The remote SUSE Linux SLES15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01989-1 advisory. golang-github-prometheus-prometheus was updated to version 2.53.4: – Security issues fixed: * CVE-2023-45288: Require Go >= 1.23 for building (bsc#1236516) * CVE-2025-22870: Bumped golang.org/x/net to version 0.39.0 (bsc#1238686) – Other bugs fixes from version 2.53.4: * Runtime: fixed GOGC being set to 0 when installed with empty prometheus.yml file resulting high cpu usage * Scrape: fixed dropping valid metrics after previous scrape failed prometheus-blackbox_exporter was updated from version 0.24.0 to 0.26.0 (jsc#PED-12872): – Security issues fixed: * CVE-2025-22870: Fixed proxy bypassing using IPv6 zone IDs (bsc#1238680) * CVE-2023-45288: Fixed closing connections when receiving too many headers (bsc#1236515) – Other changes from version 0.26.0: * Changes: – Replace go-kit/log with log/slog module. * Features: – Add metric to record tls ciphersuite negotiated during handshake. – Add a way to export labels with content matched by the probe. Reports Certificate Serial number. * Enhancement: – Add stale workflow to start sync with stale.yaml in Prometheus. * Bug fixes: – Only register grpc TLS metrics on successful handshake. Tenable has extracted the preceding description block directly from the SUSE security advisory. Note that…Read More