Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

SUSE Alloy Critical Security Update 2026-0327-1 Addresses CVE-2025-31133

suse
Calendar Grey January 28, 2026
Dist Suse Esm H88
This update addresses multiple issues in alloy software critical for SUSE systems and enhances security against potential threats.
An update that solves four vulnerabilities can now be installed.

Summary

## This update for alloy fixes the following issues: Update to 1.12.2: Security fixes: * CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion (bsc#1255333): * CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1255074) Other fixes: - Add missing configuration parameter deployment_name_from_replicaset to k8sattributes processor (5b90a9d) (@dehaansa) - database_observability: Fix schema_details collector to fetch column definitions with case sensitive table names (#4872) (560dff4) (@jharvey10, @fridgepoet) - deps: Update jose2go to 1.7.0 (#4858) (dfdd341) (@jharvey10)

References

* bsc#1255074

* bsc#1255333

Cross-

* CVE-2025-31133

* CVE-2025-52565

* CVE-2025-52881

* CVE-2025-68156

CVSS scores:

* CVE-2025-31133 ( SUSE ): 7.3

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

* CVE-2025-31133 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-31133 ( NVD ): 7.3

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

* CVE-2025-31133 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

* CVE-2025-52565 ( SUSE ): 7.3

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

* CVE-2025-52565 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0327-1
Release Date: 2026-01-28T15:38:59Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here