Explore top 10 tips to secure your open-source projects now. Read More
×
This update for alloy fixes the following issues:
Update to version 1.17.0.
Security issues fixed:
- CVE-2026-25680: golang.org/x/net/html: parsing arbitrary HTML can consume excessive CPU time, possibly leading to
denial of service (bsc#1267185).
- CVE-2026-25681: golang.org/x/net/html: parsing arbitrary HTML which is then rendered using Render can result in an
unexpected HTML tree and allows for XSS (bsc#1267185).
- CVE-2026-27136: golang.org/x/net/html: parsing arbitrary HTML which is then rendered using Render can result in an
unexpected HTML tree and allows for XSS (bsc#1267185).
- CVE-2026-33532: yaml: parsing input with deeply nestes collections may throw a `RangeError` due to a stack overflow
and cause to a denial of service (bsc#1260981).
- CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only Punycode-encoded labels allows for validation
bypass and privilege escalation (bsc#1266654).
- CVE-2026-39827: golang.org/x/crypto/ssh: authenticated SSH...
Read the Full Advisory- openSUSE Leap 16.0:
alloy-1.17.0-160000.1.1
* bsc#1260981
* bsc#1265440
* bsc#1266196
* bsc#1266654
* bsc#1267185
* bsc#1267333
* bsc#1267481
* bsc#1267485
* bsc#1267488
* bsc#1267489
References:
* https://www.suse.com/security/cve/CVE-2026-25680.html
* https://www.suse.com/security/cve/CVE-2026-25681.html
* https://www.suse.com/security/cve/CVE-2026-27136.html
* https://www.suse.com/security/cve/CVE-2026-33532.html
* https://www.suse.com/security/cve/CVE-2026-39821.html
* https://www.suse.com/security/cve/CVE-2026-39827.html
* https://www.suse.com/security/cve/CVE-2026-39828.html
* https://www.suse.com/security/cve/CVE-2026-39829.html
* https://www.suse.com/security/cve/CVE-2026-39830.html
* https://www.suse.com/security/cve/CVE-2026-39831.html
* https://www.suse.com/security/cve/CVE-2026-39832.html
* https://www.suse.com/security/cve/CVE-2026-39833.html
* https://www.suse.com/security/cve/CVE-2026-39834.html
* https://www.suse.com/security/cve/CVE-2026-39835.html
* https://www.suse.com/security/cve/CVE-2026-41889.html
*...
Read the Full AdvisoryGet the latest Linux and open source security news straight to your inbox.