when reading from files
  o amtool: Avoid panic when the label value matcher is empty
  o Fail configuration loading if api_url is empty for OpsGenie
  o Fix email template for resolved notifications
  o Add proxy_url support for OAuth2 in HTTP client configuration
  o Reload TLS certificate and key from disk when updated
  o Add Discord integration
  o Add Webex integration
  o Add min_version support to select the minimum TLS version in HTTP client
  o Add max_version support to select the maximum TLS version in
  o Emit warning logs when truncating messages in notifications
  o Support HEAD method for the /-/healty and /-/ready endpoints
  o Add support for reading global and local SMTP passwords from files
  o UI: Add 'Link' button to alerts in list
  o UI: Allow to choose the first day of the week as Sunday or Monday
  o Update to version 0.24.0: https://github.com/prometheus/alertmanager/
  o Fix HTTP client configuration for the SNS receiver
  o Fix unclosed file descriptor after reading the silences snapshot file
  o Fix field names for mute_time_intervals in JSON marshaling
  o Ensure that the root route doesn't have any matchers
  o Truncate the message's title to 1024 chars to avoid hitting Slack limits
  o Fix the default HTML email template (email.default.html) to match with the
    canonical source
  o Detect SNS FIFO topic based on the rendered value
  o Avoid deleting and recreating a silence when an update is possible
  o api/v2: Return 200 OK when deleting an expired silence
  o amtool: Fix the silence's end date when adding a silence. The end date is
    (start date + duration) while it used to be (current time + duration). The
    new behavior is consistent with the update operation
  o Add the /api/v2 prefix to all endpoints in the OpenAPI specification and
    generated client code
  o Add --cluster.tls-config experimental flag to secure cluster traffic via
    mutual TLS
  o Add Telegram integration
  o CVE-2022-46146: Prevent authentication bypass via cache poisoning (bsc#
  o Do not include sources (bsc#1200725)


  o Remove node_exporter-1.5.0.tar.gz
  o Execute tar and recompress service modules at buildtime
  o Update to 1.5.0 (jsc#PED-3578):
  o NOTE: This changes the Go runtime "GOMAXPROCS" to 1. This is done to limit
    the concurrency of the exporter to 1 CPU thread at a time in order to avoid
    a race condition problem in the Linux kernel (#2500) and parallel IO issues
    on nodes with high numbers of CPUs/CPU threads (#1880).
  o [CHANGE] Default GOMAXPROCS to 1 #2530
  o [FEATURE] Add multiple listeners and systemd socket listener activation #
  o [ENHANCEMENT] Add RTNL version of netclass collector #2492, #2528
  o [BUGFIX] Fix hwmon label sanitizer #2504
  o [BUGFIX] Use native endianness when encoding InetDiagMsg #2508
  o [BUGFIX] Fix btrfs device stats always being zero #2516
  o Update to 1.4.1:
  o [BUGFIX] Fix diskstats exclude flags #2487
  o [SECURITY] CVE-2022-27191, CVE-2022-27664: Update go/x/crypto and go/x/net
    (bsc#1197284, bsc#1203185)
  o [SECURITY] CVE-2022-46146: Update exporter-toolkit (bsc#1208064)
  o Update to 1.4.0:
  o [CHANGE] Merge metrics descriptions in textfile collector #2475
  o [FEATURE] [node-mixin] Add darwin dashboard to mixin #2351
  o [FEATURE] Add "isolated" metric on cpu collector on linux #2251
  o [FEATURE] Add cgroup summary collector #2408
  o [FEATURE] Add selinux collector #2205
  o [FEATURE] Add slab info collector #2376
  o [FEATURE] Add sysctl collector #2425
  o [FEATURE] Also track the CPU Spin time for OpenBSD systems #1971
  o [FEATURE] Add support for MacOS version #2471
  o [ENHANCEMENT] [node-mixin] Add missing selectors #2426
  o [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default #
  o [ENHANCEMENT] [node-mixin] Change disk graph to disk table #2364
  o [ENHANCEMENT] [node-mixin] Change io time units to %util #2375
  o [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd #2266
  o [ENHANCEMENT] Add additional vm_stat memory metrics for darwin #2240
  o [ENHANCEMENT] Add device filter flags to arp collector #2254
  o [ENHANCEMENT] Add diskstats include and exclude device flags #2417
  o [ENHANCEMENT] Add node_softirqs_total metric #2221
  o [ENHANCEMENT] Add rapl zone name label option #2401
  o [ENHANCEMENT] Add slabinfo collector #1799
  o [ENHANCEMENT] Allow user to select port on NTP server to query #2270
  o [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev #2404
  o [ENHANCEMENT] Enable builds against older macOS SDK #2327
  o [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name
  o [ENHANCEMENT] systemd: Expose systemd minor version #2282
  o [ENHANCEMENT] Use netlink for tcpstat collector #2322
  o [ENHANCEMENT] Use netlink to get netdev stats #2074
  o [ENHANCEMENT] Add additional perf counters for stalled frontend/backend
    cycles #2191
  o [ENHANCEMENT] Add btrfs device error stats #2193
  o [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and
    fsSpaceAvailableWarning #2352
  o [BUGFIX] Fix concurrency issue in ethtool collector #2289
  o [BUGFIX] Fix concurrency issue in netdev collector #2267
  o [BUGFIX] Fix diskstat reads and write metrics for disks with different
    sector sizes #2311
  o [BUGFIX] Fix iostat on macos broken by deprecation warning #2292
  o [BUGFIX] Fix NodeFileDescriptorLimit alerts #2340
  o [BUGFIX] Sanitize rapl zone names #2299
  o [BUGFIX] Add file descriptor close safely in test #2447
  o [BUGFIX] Fix race condition in os_release.go #2454
  o [BUGFIX] Skip ZFS IO metrics if their paths are missing #2451
  o BuildRequire go1.18 OR HIGHER (previously this was fixed to 1.14)
  o Update to 1.3.1
  o [BUGFIX] Handle nil CPU thermal power status on M1 #2218
  o [BUGFIX] bsd: Ignore filesystems flagged as MNT_IGNORE. #2227
  o [BUGFIX] Sanitize UTF-8 in dmi collector #2229
  o Exclude s390 arch.
  o Update spec file in order to make --version work (bsc#1196652)


