golang-github-prometheus-prometheus-2.48.1-2.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13604-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z golang-github-prometheus-prometheus-2.48.1-2.1 on GA media These are all security issues fixed in the golang-github-prometheus-prometheus-2.48.1-2.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13604 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-41715/ SUSE CVE CVE-2022-41715 page openSUSE Tumbleweed golang-github-prometheus-prometheus-2.48.1-2.1 golang-github-prometheus-prometheus-2.48.1-2.1 as a component of openSUSE Tumbleweed Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. CVE-2022-41715 openSUSE Tumbleweed:golang-github-prometheus-prometheus-2.48.1-2.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-41715.html CVE-2022-41715 https://bugzilla.suse.com/1204023 SUSE Bug 1204023 https://bugzilla.suse.com/1208441 SUSE Bug 1208441