SUSE-SU-2026:22575-1: important: Security update for alloy

SLE-UPDATES null at suse.de
Tue Jul 14 16:32:14 UTC 2026


# Security update for alloy

Announcement ID: SUSE-SU-2026:22575-1  
Release Date: 2026-07-07T17:00:29Z  
Rating: important  
References:

  * bsc#1260981
  * bsc#1265440
  * bsc#1266196
  * bsc#1266654
  * bsc#1267185
  * bsc#1267333
  * bsc#1267481
  * bsc#1267485
  * bsc#1267488
  * bsc#1267489

  
Cross-References:

  * CVE-2026-25680
  * CVE-2026-25681
  * CVE-2026-27136
  * CVE-2026-33532
  * CVE-2026-39821
  * CVE-2026-39827
  * CVE-2026-39828
  * CVE-2026-39829
  * CVE-2026-39830
  * CVE-2026-39831
  * CVE-2026-39832
  * CVE-2026-39833
  * CVE-2026-39834
  * CVE-2026-39835
  * CVE-2026-41889
  * CVE-2026-42502
  * CVE-2026-42506
  * CVE-2026-42508
  * CVE-2026-44740
  * CVE-2026-45678
  * CVE-2026-45682
  * CVE-2026-45685
  * CVE-2026-45686
  * CVE-2026-46595
  * CVE-2026-46597
  * CVE-2026-46598

  
CVSS scores:

  * CVE-2026-25680 ( SUSE ):  8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-25680 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-25680 ( NVD ):  6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  * CVE-2026-25681 ( SUSE ):  5.3
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
  * CVE-2026-25681 ( SUSE ):  6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  * CVE-2026-25681 ( NVD ):  6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  * CVE-2026-27136 ( SUSE ):  5.3
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
  * CVE-2026-27136 ( SUSE ):  6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  * CVE-2026-27136 ( NVD ):  6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  * CVE-2026-33532 ( SUSE ):  5.3
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
  * CVE-2026-33532 ( SUSE ):  4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  * CVE-2026-33532 ( NVD ):  4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
  * CVE-2026-39821 ( SUSE ):  9.1
    CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
  * CVE-2026-39821 ( SUSE ):  7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  * CVE-2026-39821 ( NVD ):  9.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
  * CVE-2026-39821 ( NVD ):  8.2 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N
  * CVE-2026-39827 ( SUSE ):  7.1
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-39827 ( SUSE ):  6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-39827 ( NVD ):  6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-39828 ( SUSE ):  8.6
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
  * CVE-2026-39828 ( SUSE ):  8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  * CVE-2026-39828 ( NVD ):  6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
  * CVE-2026-39828 ( NVD ):  8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2026-39829 ( SUSE ):  8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-39829 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-39829 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-39829 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-39830 ( SUSE ):  7.1
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-39830 ( SUSE ):  6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-39830 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-39830 ( NVD ):  9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  * CVE-2026-39831 ( SUSE ):  8.6
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
  * CVE-2026-39831 ( SUSE ):  8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  * CVE-2026-39831 ( NVD ):  9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  * CVE-2026-39832 ( SUSE ):  6.2
    CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:N
  * CVE-2026-39832 ( SUSE ):  8.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
  * CVE-2026-39832 ( NVD ):  9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  * CVE-2026-39832 ( NVD ):  8.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N
  * CVE-2026-39833 ( SUSE ):  8.5
    CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
  * CVE-2026-39833 ( SUSE ):  7.7 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  * CVE-2026-39833 ( NVD ):  9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  * CVE-2026-39834 ( SUSE ):  8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-39834 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-39834 ( NVD ):  9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
  * CVE-2026-39835 ( SUSE ):  8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-39835 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-39835 ( NVD ):  5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
  * CVE-2026-39835 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-41889 ( SUSE ):  7.7
    CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-41889 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2026-41889 ( NVD ):  2.3
    CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2026-41889 ( NVD ):  9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2026-42502 ( SUSE ):  5.3
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
  * CVE-2026-42502 ( SUSE ):  6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  * CVE-2026-42502 ( NVD ):  6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  * CVE-2026-42506 ( SUSE ):  5.3
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N
  * CVE-2026-42506 ( SUSE ):  6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  * CVE-2026-42506 ( NVD ):  6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  * CVE-2026-42508 ( SUSE ):  8.6
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
  * CVE-2026-42508 ( SUSE ):  8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  * CVE-2026-42508 ( NVD ):  9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  * CVE-2026-42508 ( NVD ):  7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
  * CVE-2026-44740 ( SUSE ):  8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-44740 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-44740 ( NVD ):  6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-45678 ( SUSE ):  8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-45678 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-45678 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-45682 ( SUSE ):  8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-45682 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-45682 ( NVD ):  5.1 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-45682 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-45685 ( SUSE ):  8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-45685 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-45685 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-45686 ( SUSE ):  8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-45686 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-45686 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-46595 ( SUSE ):  8.6
    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N
  * CVE-2026-46595 ( SUSE ):  8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
  * CVE-2026-46595 ( NVD ):  10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:L
  * CVE-2026-46595 ( NVD ):  7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
  * CVE-2026-46597 ( SUSE ):  8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-46597 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-46597 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-46598 ( SUSE ):  8.7
    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
  * CVE-2026-46598 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2026-46598 ( NVD ):  5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

  
Affected Products:

  * SUSE Linux Enterprise Server 16.0
  * SUSE Linux Enterprise Server for SAP applications 16.0

  
  
An update that solves 26 vulnerabilities can now be installed.