  o Update to 2.45.0 (jsc#PED-5406):
  o [FEATURE] API: New limit parameter to limit the number of items returned by
    /api/v1/status/tsdb endpoint.
  o [FEATURE] Config: Add limits to global config.
  o [FEATURE] Consul SD: Added support for path_prefix .
  o [FEATURE] Native histograms: Add option to scrape both classic and native
  o [FEATURE] Native histograms: Added support for two more arithmetic
    operators avg_over_time and sum_over_time .
  o [FEATURE] Promtool: When providing the block id, only one block will be
    loaded and analyzed.
  o [FEATURE] Remote-write: New Azure ad configuration to support remote
    writing directly to Azure Monitor workspace.
  o [FEATURE] TSDB: Samples per chunk are now configurable with flag
    storage.tsdb.samples-per-chunk . By default set to its former value 120.
  o [ENHANCEMENT] Native histograms: bucket size can now be limited to avoid
    scrape fails.
  o [ENHANCEMENT] TSDB: Dropped series are now deleted from the WAL sooner.
  o [BUGFIX] Native histograms: ChunkSeries iterator now checks if a new sample
    can be appended to the open chunk.
  o [BUGFIX] Native histograms: Fix Histogram Appender Appendable() segfault.
  o [BUGFIX] Native histograms: Fix setting reset header to gauge histograms in
  o [BUGFIX] TSDB: Tombstone intervals are not modified after Get() call.
  o [BUGFIX] TSDB: Use path/filepath to set the WAL directory.
  o Update to 2.44.0:
  o [FEATURE] Remote-read: Handle native histograms.
  o [FEATURE] Promtool: Health and readiness check of prometheus server in CLI.
  o [FEATURE] PromQL: Add query_samples_total metric, the total number of
    samples loaded by all queries.
  o [ENHANCEMENT] Storage: Optimise buffer used to iterate through samples.
  o [ENHANCEMENT] Scrape: Reduce memory allocations on target labels.
  o [ENHANCEMENT] PromQL: Use faster heap method for topk() / bottomk() .
  o [ENHANCEMENT] Rules API: Allow filtering by rule name.
  o [ENHANCEMENT] Native Histograms: Various fixes and improvements.
  o [ENHANCEMENT] UI: Search of scraping pools is now case-insensitive.
  o [ENHANCEMENT] TSDB: Add an affirmative log message for successful WAL
  o [BUGFIX] TSDB: Block compaction failed when shutting down.
  o [BUGFIX] TSDB: Out-of-order chunks could be ignored if the write-behind log
    was deleted.
  o Update to 2.43.1
  o [BUGFIX] Labels: Set() after Del() would be ignored, which broke some
    relabeling rules.
  o Update to 2.43.0:
  o [FEATURE] Promtool: Add HTTP client configuration to query commands.
  o [FEATURE] Scrape: Add include_scrape_configs to include scrape configs from
    different files.
  o [FEATURE] HTTP client: Add no_proxy to exclude URLs from proxied requests.
  o [FEATURE] HTTP client: Add proxy_from_enviroment to read proxies from env
  o [ENHANCEMENT] API: Add support for setting lookback delta per query via the
  o [ENHANCEMENT] API: Change HTTP status code from 503/422 to 499 if a request
    is canceled.
  o [ENHANCEMENT] Scrape: Allow exemplars for all metric types.
  o [ENHANCEMENT] TSDB: Add metrics for head chunks and WAL folders size.
  o [ENHANCEMENT] TSDB: Automatically remove incorrect snapshot with index that
    is ahead of WAL.
  o [ENHANCEMENT] TSDB: Improve Prometheus parser error outputs to be more
  o [ENHANCEMENT] UI: Scope group by labels to metric in autocompletion.
  o [BUGFIX] Scrape: Fix prometheus_target_scrape_pool_target_limit metric not
    set before reloading.
  o [BUGFIX] TSDB: Correctly update prometheus_tsdb_head_chunks_removed_total
    and prometheus_tsdb_head_chunks metrics when reading WAL.
  o [BUGFIX] TSDB: Use the correct unit (seconds) when recording out-of-order
    append deltas in the prometheus_tsdb_sample_ooo_delta metric.
  o Update to 2.42.0: This release comes with a bunch of feature coverage for
    native histograms and breaking changes. If you are trying native histograms
    already, we recommend you remove the wal directory when upgrading. Because
    the old WAL record for native histograms is not backward compatible in
    v2.42.0, this will lead to some data loss for the latest data.
    Additionally, if you scrape "float histograms" or use recording rules on
    native histograms in v2.42.0 (which writes float histograms), it is a
    one-way street since older versions do not support float histograms.
  o [CHANGE] breaking TSDB: Changed WAL record format for the experimental
    native histograms.
  o [FEATURE] Add 'keep_firing_for' field to alerting rules.
  o [FEATURE] Promtool: Add support of selecting timeseries for TSDB dump.
  o [ENHANCEMENT] Agent: Native histogram support.
  o [ENHANCEMENT] Rules: Support native histograms in recording rules.
  o [ENHANCEMENT] SD: Add container ID as a meta label for pod targets for
  o [ENHANCEMENT] SD: Add VM size label to azure service discovery.
  o [ENHANCEMENT] Support native histograms in federation.
  o [ENHANCEMENT] TSDB: Add gauge histogram support.
  o [ENHANCEMENT] TSDB/Scrape: Support FloatHistogram that represents buckets
    as float64 values.
  o [ENHANCEMENT] UI: Show individual scrape pools on /targets page.
  o Update to 2.41.0:
  o [FEATURE] Relabeling: Add keepequal and dropequal relabel actions.
  o [FEATURE] Add support for HTTP proxy headers.
  o [ENHANCEMENT] Reload private certificates when changed on disk.
  o [ENHANCEMENT] Add max_version to specify maximum TLS version in tls_config.
  o [ENHANCEMENT] Add goos and goarch labels to prometheus_build_info.
  o [ENHANCEMENT] SD: Add proxy support for EC2 and LightSail SDs.
  o [ENHANCEMENT] SD: Add new metric prometheus_sd_file_watcher_errors_total.
  o [ENHANCEMENT] Remote Read: Use a pool to speed up marshalling.
  o [ENHANCEMENT] TSDB: Improve handling of tombstoned chunks in iterators.
  o [ENHANCEMENT] TSDB: Optimize postings offset table reading.
  o [BUGFIX] Scrape: Validate the metric name, label names, and label values
    after relabeling.
  o [BUGFIX] Remote Write receiver and rule manager: Fix error handling.
  o Update to 2.40.7:
  o [BUGFIX] TSDB: Fix queries involving negative buckets of native histograms.
  o Update to 2.40.5:
  o [BUGFIX] TSDB: Fix queries involving native histograms due to improper
    reset of iterators.
  o Update to 2.40.3:
  o [BUGFIX] TSDB: Fix compaction after a deletion is called.
  o Update to 2.40.2:
  o [BUGFIX] UI: Fix black-on-black metric name color in dark mode.
  o Update to 2.40.1:
  o [BUGFIX] TSDB: Fix alignment for atomic int64 for 32 bit architecture.
  o [BUGFIX] Scrape: Fix accept headers.
  o Update to 2.40.0:
  o [FEATURE] Add experimental support for native histograms. Enable with the
    flag --enable-feature=native-histograms.
  o [FEATURE] SD: Add service discovery for OVHcloud.
  o [ENHANCEMENT] Kubernetes SD: Use protobuf encoding.
  o [ENHANCEMENT] TSDB: Use golang.org/x/exp/slices for improved sorting speed.
  o [ENHANCEMENT] Consul SD: Add enterprise admin partitions. Adds
    __meta_consul_partition label. Adds partition config in consul_sd_config.
  o [BUGFIX] API: Fix API error codes for /api/v1/labels and /api/v1/series.
  o Update to 2.39.1:
  o [BUGFIX] Rules: Fix notifier relabel changing the labels on active alerts.
  o Update to 2.39.0:
  o [FEATURE] experimental TSDB: Add support for ingesting out-of-order
    samples. This is configured via out_of_order_time_window field in the
    config file; check config file docs for more info.
  o [ENHANCEMENT] API: /-/healthy and /-/ready API calls now also respond to a
    HEAD request on top of existing GET support.
  o [ENHANCEMENT] PuppetDB SD: Add __meta_puppetdb_query label.
  o [ENHANCEMENT] AWS EC2 SD: Add __meta_ec2_region label.
  o [ENHANCEMENT] AWS Lightsail SD: Add __meta_lightsail_region label.
  o [ENHANCEMENT] Scrape: Optimise relabeling by re-using memory.
  o [ENHANCEMENT] TSDB: Improve WAL replay timings.
  o [ENHANCEMENT] TSDB: Optimise memory by not storing unnecessary data in the
  o [ENHANCEMENT] TSDB: Allow overlapping blocks by default.
    --storage.tsdb.allow-overlapping-blocks now has no effect.
  o [ENHANCEMENT] UI: Click to copy label-value pair from query result to
  o [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak.
  o [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup.
  o [BUGFIX] PromQL: Properly close file descriptor when logging unfinished
  o [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing
    more than desired.
  o Update to 2.38.0:
  o [FEATURE]: Web: Add a /api/v1/format_query HTTP API endpoint that allows
    pretty-formatting PromQL expressions.
  o [FEATURE]: UI: Add support for formatting PromQL expressions in the UI.
  o [FEATURE]: DNS SD: Support MX records for discovering targets.
  o [FEATURE]: Templates: Add toTime() template function that allows converting
    sample timestamps to Go time.Time values.
  o [ENHANCEMENT]: Kubernetes SD: Add __meta_kubernetes_service_port_number
    meta label indicating the service port number.
    __meta_kubernetes_pod_container_image meta label indicating the container
  o [ENHANCEMENT]: PromQL: When a query panics, also log the query itself
    alongside the panic message.
  o [ENHANCEMENT]: UI: Tweak colors in the dark theme to improve the contrast
  o [ENHANCEMENT]: Web: Speed up calls to /api/v1/rules by avoiding locks and
    using atomic types instead.
  o [ENHANCEMENT]: Scrape: Add a no-default-scrape-port feature flag, which
    omits or removes any default HTTP (:80) or HTTPS (:443) ports in the
