{"affected":[{"ecosystem_specific":{"binaries":[{"golang-github-prometheus-prometheus":"2.53.4-150100.4.26.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP6","name":"golang-github-prometheus-prometheus","purl":"pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.53.4-150100.4.26.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-prometheus-prometheus":"2.53.4-150100.4.26.2"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Package Hub 15 SP7","name":"golang-github-prometheus-prometheus","purl":"pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.53.4-150100.4.26.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"golang-github-prometheus-prometheus":"2.53.4-150100.4.26.2"}]},"package":{"ecosystem":"SUSE:Manager Proxy Module 4.3","name":"golang-github-prometheus-prometheus","purl":"pkg:rpm/suse/golang-github-prometheus-prometheus&distro=SUSE%20Manager%20Proxy%20Module%204.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.53.4-150100.4.26.2"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"firewalld-prometheus-config":"0.1-150100.4.26.2","golang-github-prometheus-prometheus":"2.53.4-150100.4.26.2"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"golang-github-prometheus-prometheus","purl":"pkg:rpm/opensuse/golang-github-prometheus-prometheus&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.53.4-150100.4.26.2"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for golang-github-prometheus-prometheus fixes the following issues:\n\n- Security issues fixed:\n  * CVE-2023-45288: Require Go >= 1.23 for building (bsc#1236516)\n  * CVE-2025-22870: Bump golang.org/x/net to version 0.39.0 (bsc#1238686)\n\n- Version was updated to 2.53.4 with the following bug fixes:   \n  * Runtime: fix GOGC is being set to 0 when installed\n    with empty prometheus.yml file resulting high cpu usage\n  * Scrape: fix dropping valid metrics after previous\n    scrape failed\n  ","id":"SUSE-SU-2025:01990-1","modified":"2025-06-18T02:11:49Z","published":"2025-06-18T02:11:49Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202501990-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1208752"},{"type":"REPORT","url":"https://bugzilla.suse.com/1236516"},{"type":"REPORT","url":"https://bugzilla.suse.com/1238686"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-45288"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-22870"}],"related":["CVE-2023-45288","CVE-2025-22870"],"summary":"Security update for golang-github-prometheus-prometheus","upstream":["CVE-2023-45288","CVE-2025-22870"]}