Security update for golang-github-prometheus-alertmanager

Announcement ID:	SUSE-SU-2025:4481-1
Release Date:	2025-12-18T12:19:03Z
Rating:	moderate
References:	bsc#1247748 jsc#MSQA-1034 jsc#PED-13285
Cross-References:	CVE-2025-47908
CVSS scores:	CVE-2025-47908 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N CVE-2025-47908 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2025-47908 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products:	openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap 15.5 openSUSE Leap 15.6 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise Desktop 15 SP4 SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise Desktop 15 SP7 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise Real Time 15 SP1 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Real Time 15 SP4 SUSE Linux Enterprise Real Time 15 SP5 SUSE Linux Enterprise Real Time 15 SP6 SUSE Linux Enterprise Real Time 15 SP7 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server 15 SP7 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Linux Enterprise Server for SAP Applications 15 SP7 SUSE Manager Client Tools for SLE 15 SUSE Manager Proxy 4.3 SUSE Manager Proxy 4.3 LTS SUSE Manager Retail Branch Server 4.3 SUSE Package Hub 15 15-SP6 SUSE Package Hub 15 15-SP7

An update that solves one vulnerability and contains two features can now be installed.

Description:

This update for golang-github-prometheus-alertmanager fixes the following issues:

• Update to version 0.28.1 (jsc#PED-13285):
• Improved performance of inhibition rules when using Equal labels.
• Improve the documentation on escaping in UTF-8 matchers.
• Update alertmanager_config_hash metric help to document the hash is not cryptographically strong.
• Fix panic in amtool when using --verbose.
• Fix templating of channel field for Rocket.Chat.
• Fix rocketchat_configs written as rocket_configs in docs.
• Fix usage for --enable-feature flag.
• Trim whitespace from OpsGenie API Key.
• Fix Jira project template not rendered when searching for existing issues.
• Fix subtle bug in JSON/YAML encoding of inhibition rules that would cause Equal labels to be omitted.
• Fix header for slack_configs in docs.
• Fix weight and wrap of Microsoft Teams notifications.
• Upgrade to version 0.28.0:
• CVE-2025-47908: Bump github.com/rs/cors (bsc#1247748).
• Templating errors in the SNS integration now return an error.
• Adopt log/slog, drop go-kit/log.
• Add a new Microsoft Teams integration based on Flows.
• Add a new Rocket.Chat integration.
• Add a new Jira integration.
• Add support for GOMEMLIMIT, enable it via the feature flag --enable-feature=auto-gomemlimit.
• Add support for GOMAXPROCS, enable it via the feature flag --enable-feature=auto-gomaxprocs.
• Add support for limits of silences including the maximum number of active and pending silences, and the maximum size per silence (in bytes). You can use the flags --silences.max-silences and --silences.max-silence-size-bytes to set them accordingly.
• Muted alerts now show whether they are suppressed or not in both the /api/v2/alerts endpoint and the Alertmanager UI.
• Upgrade to version 0.27.0:
• API: Removal of all api/v1/ endpoints. These endpoints now log and return a deprecation message and respond with a status code of 410.
• UTF-8 Support: Introduction of support for any UTF-8 character as part of label names and matchers.
• Discord Integration: Enforce max length in message.
• Metrics: Introduced the experimental feature flag --enable-feature=receiver-name-in-metrics to include the receiver name.
• Metrics: Introduced a new gauge named alertmanager_inhibition_rules that counts the number of configured inhibition rules.
• Metrics: Introduced a new counter named alertmanager_alerts_supressed_total that tracks muted alerts, it contains a reason label to indicate the source of the mute.
• Discord Integration: Introduced support for webhook_url_file.
• Microsoft Teams Integration: Introduced support for webhook_url_file.
• Microsoft Teams Integration: Add support for summary.
• Metrics: Notification metrics now support two new values for the label reason, contextCanceled and contextDeadlineExceeded.
• Email Integration: Contents of auth_password_file are now trimmed of prefixed and suffixed whitespace.
• amtool: Fixes the error scheme required for webhook url when using amtool with --alertmanager.url.
• Mixin: Fix AlertmanagerFailedToSendAlerts, AlertmanagerClusterFailedToSendAlerts, and AlertmanagerClusterFailedToSendAlerts to make sure they ignore the reason label.

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Package Hub 15 15-SP7
  zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP7-2025-4481=1
• SUSE Manager Proxy 4.3 LTS
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-LTS-2025-4481=1
• openSUSE Leap 15.6
  zypper in -t patch openSUSE-SLE-15.6-2025-4481=1
• SUSE Manager Client Tools for SLE 15
  zypper in -t patch SUSE-SLE-Manager-Tools-15-2025-4481=1
• SUSE Package Hub 15 15-SP6
  zypper in -t patch SUSE-SLE-Module-Packagehub-Subpackages-15-SP6-2025-4481=1

Package List:

• SUSE Package Hub 15 15-SP7 (aarch64 ppc64le s390x x86_64)
  • golang-github-prometheus-alertmanager-0.28.1-150100.4.28.2
  • golang-github-prometheus-alertmanager-debuginfo-0.28.1-150100.4.28.2
• SUSE Manager Proxy 4.3 LTS (x86_64)
  • golang-github-prometheus-alertmanager-0.28.1-150100.4.28.2
• openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64)
  • golang-github-prometheus-alertmanager-0.28.1-150100.4.28.2
  • golang-github-prometheus-alertmanager-debuginfo-0.28.1-150100.4.28.2
• SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64)
  • golang-github-prometheus-alertmanager-0.28.1-150100.4.28.2
• SUSE Package Hub 15 15-SP6 (aarch64 ppc64le s390x x86_64)
  • golang-github-prometheus-alertmanager-0.28.1-150100.4.28.2
  • golang-github-prometheus-alertmanager-debuginfo-0.28.1-150100.4.28.2

References:

• https://www.suse.com/security/cve/CVE-2025-47908.html
• https://bugzilla.suse.com/show_bug.cgi?id=1247748
• https://jira.suse.com/browse/MSQA-1034
• https://jira.suse.com/browse/PED-13285