    target's scrape address.
  o [BUGFIX]: TSDB: In the WAL watcher metrics, expose the type="exemplar"
    label instead of type="unknown" for exemplar records.
  o [BUGFIX]: TSDB: Fix race condition around allocating series IDs during
    chunk snapshot loading.
  o Remove npm_licenses.tar.bz2 during "make clean"
  o Remove web-ui archives during "make clean".
  o Require promu >= 0.14.0 for building
  o Upgrade to version 2.37.6
  o Require Go 1.19
  o Upgrade to version 2.37.5
  o [SECURITY] Security upgrade from go and upstream dependencies that include
    security fixes to the net/http and os packages.
  o Upgrade to version 2.37.4
  o [SECURITY] CVE-2022-46146: Fix basic authentication bypass vulnerability
    (bsc#1208049, jsc#PED-3576)
  o Upgrade to version 2.37.3
  o [BUGFIX] CVE-2022-41715: Update our regexp library to fix upstream
    vulnerability (bnc#1204023)
  o [BUGFIX] TSDB: Turn off isolation for Head compaction to fix a memory leak.
  o Upgrade to version 2.37.2
  o [BUGFIX] TSDB: Fix 'invalid magic number 0' error on Prometheus startup.
  o [BUGFIX] Agent: Fix validation of flag options and prevent WAL from growing
    more than desired.
  o Upgrade to version 2.37.1
  o [BUGFIX] Properly close file descriptor when logging unfinished queries.
  o [BUGFIX] TSDB: In the WAL watcher metrics, expose the
  o Upgrade to version 2.37.0
  o [FEATURE] Nomad SD: New service discovery for Nomad built-in service
  o [ENHANCEMENT] Kubernetes SD: Allow attaching node labels for endpoint role.
  o [ENHANCEMENT] PromQL: Optimise creation of signature with/without labels.
  o [ENHANCEMENT] TSDB: Memory optimizations.
  o [ENHANCEMENT] TSDB: Reduce sleep time when reading WAL.
  o [ENHANCEMENT] OAuth2: Add appropriate timeouts and User-Agent header.
  o [BUGFIX] Alerting: Fix Alertmanager targets not being updated when alerts
    were queued.
  o [BUGFIX] Hetzner SD: Make authentication files relative to Prometheus
    config file.
  o [BUGFIX] Promtool: Fix promtool check config not erroring properly on
  o [BUGFIX] Scrape: Keep relabeled scrape interval and timeout on reloads.
  o [BUGFIX] TSDB: Don't increment prometheus_tsdb_compactions_failed_total
    when context is canceled.
  o [BUGFIX] TSDB: Fix panic if series is not found when deleting series.
  o [BUGFIX] TSDB: Increase prometheus_tsdb_mmap_chunk_corruptions_total on out
    of sequence errors.
  o [BUGFIX] Uyuni SD: Make authentication files relative to Prometheus
    configuration file and fix default configuration values.
  o Upgrade to version 2.36.2
  o [BUGFIX] Fix serving of static assets like fonts and favicon.
  o Upgrade to version 2.36.1
  o [BUGFIX] promtool: Add --lint-fatal option.
  o Upgrade to version 2.36.0
  o [FEATURE] Add lowercase and uppercase relabel action.
  o [FEATURE] SD: Add IONOS Cloud integration.
  o [FEATURE] SD: Add Vultr integration.
  o [FEATURE] SD: Add Linode SD failure count metric.
  o [FEATURE] Add prometheus_ready metric.
  o [ENHANCEMENT] Add stripDomain to template function.
  o [ENHANCEMENT] UI: Enable active search through dropped targets.
  o [ENHANCEMENT] promtool: support matchers when querying label
  o [ENHANCEMENT] Add agent mode identifier.
  o [BUGFIX] Changing TotalQueryableSamples from int to int64.
  o [BUGFIX] tsdb/agent: Ignore duplicate exemplars.
  o [BUGFIX] TSDB: Fix chunk overflow appending samples at a variable rate.
  o [BUGFIX] Stop rule manager before TSDB is stopped.
  o Upgrade to version 2.35.0
  o [CHANGE] TSDB: Delete *.tmp WAL files when Prometheus starts.
  o [CHANGE] promtool: Add new flag --lint (enabled by default) for the
    commands check rules and check config, resulting in a new exit code (3) for
    linter errors.
  o [FEATURE] Support for automatically setting the variable GOMAXPROCS to the
    container CPU limit. Enable with the flag --enable-feature=auto-gomaxprocs.
  o [FEATURE] PromQL: Extend statistics with total and peak number of samples
    in a query. Additionally, per-step statistics are available with
    --enable-feature=promql-per-step-stats and using stats=all in the query
    API. Enable with the flag --enable-feature=per-step-stats.
  o [ENHANCEMENT] TSDB: more efficient sorting of postings read from WAL at
  o [ENHANCEMENT] Azure SD: Add metric to track Azure SD failures.
  o [ENHANCEMENT] Azure SD: Add an optional resource_group configuration.
  o [ENHANCEMENT] Kubernetes SD: Support discovery.k8s.io/v1 EndpointSlice
    (previously only discovery.k8s.io/v1beta1 EndpointSlice was supported).
  o [ENHANCEMENT] Kubernetes SD: Allow attaching node metadata to discovered
  o [ENHANCEMENT] OAuth2: Support for using a proxy URL to fetch OAuth2 tokens.
  o [ENHANCEMENT] Configuration: Add the ability to disable HTTP2.
  o [ENHANCEMENT] Config: Support overriding minimum TLS version.
  o [BUGFIX] Kubernetes SD: Explicitly include gcp auth from k8s.io.
  o [BUGFIX] Fix OpenMetrics parser to sort uppercase labels correctly.
  o [BUGFIX] UI: Fix scrape interval and duration tooltip not showing on target
  o [BUGFIX] Tracing/GRPC: Set TLS credentials only when insecure is false.
  o [BUGFIX] Agent: Fix ID collision when loading a WAL with multiple segments.
  o [BUGFIX] Remote-write: Fix a deadlock between Batch and flushing the queue.
  o Upgrade to version 2.34.0
  o [CHANGE] UI: Classic UI removed.
  o [CHANGE] Tracing: Migrate from Jaeger to OpenTelemetry based tracing.
  o [ENHANCEMENT] TSDB: Disable the chunk write queue by default and allow
    configuration with the experimental flag
  o [ENHANCEMENT] HTTP SD: Add a failure counter.
  o [ENHANCEMENT] Azure SD: Set Prometheus User-Agent on requests.
  o [ENHANCEMENT] Uyuni SD: Reduce the number of logins to Uyuni.
  o [ENHANCEMENT] Scrape: Log when an invalid media type is encountered during
    a scrape.
  o [ENHANCEMENT] Scrape: Accept application/openmetrics-text;version=1.0.0 in
    addition to version=0.0.1.
  o [ENHANCEMENT] Remote-read: Add an option to not use external labels as
    selectors for remote read.
  o [ENHANCEMENT] UI: Optimize the alerts page and add a search bar.
  o [ENHANCEMENT] UI: Improve graph colors that were hard to see.
  o [ENHANCEMENT] Config: Allow escaping of $ with $$ when using environment
    variables with external labels.
  o [BUGFIX] PromQL: Properly return an error from histogram_quantile when
    metrics have the same labelset.
  o [BUGFIX] UI: Fix bug that sets the range input to the resolution.
  o [BUGFIX] TSDB: Fix a query panic when memory-snapshot-on-shutdown is
  o [BUGFIX] Parser: Specify type in metadata parser errors.
  o [BUGFIX] Scrape: Fix label limit changes not applying.
  o Upgrade to version 2.33.5
  o [BUGFIX] Remote-write: Fix deadlock between adding to queue and getting
  o Upgrade to version 2.33.4
  o [BUGFIX] TSDB: Fix panic when m-mapping head chunks onto the disk.
  o Upgrade to version 2.33.3
  o [BUGFIX] Azure SD: Fix a regression when public IP Address isn't set.
  o Upgrade to version 2.33.2
  o [BUGFIX] Azure SD: Fix panic when public IP Address isn't set.
  o [BUGFIX] Remote-write: Fix deadlock when stopping a shard.
  o Upgrade to version 2.33.1
  o [BUGFIX] SD: Fix no such file or directory in K8s SD when not running
    inside K8s.
  o Upgrade to version 2.33.0
  o [CHANGE] PromQL: Promote negative offset and @ modifer to stable features.
  o [CHANGE] Web: Promote remote-write-receiver to stable.
  o [FEATURE] Config: Add stripPort template function.
  o [FEATURE] Promtool: Add cardinality analysis to check metrics, enabled by
    flag --extended.
  o [FEATURE] SD: Enable target discovery in own K8s namespace.
  o [FEATURE] SD: Add provider ID label in K8s SD.
  o [FEATURE] Web: Add limit field to the rules API.
  o [ENHANCEMENT] Remote-write: Avoid allocations by buffering concrete structs
    instead of interfaces.
  o [ENHANCEMENT] Remote-write: Log time series details for out-of-order
    samples in remote write receiver.
  o [ENHANCEMENT] Remote-write: Shard up more when backlogged.
  o [ENHANCEMENT] TSDB: Use simpler map key to improve exemplar ingest
  o [ENHANCEMENT] TSDB: Avoid allocations when popping from the intersected
    postings heap.
  o [ENHANCEMENT] TSDB: Make chunk writing non-blocking, avoiding latency
    spikes in remote-write.
  o [ENHANCEMENT] TSDB: Improve label matching performance.
  o [ENHANCEMENT] UI: Optimize the service discovery page and add a search bar.
  o [ENHANCEMENT] UI: Optimize the target page and add a search bar.
  o [BUGFIX] Promtool: Make exit codes more consistent.
  o [BUGFIX] Promtool: Fix flakiness of rule testing.
  o [BUGFIX] Remote-write: Update
    prometheus_remote_storage_queue_highest_sent_timestamp_seconds metric when
    write irrecoverably fails.
  o [BUGFIX] Storage: Avoid panic in BufferedSeriesIterator.
  o [BUGFIX] TSDB: CompactBlockMetas should produce correct mint/maxt for
    overlapping blocks.
  o [BUGFIX] TSDB: Fix logging of exemplar storage size.
  o [BUGFIX] UI: Fix overlapping click targets for the alert state checkboxes.
  o [BUGFIX] UI: Fix Unhealthy filter on target page to actually display only
    Unhealthy targets.
  o [BUGFIX] UI: Fix autocompletion when expression is empty.
  o [BUGFIX] TSDB: Fix deadlock from simultaneous GC and write.
  o CVE-2022-46146: Fix authentication bypass by updating Prometheus Exporter
    Toolkit to version 0.7.3 (bsc#1208049)
  o CVE-2022-41723: Fix uncontrolled resource consumption by updating Go to
    version 1.20.1 (bsc#1208298)


