Detections
Analytics

SUSE SLES12 : Security update 5.0.7 for Multi-Linux Manager Client Tools (SUSE-SU-2026:1011-1)

medium Nessus Plugin ID 303775

Synopsis

The remote SUSE host is missing a security update.

Description

The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1011-1 advisory.

 golang-github-QubitProducts-exporter_exporter:

 - Non-customer-facing optimization and update

 golang-github-boynux-squid_exporter:

 - Version update from 1.6.0 to 1.13.0 with the following highlighted changes and fixes (jsc#PED-14971):

 * Added compatibility for Squid 6 and support for the squid-internal-mgr metrics path.
 * Added TLS and Basic Authentication to the exporters web interface.
 * Added support for the exporter to authenticate against the Squid proxy itself.
 * Allow the gathering of process information without requiring root privileges
 * The exporter can now be configured using environment variables
 * Added support for custom labels to all exported metrics for better data filtering.
 * New metrics to track if Squid is running (squid_up), how long a scrape takes, and if any errors occurred.
 * Added 'service time' metrics to analyze proxy speed and performance.
 * Added a metric for open file descriptors (process_open_fds) to help prevent connection bottlenecks.
 * Corrected the squid_client_http_requests_total metric to ensure accurate reporting.

 golang-github-lusitaniae-apache_exporter:

 - Version update from 1.0.8 to 1.0.10:

 * Updated github.com/prometheus/client_golang to 1.21.1
 * Updated github.com/prometheus/common to 0.63.0
 * Updated github.com/prometheus/exporter-toolkit to 0.14.0
 * Fixed signal handler logging
 * Migrated logging to log/slog

 golang-github-prometheus-alertmanager:

 - Non-customer-facing optimization and update

 golang-github-prometheus-node_exporter:

 - Non-customer-facing optimization and update

 golang-github-prometheus-promu:

 - Non-customer-facing optimization and update

 spacecmd:

 - Version 5.0.15-0
 * Fix typo in spacecmd help ca-cert flag (bsc#1253174)
 * Convert cached IDs to int (bsc#1251995)
 * Fix spacecmd binary file upload (bsc#1253659)

 uyuni-tools:

 - Version 0.1.38-0
 * Fix cobbler config migration to standalone files (bsc#1256803)
 * Detect custom apache and squid config in the /etc/uyuni/proxy folder
 * Add ssh tuning to configure sshd (bsc#1253738)
 * Ignore supportconfig errors (bsc#1255781)
 * Bump the default image tag to 5.0.7
 * Remove cgroup mount for podman containers (bsc#1253347)
 * Registry flag can be a string (bsc#1254589)
 * Use static supportconfig name to avoid dynamic search (bsc#1257941)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected golang-github-prometheus-node_exporter package.

See Also

https://bugzilla.suse.com/1251995

https://bugzilla.suse.com/1253174

https://bugzilla.suse.com/1253347

https://bugzilla.suse.com/1253659

https://bugzilla.suse.com/1253738

https://bugzilla.suse.com/1254589

https://bugzilla.suse.com/1255781

https://bugzilla.suse.com/1256803

https://bugzilla.suse.com/1257941

http://www.nessus.org/u?1ea63cad

https://www.suse.com/security/cve/CVE-2025-1365

Plugin Details

Severity: Medium

ID: 303775

File Name: suse_SU-2026-1011-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 3/26/2026

Updated: 3/26/2026

Supported Sensors: Nessus Agent, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2025-1365

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: Medium

Base Score: 4.8

Threat Score: 1.9

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:12, p-cpe:/a:novell:suse_linux:golang-github-prometheus-node_exporter

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/25/2026

Vulnerability Publication Date: 2/16/2025

Reference Information

CVE: CVE-2025-1365

SuSE: SUSE-SU-2026:1011-1