Alerts This Week
Warning Icon 1 606
Alerts This Week
Warning Icon 1 606

SUSE Alloy Important Fixes for Denial of Service and More 2026-2438-1

suse
Calendar Grey June 17, 2026
Dist Suse Esm H88
Update for SUSE addresses six issues in alloy, including critical security flaws leading to denial of service. Install now!
An update that solves six vulnerabilities and contains one feature can now be installed.

Summary

## This update for alloy fixes the following issues Security issues: * CVE-2026-4427: github.com/jackc/pgproto3/v2: improper validation of field length allows a malicious PostgreSQL server to crash a client application via a DataRow message (bsc#1259919). * CVE-2026-25934: github.com/go-git/go-git/v5: improper verification of data integrity values for .pack and .idx files can lead to the consumption of corrupted files (bsc#1258099). * CVE-2026-26958: filippo.io/edwards25519: failure to initialize receiver in MultiScalarMult can produce invalid results and lead to undefined behavior (bsc#1258609). * CVE-2026-33186: google.golang.org/grpc: authorization bypass due to improper validation of the HTTP/2: path pseudo- header (bsc#1260317).

Topics%20covered

Topics Covered

security advisory denial of service SuSE important authorization bypass alloy

References

* bsc#1258099

* bsc#1258609

* bsc#1259919

* bsc#1260317

* bsc#1262955

* bsc#1263530

* jsc#PED-14815

Cross-

* CVE-2026-25934

* CVE-2026-26958

* CVE-2026-33186

* CVE-2026-34986

* CVE-2026-41602

* CVE-2026-4427

CVSS scores:

* CVE-2026-25934 ( SUSE ): 5.3

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

* CVE-2026-25934 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

* CVE-2026-25934 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

* CVE-2026-25934 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

* CVE-2026-26958 ( SUSE ): 8.3

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N

* CVE-2026-26958 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L

* CVE-2026-26958 ( NVD ): 1.7

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:2438-1
Release Date: 2026-06-17T14:45:02Z
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service SuSE important authorization bypass alloy

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here