  o Always set user and host build metadata to constant string to achieve
    reproducible builds (compare reproducible-builds.org)
  o Add 0001-do_not_discover_user_host_for_reproducible_builds.patch
  o Require Go >= 1.19 for building
  o Require Go >= 1.18 for building Red Hat packages
  o Update to version 0.14.0 (jsc#PED-3576):
  o Add the ability to override tags per GOOS
  o Remove ioutil
  o Update common Prometheus files (#232) (#224)
  o Validate environment variable value
  o Set build date from SOURCE_DATE_EPOCH
  o Update to Go 1.18
  o Exclude s390 architecture.
  o Set build date from last changelog modification (bsc#1047218)
  o Adapted for Enterprise Linux build.
  o Build requires Go 1.15
  o Make extldflags extensible by configuration. #125
  o Avoid bind-mounting to allow building with a remote docker engine #95
  o Update to 0.2.0
  o Features:
      ? Adding changes to support s390x
      ? Add option to disable static linking
      ? Add support for 32bit MIPS.
      ? Added check_licenses Command to Promu
  o Enhancements:
      ? Allow to customize nested options via env variables
      ? Bump Go version to 1.11
      ? Add warning if promu info is unable to determine repo info
  o Bug Fixes:
      ? Fix build on SmartOS by not setting gcc's -static flag
      ? Fix git repository url parsing
  o Update to 0.1.0
  o Initial version


