Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

openSUSE: 2025-20073-1 Alloy Moderate Fix for Sens. Info Leak

opensuse
Calendar Grey November 21, 2025
Dist Opensuse Esm H88
This openSUSE advisory informs users about two vulnerabilities in alloy and how to resolve them with an update.
An update that solves 2 vulnerabilities and has 2 bug fixes can now be installed.

Description

This update for alloy fixes the following issues:

- CVE-2025-58058: Removed dependency on vulnerable github.com/ulikunitz/xz (bsc#1248960).

- CVE-2025-11065: Fixed sensitive information leak in logs (bsc#1250621).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-47=1

Topics%20covered

Topics Covered

security advisory moderate update sensitive information OpenSUSE alloy

Patch

Package List

- openSUSE Leap 16.0:

alloy-1.11.3-160000.1.1

References

* bsc#1248960

* bsc#1250621

References:

* https://www.suse.com/security/cve/CVE-2025-11065.html

* https://www.suse.com/security/cve/CVE-2025-58058.html

Announcement ID: openSUSE-SU-2025-20073-1
Rating: moderate
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Topics%20covered

Topics Covered

security advisory moderate update sensitive information OpenSUSE alloy

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here