Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

openSUSE Leap 16.0 Alloy Important Authorization Bypass Vuln 2026-20752-1

opensuse
Calendar Grey May 19, 2026
Dist Opensuse Esm H88
Update for openSUSE solves 4 vulnerabilities and 4 bug fixes for alloy, ensuring better security and performance.
An update that solves 4 vulnerabilities and has 4 bug fixes can now be installed.

Description

This update for alloy fixes the following issues

Security issues:

- CVE-2026-4427: github.com/jackc/pgproto3/v2: improper validation of field length allows a malicious PostgreSQL server

to crash a client application via a DataRow message (bsc#1259919).

- CVE-2026-25934: github.com/go-git/go-git/v5: improper verification of data integrity values for .pack and .idx files

can lead to the consumption of corrupted files (bsc#1258099).

- CVE-2026-26958: filippo.io/edwards25519: failure to initialize receiver in MultiScalarMult can produce invalid results

and lead to undefined behavior (bsc#1258609).

- CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo-

header (bsc#1260317).

Non security issue:

- Updated to 1.16.0

- Use systemd tmpfiles.d to create /var/lib/alloy hierarchy (jsc#PED-14815)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

alloy-1.16.0-160000.1.1

References

* bsc#1258099

* bsc#1258609

* bsc#1259919

* bsc#1260317

References:

* https://www.suse.com/security/cve/CVE-2026-25934.html

* https://www.suse.com/security/cve/CVE-2026-26958.html

* https://www.suse.com/security/cve/CVE-2026-33186.html

* https://www.suse.com/security/cve/CVE-2026-4427.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20752-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here