  o Update to version 9.5.8:
  o Please, check the release notes for further details.
  o Security fixes provided in this and previous versions:
      ? CVE-2023-3128: Authentication bypass using Azure AD OAuth (bsc#1212641,
      ? CVE-2023-2801: Prevent crash while executing concurrent mixed queries
      ? CVE-2023-2183: Require alert.notifications:write permissions to test
        receivers and templates (bsc#1212100)
      ? CVE-2023-1387: JWT URL-login flow leaks token to data sources through
        request parameter in proxy requests (bsc#1210907, jsc#PED-3694)
      ? CVE-2023-1410: Stored XSS in Graphite FunctionDescription tooltip (bsc#
      ? CVE-2020-7753: Regular Expression Denial of Service (ReDoS) in trim
        function (bsc#1218843)
      ? CVE-2021-3807: Regular expressionDdenial of Service (ReDoS) matching
        ANSI escape codes (bsc#1192154)
      ? CVE-2021-3918: Improperly Controlled Modification of Object Prototype
        Attributes (bsc#1192696)
      ? CVE-2021-43138: A malicious user can obtain privileges via the
        mapValues() method (bsc#1200480)
      ? CVE-2022-0155: Exposure of Private Personal Information to an
        Unauthorized Actor (bsc#1218844)
      ? CVE-2022-31107: OAuth account takeover (bsc#1201539)
      ? CVE-2022-31097: Stored XSS vulnerability (bsc#1201535)
      ? CVE-2023-1410: Fix XSS in Graphite functions tooltip (bsc#1209645)
      ? CVE-2023-0507: Apply attribute sanitation to GeomapPanel (bsc#1208821)
      ? CVE-2023-0594: Avoid storing XSS in TraceView panel (bsc#1208819)
      ? CVE-2022-46146: Fix basic authentication bypass by updating the
        exporter toolkit to version 0.7.3 (bsc#1208065)
      ? CVE-2022-41723: Require Go 1.19 or newer (bsc#1208293)
      ? CVE-2022-23552: SVG: Add dompurify preprocessor step (bsc#1207749)
      ? CVE-2022-39324: Snapshots: Fix originalUrl spoof security issue (bsc#
      ? CVE-2022-39306: Fix for privilege escalation (bsc#1205225)
      ? CVE-2022-39307: Omit error from http response when user does not exists
      ? CVE-2022-39201: Fix do not forward login cookie in outgoing requests
      ? CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers
      ? CVE-2022-31123: Fix plugin signature bypass (bsc#1204302)
      ? CVE-2022-39229: Fix blocknig other users from signing in (bsc#1204304)
      ? CVE-2022-36062: RBAC folders/dashboards privilege escalation (bsc#
        1203596, jsc#PED-2145)
      ? CVE-2022-35957: Escalation from admin to server admin when auth proxy
        is used (bsc#1203597, jsc#PED-2145)
      ? CVE-2022-31107: OAuth account takeover (bsc#1201539)
      ? CVE-2022-31097: Stored XSS vulnerability (bsc#1201535)
      ? CVE-2022-29170: Request security bypass via malicious redirect (bsc#
      ? CVE-2022-31097: XSS vulnerability in the Unified Alerting (bsc#1201535)
      ? CVE-2022-31107: OAuth account takeover vulnerability (bsc#1201539)
      ? CVE-2022-21702: XSS vulnerability in handling data sources (bsc#
        1195726, jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565)
      ? CVE-2022-21703: Cross-origin request forgery vulnerability (bsc#
      ? CVE-2022-21713: Insecure Direct Object Reference vulnerability in Teams
        API (bsc#1195728)
      ? CVE-2022-21673: GetUserInfo: return an error if no user was found (bsc#
      ? CVE-2021-43813: Directory traversal vulnerability for .md files (bsc#
      ? CVE-2021-43815: Directory traversal for .csv files (bsc#1193686)
      ? CVE-2021-43798: arbitrary file read in the graph native plugin (bsc#
      ? CVE-2021-43798: Arbitrary file read in the graph native plugin (bsc#
      ? CVE-2021-41244: Grafana 8.2.4 released with security fixes (bsc#
      ? Security: Fixes CVE-2021-41174, bsc#1192383.
      ? Security: Update dependencies to fix CVE-2021-36222, bsc#1188571.


