SUSE-SU-2025:0546-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2025/suse-su-20250546-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:0546-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2025:0546-1

Related

CVE-2024-51744

Published

2025-02-14T07:24:38Z

Modified

2025-02-14T07:24:38Z

Summary

Security update golang-github-prometheus-prometheus

Details

golang-github-prometheus-prometheus was updated from version 2.45.6 to 2.53.3 (jsc#PED-11649):

Security issues fixed:
- CVE-2024-51744: Updated golang-jwt to version 5.0 to fix bad error handling (bsc#1232970)
Highlights of other changes:
- Performance:
  - Significant enhancements to PromQL execution speed, TSDB operations (especially querying and compaction) and remote write operations.
  - Default GOGC value lowered to 75 for better memory management.
  - Option to limit memory usage from dropped targets added.
- New Features:
  - Experimental OpenTelemetry ingestion.
  - Automatic memory limit handling.
  - Native histogram support, including new functions, UI enhancements, and improved scraping.
  - Improved alerting features, such as relabeling rules for AlertmanagerConfig and a new query_offset option.
  - Expanded service discovery options with added metadata and support for new services.
  - New promtool commands for PromQL formatting, label manipulation, metric pushing, and OpenMetrics dumping.
- Bug Fixes:
  - Numerous fixes across scraping, API, TSDB, PromQL, and service discovery.
- For a detailed list of changes consult the package changelog or https://github.com/prometheus/prometheus/compare/v2.45.6...v2.53.3

References

Affected packages

SUSE:Linux Enterprise Module for Package Hub 15 SP6 / golang-github-prometheus-prometheus

Package

Name: golang-github-prometheus-prometheus
Purl: pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.53.3-150100.4.23.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-prometheus": "2.53.3-150100.4.23.1"
        }
    ]
}

SUSE:Manager Proxy Module 4.3 / golang-github-prometheus-prometheus

Package

Name: golang-github-prometheus-prometheus
Purl: pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Proxy%20Module%204.3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.53.3-150100.4.23.1

Ecosystem specific

{
    "binaries": [
        {
            "golang-github-prometheus-prometheus": "2.53.3-150100.4.23.1"
        }
    ]
}

openSUSE:Leap 15.6 / golang-github-prometheus-prometheus

Package

Name: golang-github-prometheus-prometheus
Purl: pkg:rpm/opensuse/golang-github-prometheus-prometheus&distro=openSUSE%20Leap%2015.6

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.53.3-150100.4.23.1

Ecosystem specific

{
    "binaries": [
        {
            "firewalld-prometheus-config": "0.1-150100.4.23.1",
            "golang-github-prometheus-prometheus": "2.53.3-150100.4.23.1"
        }
    ]
}