Описание
Security update for kepler
This update for kepler fixes the following issues:
Update to version 0.11.3.
Security issues fixed:
- CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents (bsc#1251427).
- CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by
html.ParseFragmentwhen processing specially crafted input (bsc#1251632).
Other updates and bugfixes:
-
Version 0.11.2:
- Fix: Fix node power metrics for Virtual Machines.
- Fix: Resolve an issue with pod energy metrics when a container has no usage.
-
Version 0.11.1:
- Fix: Added missing serviceaccount in the Helm chart.
-
Version 0.11.0:
- Feature: Added support for platform power metrics (AC).
- Feature: Introduced experimental support for trained power models.
- Fix: Improved the accuracy of power estimation for Virtual Machines.
- Breaking Change: Metrics related to
kepler_vm_have been refactored.
-
Version 0.10.1:
- Feature: Added support for the ARM64 architecture.
- Fix: Addressed issues when running on Virtual Machines without RAPL.
- Fix: Includes several other bug fixes and stability improvements.
-
Version 0.10.0:
- Breaking Change: This is a major rewrite with significant architectural changes.
- Breaking Change: Legacy versions (0.9.0 and earlier) are now frozen, with no new features or bug fixes.
- Breaking Change: The configuration format has been updated.
- Breaking Change: The Kepler Model Server is not compatible with this version and above.
- Feature: New modular architecture for better extensibility.
- Feature: Enhanced performance and accuracy with dynamic detection of RAPL zones.
- Feature: Reduced security requirements, no longer needing CAP_SYS_ADMIN or CAP_BPF capabilities.
- Fix: Significantly reduced resource usage.
-
Version 0.9.0:
- Note: This is the final legacy release.
- Feature: Added support for GPU power monitoring.
- Feature: Introduced a model server for training power models.
-
Version 0.8.2:
- Fix: Addressed a bug in RAPL power calculation on multi-socket systems.
-
Version 0.8.1:
- Fix: This version includes multiple bug fixes and stability improvements.
-
Version 0.8.0:
- Feature: Introduced a new estimator framework.
- Breaking Change: The API is backward incompatible with previous versions.
-
Version 0.7.12:
- Fix: This version includes multiple bug fixes and stability improvements.
Список пакетов
openSUSE Leap 16.0
kepler-0.11.3-160000.1.1
Ссылки
- SUSE Security Ratings
- SUSE Bug 1251427
- SUSE Bug 1251632
- SUSE CVE CVE-2025-47911 page
- SUSE CVE CVE-2025-58190 page
Описание
The html.Parse function in golang.org/x/net/html has quadratic parsing complexity when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
Затронутые продукты
openSUSE Leap 16.0:kepler-0.11.3-160000.1.1
Ссылки
- CVE-2025-47911
- SUSE Bug 1251308
Описание
The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.
Затронутые продукты
openSUSE Leap 16.0:kepler-0.11.3-160000.1.1
Ссылки
- CVE-2025-58190
- SUSE Bug 1251309