  o Update to version 0.1.1687520761.cefb248
  o Add osimage cert package to bootstrap for SUSE Linux Enterprise 12 images
  o Update to version 0.1.1673279145.e7616bd
  o Add failsafe stop file when salt-minion does not stop (bsc#1172110)
  o Update to version 0.1.1661440542.6cbe0da
  o Use standard susemanager.conf
  o Use salt bundle
  o Add support fo VirtIO disks


  o Version 5.0.1-1
  o Bump version to 5.0.0
  o Version 4.4.6-1
  o Remove unused makefiles
  o Version 4.4.5-1
  o Use http to connect to localhost server
  o Use bundle CA certificate in rhnpush
  o Version 4.4.4-1
  o remove pylint check at build time
  o Version 4.4.3-1
  o Ensure installation of make for building
  o Version 4.4.2-1
  o Update translation strings
  o Version 4.4.1-1
  o Bump version to 4.4.0


  o Use obscpio for go modules service
  o Set version number
  o Set build date from SOURCE_DATE_EPOCH
  o Update to 0.24.0 (bsc#1212279, jsc#PED-4556)
  o Requires go1.19
  o Avoid empty validation script
  o Add rc symlink for backwards compatibility
  o Fix authentication bypass via cache poisoning (CVE-2022-46146, bsc#1208062)
  o Add min_version parameter of tls_config to allow enabling TLS 1.0 and 1.1
  o On SUSE Linux Enterprise build always with Go >= 1.19 (bsc#1203599)
  o Build with go1.18 only for SLE-15-SP3 and build with >= go1.19 on higher SP
  o Require go1.18 (bsc#1203599, GH#19127)
  o Exclude s390 arch
  o Fix %pre section to avoid empty content
  o Updated to allow building on older rpmbuild.
  o Enhanced to build on Enterprise Linux 8


  o Remove duplicated call to systemd requirements
  o Do not build debug if RHEL >= 8
  o Do not strip if SUSE Linux Enterprise 15 SP3
  o Build at least with with Go >= 1.18 on RHEL
  o Build with Go >= 1.20 elsewhere
  o Adapt the systemd service security configuration to be able to start it on
    RHEL systems and clones
  o Create the prometheus user for RHEL systems and clones
  o Add 0001-Update-prometheus-exporter-toolkit-to-0.7.3.patch
  o Fix authentication bypass via cache poisoning (CVE-2022-46146, bsc#1208060)
  o Fix _service to pull correct version
  o Use go_modules source service
  o Upgrade to version 0.10.1:
  o Fix broken log-level for values other than debug (bsc#1208965)
  o Version/release lines above first usage of those macros. gh#uyuni-project/
  o Prevent empty %pre section
  o Exclude s390 builds
  o Updated for RHEL8.


  o Declare the LICENSE file as license and not doc


  o Version 5.0.1-1
  o Specify a packager for Debian like distros
  o Version 4.4.6-1
  o Remove unused makefiles
  o Version 4.4.5-1
  o Use bundle CA certificate in rhnpush
  o Version 4.4.4-1
  o Only use TLSv1+ for SSL connections
  o Version 4.4.3-1
  o Ensure installation of make for building
  o Version 4.4.2-1
  o Don't get stuck at the end of SSL transfers (bsc#1204032)
  o Version 4.4.1-1
  o Bump version to 4.4.0


  o Version 5.0.1-1
  o Use localhost without ssl when running on the server
  o Version 4.4.10-1
  o Update translation strings
  o Version 4.4.9-1
  o Version 4.4.8-1
  o Add spacecmd function: cryptokey_update
  o Bypass traditional systems check on older SUMA instances (bsc#1208612)
  o fix argument parsing of distribution_update (bsc#1210458)
  o Version 4.4.7-1
  o remove pylint check at build time
  o Display activation key details after executing the corresponding command
  o Show targetted packages before actually removing them (bsc#1207830)
  o Version 4.4.6-1
  o Fix spacecmd not showing any output for softwarechannel_diff and
    softwarechannel_errata_diff (bsc#1207352)
  o Version 4.4.5-1
  o Prevent string api parameters to be parsed as dates if not in ISO-8601
    format (bsc#1205759)
  o Add python-dateutil dependency, required to process date values in spacecmd
    api calls
  o Remove python3-simplejson dependency
  o Version 4.4.4-1
  o Correctly understand 'ssm' keyword on scap scheduling
  o Add vendor_advisory information to errata_details call (bsc#1205207)
  o Change default port of "Containerized Proxy configuration" 8022
  o Version 4.4.3-1
  o Added two missing options to schedule product migration:
    allow-vendor-change and remove-products-without-successor (bsc#1204126)
  o Changed schedule product migration to use the correct API method
  o Fix dict_keys not supporting indexing in systems_setconfigchannelorger
  o Added a warning message for traditional stack deprecation
  o Remove "Undefined return code" from debug messages (bsc#1203283)
  o Version 4.4.2-1
  o Stop always showing help for valid proxy_container_config calls
  o Version 4.4.1-1
  o Process date values in spacecmd api calls (bsc#1198903)
  o Improve Proxy FQDN hint message
  o Version 4.3.14-1
  o Fix missing argument on system_listmigrationtargets (bsc#1201003)
  o Show correct help on calling kickstart_importjson with no arguments
  o Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
  o Change proxy container config default filename to end with tar.gz
  o Version 4.3.13-1
  o Update translation strings
  o Version 4.3.12-1
  o Update translation strings
  o Version 4.3.11-1
  o on full system update call schedulePackageUpdate API (bsc#1197507)


  o Version 5.0.1-1
  o Bump version to 5.0.0
  o Version 4.4.7-1
  o Remove unused and deprecated/removed platform.dist import.
  o Version 4.4.6-1
  o Update translation strings
  o Tito requires to list the package source as %{name}-%{version}.tar.gz
  o Version 4.4.5-1
  o remove mgr-virtualization usage
  o remove dependency to suseRegisterInfo
  o Version 4.4.4-1
  o Update translation strings
  o Version 4.4.3-1
  o Update translation strings
  o Version 4.4.2-1
  o Update translation strings
  o Version 4.4.1-1
  o Update translation strings
  o Version 4.3.11-1
  o Update translation strings
  o Version 4.3.10-1