## Description:

This update for alloy fixes the following issues:

Update to version 1.17.0.

Security issues fixed:

  * CVE-2026-25680: golang.org/x/net/html: parsing arbitrary HTML can consume
    excessive CPU time, possibly leading to denial of service (bsc#1267185).
  * CVE-2026-25681: golang.org/x/net/html: parsing arbitrary HTML which is then
    rendered using Render can result in an unexpected HTML tree and allows for
    XSS (bsc#1267185).
  * CVE-2026-27136: golang.org/x/net/html: parsing arbitrary HTML which is then
    rendered using Render can result in an unexpected HTML tree and allows for
    XSS (bsc#1267185).
  * CVE-2026-33532: yaml: parsing input with deeply nestes collections may throw
    a `RangeError` due to a stack overflow and cause to a denial of service
    (bsc#1260981).
  * CVE-2026-39821: golang.org/x/net/idna: failure to reject ASCII-only
    Punycode-encoded labels allows for validation bypass and privilege
    escalation (bsc#1266654).
  * CVE-2026-39827: golang.org/x/crypto/ssh: authenticated SSH clients that
    repeatedly open channels which were rejected by the server can cause
    unbounded memory growth and a crash (bsc#1266196).
  * CVE-2026-39828: golang.org/x/crypto/ssh: permissions discarded when an SSH
    server authentication callback returns `PartialSuccessError` with non-`nil`
    permissions (bsc#1266196).
  * CVE-2026-39829: golang.org/x/crypto/ssh: unenforced size limits on key
    parameters by the the RSA and DSA public key parsers can lead to excessive
    CPU consumption when processing a crafted public key (bsc#1266196).
  * CVE-2026-39830: golang.org/x/crypto/ssh: malicious SSH peers sending
    unsolicited global request responses can block a connection's read loop and
    cause a resource leak (bsc#1266196).
  * CVE-2026-39831: golang.org/x/crypto/ssh: missing `User Presence` flag checks
    in the `Verify()` method for FIDO/U2F security key types cause signatures
    generated without physical touch to be accepted (bsc#1266196).
  * CVE-2026-39832: golang.org/x/crypto/ssh: destination restrictions are
    silently stripped when forwarding keys and allow for unrestricted use of a
    key on a remote host (bsc#1266196).
  * CVE-2026-39833: golang.org/x/crypto/ssh: in-memory keyring returned by
    `NewKeyring()` silently accepts keys with the `ConfirmBeforeUse` constraint
    but never enforces it (bsc#1266196).
  * CVE-2026-39834: golang.org/x/crypto/ssh: writing data larger than 4GB in a
    single `Write` call on an SSH channel leads to an integer overflow and an
    infinite loop that sends empty packets (bsc#1266196).
  * CVE-2026-39835: golang.org/x/crypto/ssh: processing of certificates by SSH
    servers using `CertChecker` as a public key callback without setting
    `IsUserAuthority` or `IsHostAuthority` can lead to a panic (bsc#1266196).
  * CVE-2026-41889: github.com/jackc/pgx/v5/internal/sanitize: use placeholders
    in dollar-quoted string literals in an SQL query can lead to a SQL injection
    (bsc#1265440).
  * CVE-2026-42502: golang.org/x/net/html: parsing arbitrary HTML which is then
    rendered using Render can result in an unexpected HTML tree and allows for
    XSS (bsc#1267185).
  * CVE-2026-42506: golang.org/x/net/html: parsing arbitrary HTML which is then
    rendered using Render can result in an unexpected HTML tree and allows for
    XSS (bsc#1267185).
  * CVE-2026-42508: golang.org/x/crypto/ssh: revoked `SignatureKey`s belonging
    to a CA are not correctly checked for revocation (bsc#1266196).
  * CVE-2026-44740: github.com/go-git/go-billy/v5: improper input handling in
    many components can lead to DoS via infinite loops, panics or resource
    consumption (bsc#1267333).
  * CVE-2026-45678: go.opentelemetry.io/obi: Postgres BIND parsing can lead to a
    panic when malformed payloads are processed (bsc#1267481).
  * CVE-2026-45682: go.opentelemetry.io/obi: keys not deleted by
    `CappedConcurrentHashMap` after removals allows repeated connection churn to
    grow the queue without bound and exhaust heap memory (bsc#1267485).
  * CVE-2026-45685: go.opentelemetry.io/obi: MongoDB TCP parser panics on
    malformed wire messages and causes a DoS (bsc#1267488).
  * CVE-2026-45686: go.opentelemetry.io/obi: integer overflow in memcached text
    protocol parser can crash the OBI process and cause denial of service
    (bsc#1267489).
  * CVE-2026-46595: golang.org/x/crypto/ssh: source-address validation is
    skipped if any other type of callback is passed other than public key
    (bsc#1266196).
  * CVE-2026-46597: golang.org/x/crypto/ssh: incorrectly placed cast from bytes
    to int in the AES-GCM packet decoder when processing specially crafted input
    can lead to for server-side panic (bsc#1266196).
  * CVE-2026-46598: golang.org/x/crypto/ssh: `ed25519.PrivateKey` created by
    casting malformed wire bytes due to processing of certain crafted inputs can
    lead to panic when used (bsc#1266196).

