SUSE Package Hub - SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-1992

Update Info

SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-1992

Security update for golang-github-prometheus-alertmanager

Type: security

Severity: moderate

Issued: 2025-06-18

Description:

This update for golang-github-prometheus-alertmanager fixes the following issues:

- Security: 
  * CVE-2025-22870: Fix proxy bypassing using IPv6 zone IDs (bsc#1238686)
  * CVE-2023-45288: Fix HTTP/2 CONTINUATION flood in net/http (bsc#1236516)

References

jira: MSQA-992 https://jira.suse.com/browse/MSQA-992
CVE: CVE-2025-22870
CVE: CVE-2023-45288
Bugzilla: 1238686 VUL-0: CVE-2025-22870: golang-github-prometheus-node_exporter,golang-github-prometheus-prometheus,golang-github-prometheus-alertmanager: golang.org/x/net/proxy,golang.org/x/net/http/httpproxy: proxy bypass using IPv6 zone IDs
Bugzilla: 1236516 VUL-0: CVE-2023-45288: golang-github-prometheus-alertmanager,golang-github-prometheus-node_exporter,golang-github-prometheus-prometheus: golang.org/x/net/http2: close connections when receiving too many headers

Packages

golang-github-prometheus-alertmanager-0.26.0-150100.4.25.2