  o Update to version 1.2.2
  o Remove possible passwords from Salt configuration files (bsc#1201059)
  o Update to version 1.2.1
  o Remove ERROR messages on Salt client systems
  o Declare the LICENSE file as license and not doc
  o Update to version 1.2.0
  o Add support for Salt Bundle


  o Version 5.0.1-1
  o Bump version to 5.0.0
  o Version 4.4.2-1
  o write configured crypto-policy in supportconfig
  o add cloud and payg checks
  o Version 4.4.1-1
  o Bump version to 4.4.0
  o Version 4.3.2-1
  o Add proxy containers config and logs


  o Version 5.0.1-1
  o Bump version to 5.0.0
  o Version 4.4.4-1
  o Workaround for python3-debian bug about collecting control file (bsc#
    1211525, bsc#1208692)
  o Accept missing rhn.conf file
  o Use context manager for apache users in fileutils.py.
  o Version 4.4.3-1
  o Ensure installation of make for building.
  o Use versioned Python during packaging.
  o Version 4.4.2-1
  o unify user notification code on java side
  o Version 4.4.1-1
  o Do not allow creating path if nonexistent user or group in fileutils.
  o Version 4.3.5-1
  o Fix reposync issue about 'rpm.hdr' object has no attribute 'get'

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  o SUSE Manager Client Tools Beta for SLE 12
    zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2024-191=1

Package List:

  o SUSE Manager Client Tools Beta for SLE 12 (aarch64 ppc64le s390x x86_64)
      ? prometheus-blackbox_exporter-0.24.0-3.6.3
      ? golang-github-lusitaniae-apache_exporter-1.0.0-4.12.4
      ? grafana-9.5.8-4.21.2
      ? golang-github-prometheus-alertmanager-0.26.0-4.12.4
      ? prometheus-postgres_exporter-0.10.1-3.6.4
      ? golang-github-prometheus-node_exporter-1.5.0-4.15.4
      ? golang-github-boynux-squid_exporter-1.6-4.9.2
      ? python2-uyuni-common-libs-5.0.1-3.33.3
      ? golang-github-QubitProducts-exporter_exporter-0.4.0-4.6.2
      ? prometheus-blackbox_exporter-debuginfo-0.24.0-3.6.3
      ? golang-github-prometheus-promu-0.14.0-4.12.2
      ? golang-github-prometheus-prometheus-2.45.0-4.33.3
  o SUSE Manager Client Tools Beta for SLE 12 (noarch)
      ? spacecmd-5.0.1-41.42.3
      ? python2-rhnlib-5.0.1-24.30.3
      ? system-user-prometheus-1.0.0-3.7.2
      ? python2-mgr-push-5.0.1-4.21.4
      ? python2-hwdata-2.3.5-15.12.2
      ? supportutils-plugin-salt-1.2.2-9.9.2
      ? system-user-grafana-1.0.0-3.7.2
      ? kiwi-desc-saltboot-0.1.1687520761.cefb248-4.15.2
      ? mgr-push-5.0.1-4.21.4
      ? supportutils-plugin-susemanager-client-5.0.1-9.15.2


