Improper Input Validation Affecting golang-github-prometheus-promu package, versions <0.14.0-150000.3.18.2
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES155-GOLANGGITHUBPROMETHEUSPROMU-6810274
- published 7 May 2024
- disclosed 6 May 2024
How to fix?
Upgrade SLES:15.5 golang-github-prometheus-promu to version 0.14.0-150000.3.18.2 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream golang-github-prometheus-promu package and not the golang-github-prometheus-promu package as distributed by SLES.
See How to fix? for SLES:15.5 relevant fixed versions and status.
An input validation vulnerability was found in Ansible's mysql_user module before 2.2.1.0, which may fail to correctly change a password in certain circumstances. Thus the previous password would still be active when it should have been changed.
References
- https://www.suse.com/security/cve/CVE-2016-8647.html
- https://lists.suse.com/pipermail/sle-updates/2024-May/035168.html
- https://www.suse.com/support/update/announcement/2024/suse-su-20241509-1/
- https://bugzilla.suse.com/1008037
- https://bugzilla.suse.com/1008038
- https://bugzilla.suse.com/1010940
- https://bugzilla.suse.com/1019021
- https://bugzilla.suse.com/1038785
- https://bugzilla.suse.com/1059235
- https://bugzilla.suse.com/1099805
- https://bugzilla.suse.com/1166389
- https://bugzilla.suse.com/1171823
- https://bugzilla.suse.com/1174145
- https://bugzilla.suse.com/1174302
- https://bugzilla.suse.com/1175993
- https://bugzilla.suse.com/1177948
- https://bugzilla.suse.com/1216854
- https://bugzilla.suse.com/1219002
- https://bugzilla.suse.com/1219912
- https://bugzilla.suse.com/1221092
- https://bugzilla.suse.com/1221465
- https://bugzilla.suse.com/1222155
- https://www.suse.com/security/cve/CVE-2016-8614/
- https://www.suse.com/security/cve/CVE-2016-8628/
- https://www.suse.com/security/cve/CVE-2016-8647/
- https://www.suse.com/security/cve/CVE-2016-9587/
- https://www.suse.com/security/cve/CVE-2017-7550/
- https://www.suse.com/security/cve/CVE-2018-10874/
- https://www.suse.com/security/cve/CVE-2020-10744/
- https://www.suse.com/security/cve/CVE-2020-14330/
- https://www.suse.com/security/cve/CVE-2020-14332/
- https://www.suse.com/security/cve/CVE-2020-14365/
- https://www.suse.com/security/cve/CVE-2020-1753/
- https://www.suse.com/security/cve/CVE-2023-5764/
- https://www.suse.com/security/cve/CVE-2023-6152/
- https://www.suse.com/security/cve/CVE-2024-0690/
- https://www.suse.com/security/cve/CVE-2024-1313/
- https://www.suse.com/support/security/rating/
- https://github.com/ansible/ansible-modules-core/pull/5388
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8647
- https://access.redhat.com/errata/RHSA-2017:1685
- https://access.redhat.com/security/cve/CVE-2016-8647
- https://bugzilla.redhat.com/show_bug.cgi?id=1396174