SUSE-SU-2026:0327-1
- Source
- https://www.suse.com/support/update/announcement/2026/suse-su-20260327-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:0327-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2026:0327-1
- Upstream
- Related
- Published
- 2026-01-28T15:38:58Z
- Modified
- 2026-03-11T07:31:34.196171Z
- Summary
- Security update for alloy
- Details
-
This update for alloy fixes the following issues:
Update to 1.12.2:
Security fixes:
- CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion (bsc#1255333):
- CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1255074)
Other fixes:
- Add missing configuration parameter deployment_name_from_replicaset to k8sattributes processor (5b90a9d) (@dehaansa) - database_observability: Fix schema_details collector to fetch column definitions with case sensitive table names (#4872) (560dff4) (@jharvey10, @fridgepoet) - deps: Update jose2go to 1.7.0 (#4858) (dfdd341) (@jharvey10) - deps: Update npm dependencies [backport] (#5201) (8e06c26) (@jharvey10) - Ensure the squid exporter wrapper properly brackets ipv6 addresses [backport] (#5205) (e329cc6) (@dehaansa) - Preserve meta labels in loki.source.podlogs (#5097) (ab4b21e) (@kalleep) - Prevent panic in import.git when update fails [backport] (#5204) (c82fbae) (@dehaansa, @jharvey10) - show correct fallback alloy version instead of v1.13.0 (#5110) (b72be99) (@dehaansa, @jharvey10) - References
-
- https://www.suse.com/support/update/announcement/2026/suse-su-20260327-1/
- https://bugzilla.suse.com/1255074
- https://bugzilla.suse.com/1255333
- https://www.suse.com/security/cve/CVE-2025-31133
- https://www.suse.com/security/cve/CVE-2025-52565
- https://www.suse.com/security/cve/CVE-2025-52881
- https://www.suse.com/security/cve/CVE-2025-68156