  o https://www.suse.com/security/cve/CVE-2020-7753.html
  o https://www.suse.com/security/cve/CVE-2021-36222.html
  o https://www.suse.com/security/cve/CVE-2021-3711.html
  o https://www.suse.com/security/cve/CVE-2021-3807.html
  o https://www.suse.com/security/cve/CVE-2021-3918.html
  o https://www.suse.com/security/cve/CVE-2021-39226.html
  o https://www.suse.com/security/cve/CVE-2021-41174.html
  o https://www.suse.com/security/cve/CVE-2021-41244.html
  o https://www.suse.com/security/cve/CVE-2021-43138.html
  o https://www.suse.com/security/cve/CVE-2021-43798.html
  o https://www.suse.com/security/cve/CVE-2021-43813.html
  o https://www.suse.com/security/cve/CVE-2021-43815.html
  o https://www.suse.com/security/cve/CVE-2022-0155.html
  o https://www.suse.com/security/cve/CVE-2022-21673.html
  o https://www.suse.com/security/cve/CVE-2022-21698.html
  o https://www.suse.com/security/cve/CVE-2022-21702.html
  o https://www.suse.com/security/cve/CVE-2022-21703.html
  o https://www.suse.com/security/cve/CVE-2022-21713.html
  o https://www.suse.com/security/cve/CVE-2022-23552.html
  o https://www.suse.com/security/cve/CVE-2022-27191.html
  o https://www.suse.com/security/cve/CVE-2022-27664.html
  o https://www.suse.com/security/cve/CVE-2022-29170.html
  o https://www.suse.com/security/cve/CVE-2022-31097.html
  o https://www.suse.com/security/cve/CVE-2022-31107.html
  o https://www.suse.com/security/cve/CVE-2022-31123.html
  o https://www.suse.com/security/cve/CVE-2022-31130.html
  o https://www.suse.com/security/cve/CVE-2022-32149.html
  o https://www.suse.com/security/cve/CVE-2022-35957.html
  o https://www.suse.com/security/cve/CVE-2022-36062.html
  o https://www.suse.com/security/cve/CVE-2022-39201.html
  o https://www.suse.com/security/cve/CVE-2022-39229.html
  o https://www.suse.com/security/cve/CVE-2022-39306.html
  o https://www.suse.com/security/cve/CVE-2022-39307.html
  o https://www.suse.com/security/cve/CVE-2022-39324.html
  o https://www.suse.com/security/cve/CVE-2022-41715.html
  o https://www.suse.com/security/cve/CVE-2022-41723.html
  o https://www.suse.com/security/cve/CVE-2022-46146.html
  o https://www.suse.com/security/cve/CVE-2023-0507.html
  o https://www.suse.com/security/cve/CVE-2023-0594.html
  o https://www.suse.com/security/cve/CVE-2023-1387.html
  o https://www.suse.com/security/cve/CVE-2023-1410.html
  o https://www.suse.com/security/cve/CVE-2023-2183.html
  o https://www.suse.com/security/cve/CVE-2023-2801.html
  o https://www.suse.com/security/cve/CVE-2023-3128.html
  o https://www.suse.com/security/cve/CVE-2023-40577.html
  o https://bugzilla.suse.com/show_bug.cgi?id=1047218
  o https://bugzilla.suse.com/show_bug.cgi?id=1172110
  o https://bugzilla.suse.com/show_bug.cgi?id=1188571
  o https://bugzilla.suse.com/show_bug.cgi?id=1189520
  o https://bugzilla.suse.com/show_bug.cgi?id=1191454
  o https://bugzilla.suse.com/show_bug.cgi?id=1192154
  o https://bugzilla.suse.com/show_bug.cgi?id=1192383
  o https://bugzilla.suse.com/show_bug.cgi?id=1192696
  o https://bugzilla.suse.com/show_bug.cgi?id=1192763
  o https://bugzilla.suse.com/show_bug.cgi?id=1193492
  o https://bugzilla.suse.com/show_bug.cgi?id=1193686
  o https://bugzilla.suse.com/show_bug.cgi?id=1193688
  o https://bugzilla.suse.com/show_bug.cgi?id=1194873
  o https://bugzilla.suse.com/show_bug.cgi?id=1195726
  o https://bugzilla.suse.com/show_bug.cgi?id=1195727
  o https://bugzilla.suse.com/show_bug.cgi?id=1195728
  o https://bugzilla.suse.com/show_bug.cgi?id=1196338
  o https://bugzilla.suse.com/show_bug.cgi?id=1196652
  o https://bugzilla.suse.com/show_bug.cgi?id=1197507
  o https://bugzilla.suse.com/show_bug.cgi?id=1198903
  o https://bugzilla.suse.com/show_bug.cgi?id=1199810
  o https://bugzilla.suse.com/show_bug.cgi?id=1200480
  o https://bugzilla.suse.com/show_bug.cgi?id=1200591
  o https://bugzilla.suse.com/show_bug.cgi?id=1200725
  o https://bugzilla.suse.com/show_bug.cgi?id=1201003
  o https://bugzilla.suse.com/show_bug.cgi?id=1201059
  o https://bugzilla.suse.com/show_bug.cgi?id=1201535
  o https://bugzilla.suse.com/show_bug.cgi?id=1201539
  o https://bugzilla.suse.com/show_bug.cgi?id=1203283
  o https://bugzilla.suse.com/show_bug.cgi?id=1203596
  o https://bugzilla.suse.com/show_bug.cgi?id=1203597
  o https://bugzilla.suse.com/show_bug.cgi?id=1203599
  o https://bugzilla.suse.com/show_bug.cgi?id=1204032
  o https://bugzilla.suse.com/show_bug.cgi?id=1204089
  o https://bugzilla.suse.com/show_bug.cgi?id=1204126
  o https://bugzilla.suse.com/show_bug.cgi?id=1204302
  o https://bugzilla.suse.com/show_bug.cgi?id=1204303
  o https://bugzilla.suse.com/show_bug.cgi?id=1204304
  o https://bugzilla.suse.com/show_bug.cgi?id=1204305
  o https://bugzilla.suse.com/show_bug.cgi?id=1204501
  o https://bugzilla.suse.com/show_bug.cgi?id=1205207
  o https://bugzilla.suse.com/show_bug.cgi?id=1205225
  o https://bugzilla.suse.com/show_bug.cgi?id=1205227
  o https://bugzilla.suse.com/show_bug.cgi?id=1205759
  o https://bugzilla.suse.com/show_bug.cgi?id=1207352
  o https://bugzilla.suse.com/show_bug.cgi?id=1207749
  o https://bugzilla.suse.com/show_bug.cgi?id=1207750
  o https://bugzilla.suse.com/show_bug.cgi?id=1207830
  o https://bugzilla.suse.com/show_bug.cgi?id=1208046
  o https://bugzilla.suse.com/show_bug.cgi?id=1208049
  o https://bugzilla.suse.com/show_bug.cgi?id=1208051
  o https://bugzilla.suse.com/show_bug.cgi?id=1208060
  o https://bugzilla.suse.com/show_bug.cgi?id=1208062
  o https://bugzilla.suse.com/show_bug.cgi?id=1208064
  o https://bugzilla.suse.com/show_bug.cgi?id=1208065
  o https://bugzilla.suse.com/show_bug.cgi?id=1208270
  o https://bugzilla.suse.com/show_bug.cgi?id=1208293
  o https://bugzilla.suse.com/show_bug.cgi?id=1208298
  o https://bugzilla.suse.com/show_bug.cgi?id=1208612
  o https://bugzilla.suse.com/show_bug.cgi?id=1208692
  o https://bugzilla.suse.com/show_bug.cgi?id=1208719
  o https://bugzilla.suse.com/show_bug.cgi?id=1208819
  o https://bugzilla.suse.com/show_bug.cgi?id=1208821
  o https://bugzilla.suse.com/show_bug.cgi?id=1208965
  o https://bugzilla.suse.com/show_bug.cgi?id=1209113
  o https://bugzilla.suse.com/show_bug.cgi?id=1209645
  o https://bugzilla.suse.com/show_bug.cgi?id=1210458
  o https://bugzilla.suse.com/show_bug.cgi?id=1210907
  o https://bugzilla.suse.com/show_bug.cgi?id=1211525
  o https://bugzilla.suse.com/show_bug.cgi?id=1212099
  o https://bugzilla.suse.com/show_bug.cgi?id=1212100
  o https://bugzilla.suse.com/show_bug.cgi?id=1212279
  o https://bugzilla.suse.com/show_bug.cgi?id=1212641
  o https://bugzilla.suse.com/show_bug.cgi?id=1218843
  o https://bugzilla.suse.com/show_bug.cgi?id=1218844
  o https://jira.suse.com/browse/MSQA-718
  o https://jira.suse.com/browse/PED-2145
  o https://jira.suse.com/browse/PED-2617
  o https://jira.suse.com/browse/PED-3576
  o https://jira.suse.com/browse/PED-3578
  o https://jira.suse.com/browse/PED-3694
  o https://jira.suse.com/browse/PED-4556
  o https://jira.suse.com/browse/PED-5405
  o https://jira.suse.com/browse/PED-5406
  o https://jira.suse.com/browse/PED-7353
  o https://jira.suse.com/browse/SLE-23422
  o https://jira.suse.com/browse/SLE-23439
  o https://jira.suse.com/browse/SLE-24238
  o https://jira.suse.com/browse/SLE-24239
  o https://jira.suse.com/browse/SLE-24565
  o https://jira.suse.com/browse/SLE-24791
  o https://jira.suse.com/browse/SUMA-114

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: https://auscert.org.au/gpg-key/