Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 501
Alerts This Week
Warning Icon 1 501

SUSE: Alloy Important Memory Consumption DoS Vuln 2026:0028-1

suse
Calendar Grey January 5, 2026
Dist Suse Esm H88
Update resolves three security issues in alloy, enhancing system stability and performance against potential attacks.
An update that solves three vulnerabilities can now be installed.

Summary

## This update for alloy fixes the following issues: Upgrade to version 1.12.1. Security issues fixed: * CVE-2025-47911: golang.org/x/net/html: quadratic complexity algorithms used when parsing untrusted HTML documents (bsc#1251509). * CVE-2025-47913: golang.org/x/crypto: early client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253609). * CVE-2025-58190: golang.org/x/net/html: excessive memory consumption by `html.ParseFragment` when processing specially crafted input (bsc#1251716). Other updates and bugfixes: * Version 1.12.1: * Bugfixes * update to Beyla 2.7.10. * Version 1.12.0: * Breaking changes

References

* bsc#1251509

* bsc#1251716

* bsc#1253609

Cross-

* CVE-2025-47911

* CVE-2025-47913

* CVE-2025-58190

CVSS scores:

* CVE-2025-47911 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2025-47911 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-47913 ( SUSE ): 8.7

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-47913 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-47913 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-58190 ( SUSE ): 6.9

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2025-58190 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* Basesystem Module 15-SP7

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0028-1
Release Date: 2026-01-05T12:53:12Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.