Detections
Analytics
openSUSE 16 Security Update : kepler (openSUSE-SU-2026:20206-1)
medium Nessus Plugin ID 299127
Synopsis
The remote openSUSE host is missing one or more security updates.Description
The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20206-1 advisory.Update to version 0.11.3.
Security issues fixed:
- CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents (bsc#1251427).
- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input (bsc#1251632).
Other updates and bugfixes:
- Version 0.11.2:
* Fix: Fix node power metrics for Virtual Machines.
* Fix: Resolve an issue with pod energy metrics when a container has no usage.
- Version 0.11.1:
* Fix: Added missing serviceaccount in the Helm chart.
- Version 0.11.0:
* Feature: Added support for platform power metrics (AC).
* Feature: Introduced experimental support for trained power models.
* Fix: Improved the accuracy of power estimation for Virtual Machines.
* Breaking Change: Metrics related to `kepler_vm_` have been refactored.
- Version 0.10.1:
* Feature: Added support for the ARM64 architecture.
* Fix: Addressed issues when running on Virtual Machines without RAPL.
* Fix: Includes several other bug fixes and stability improvements.
- Version 0.10.0:
* Breaking Change: This is a major rewrite with significant architectural changes.
* Breaking Change: Legacy versions (0.9.0 and earlier) are now frozen, with no new features or bug fixes.
* Breaking Change: The configuration format has been updated.
* Breaking Change: The Kepler Model Server is not compatible with this version and above.
* Feature: New modular architecture for better extensibility.
* Feature: Enhanced performance and accuracy with dynamic detection of RAPL zones.
* Feature: Reduced security requirements, no longer needing CAP_SYS_ADMIN or CAP_BPF capabilities.
* Fix: Significantly reduced resource usage.
- Version 0.9.0:
* Note: This is the final legacy release.
* Feature: Added support for GPU power monitoring.
* Feature: Introduced a model server for training power models.
- Version 0.8.2:
* Fix: Addressed a bug in RAPL power calculation on multi-socket systems.
- Version 0.8.1:
* Fix: This version includes multiple bug fixes and stability improvements.
- Version 0.8.0:
* Feature: Introduced a new estimator framework.
* Breaking Change: The API is backward incompatible with previous versions.
- Version 0.7.12:
* Fix: This version includes multiple bug fixes and stability improvements.
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected kepler package.See Also
https://www.suse.com/security/cve/CVE-2025-47911
https://www.suse.com/security/cve/CVE-2025-58190
Plugin Details
Severity: Medium
ID: 299127
File Name: openSUSE-2026-20206-1.nasl
Version: 1.1
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 2/15/2026
Updated: 2/15/2026
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS Score Source: CVE-2025-58190
CVSS v3
Risk Factor: Medium
Base Score: 5.3
Temporal Score: 4.6
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:kepler
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 2/13/2026
Vulnerability Publication Date: 10/23/2025
Reference Information
CVE: CVE-2025-47911, CVE-2025-58190