Other updates and bugfixes:

  * Version 1.17.0:
  * Features
    * Add GraphQL server and `gql` subcommand.
    * `otelcol`: Add Nginx receiver.
    * `otelcol.exporter.prometheus`: Convert classic histograms to NHCB.
    * `database_observability`: Various enhancements for MySQL and Postgres.
    * `faro.receiver`: Support gzip-compressed request bodies.
    * Update to Beyla 3.9.8.
  * Bug Fixes
  * security: Update `x/crypto`, `x/net`, `jackc/pgx/v5`, and `obi`.
  * cluster: Fix nodes failing to join the cluster with TLS enabled.
  * `loki.process`: Fix potential deadlocks and limit stage shutdown.
  * Update Go to v1.26.4.
  * Version 1.16.3:
  * cluster: Fix nodes failing to join the cluster when TLS is enabled.
  * Version 1.16.2:
  * `loki.process`: No longer mutate rules in `stage.truncate` causing every
    config update to reload pipeline when this stage is used.
  * `loki.process`: Potential deadlock on update with stage and receiver
    changes.
  * `otelcol.exporter.awss3`: Add missing `unique_key_func_name` attribute.
  * Remove dependency on vulnerable `yaml` library.

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Server 16.0  
    zypper in -t patch SUSE-SLES-16.0-1172=1

  * SUSE Linux Enterprise Server for SAP applications 16.0  
    zypper in -t patch SUSE-SLES-16.0-1172=1

## Package List:

  * SUSE Linux Enterprise Server for SAP applications 16.0 (ppc64le x86_64)
    * alloy-debuginfo-1.17.0-160000.1.1
    * alloy-1.17.0-160000.1.1
  * SUSE Linux Enterprise Server 16.0 (aarch64 ppc64le s390x x86_64)
    * alloy-debuginfo-1.17.0-160000.1.1
    * alloy-1.17.0-160000.1.1

## References:

  * https://www.suse.com/security/cve/CVE-2026-25680.html
  * https://www.suse.com/security/cve/CVE-2026-25681.html
  * https://www.suse.com/security/cve/CVE-2026-27136.html
  * https://www.suse.com/security/cve/CVE-2026-33532.html
  * https://www.suse.com/security/cve/CVE-2026-39821.html
  * https://www.suse.com/security/cve/CVE-2026-39827.html
  * https://www.suse.com/security/cve/CVE-2026-39828.html
  * https://www.suse.com/security/cve/CVE-2026-39829.html
  * https://www.suse.com/security/cve/CVE-2026-39830.html
  * https://www.suse.com/security/cve/CVE-2026-39831.html
  * https://www.suse.com/security/cve/CVE-2026-39832.html
  * https://www.suse.com/security/cve/CVE-2026-39833.html
  * https://www.suse.com/security/cve/CVE-2026-39834.html
  * https://www.suse.com/security/cve/CVE-2026-39835.html
  * https://www.suse.com/security/cve/CVE-2026-41889.html
  * https://www.suse.com/security/cve/CVE-2026-42502.html
  * https://www.suse.com/security/cve/CVE-2026-42506.html
  * https://www.suse.com/security/cve/CVE-2026-42508.html
  * https://www.suse.com/security/cve/CVE-2026-44740.html
  * https://www.suse.com/security/cve/CVE-2026-45678.html
  * https://www.suse.com/security/cve/CVE-2026-45682.html
  * https://www.suse.com/security/cve/CVE-2026-45685.html
  * https://www.suse.com/security/cve/CVE-2026-45686.html
  * https://www.suse.com/security/cve/CVE-2026-46595.html
  * https://www.suse.com/security/cve/CVE-2026-46597.html
  * https://www.suse.com/security/cve/CVE-2026-46598.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1260981
  * https://bugzilla.suse.com/show_bug.cgi?id=1265440
  * https://bugzilla.suse.com/show_bug.cgi?id=1266196
  * https://bugzilla.suse.com/show_bug.cgi?id=1266654
  * https://bugzilla.suse.com/show_bug.cgi?id=1267185
  * https://bugzilla.suse.com/show_bug.cgi?id=1267333
  * https://bugzilla.suse.com/show_bug.cgi?id=1267481
  * https://bugzilla.suse.com/show_bug.cgi?id=1267485
  * https://bugzilla.suse.com/show_bug.cgi?id=1267488
  * https://bugzilla.suse.com/show_bug.cgi?id=1267489

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20260714/4d462eb8/attachment-0001.htm>


More information about the sle-updates mailing list