{"affected":[{"ecosystem_specific":{"binaries":[{"alloy":"1.12.2-160000.1.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server 16.0","name":"alloy","purl":"pkg:rpm/suse/alloy&distro=SUSE%20Linux%20Enterprise%20Server%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.12.2-160000.1.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"alloy":"1.12.2-160000.1.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Server for SAP applications 16.0","name":"alloy","purl":"pkg:rpm/suse/alloy&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.12.2-160000.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for alloy fixes the following issues:\n\nUpdate to 1.12.2:\n\nSecurity fixes:\n\n- CVE-2025-68156: github.com/expr-lang/expr/builtin: Fixed potential DoS via unbounded recursion (bsc#1255333):\n- CVE-2025-31133, CVE-2025-52565, CVE-2025-52881: github.com/opencontainers/runc: Fixed container\n  breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1255074)\n\nOther fixes:\n\n    - Add missing configuration parameter\n      deployment_name_from_replicaset to k8sattributes processor\n      (5b90a9d) (@dehaansa)\n    - database_observability: Fix schema_details collector to fetch\n      column definitions with case sensitive table names (#4872)\n      (560dff4) (@jharvey10, @fridgepoet)\n    - deps: Update jose2go to 1.7.0 (#4858) (dfdd341) (@jharvey10)\n    - deps: Update npm dependencies [backport] (#5201) (8e06c26)\n      (@jharvey10)\n    - Ensure the squid exporter wrapper properly brackets ipv6\n      addresses [backport] (#5205) (e329cc6) (@dehaansa)\n    - Preserve meta labels in loki.source.podlogs (#5097) (ab4b21e)\n      (@kalleep)\n    - Prevent panic in import.git when update fails [backport]\n      (#5204) (c82fbae) (@dehaansa, @jharvey10)\n    - show correct fallback alloy version instead of v1.13.0\n      (#5110) (b72be99) (@dehaansa, @jharvey10)\n","id":"SUSE-SU-2026:20214-1","modified":"2026-01-30T14:35:10Z","published":"2026-01-30T14:35:10Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2026/suse-su-202620214-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1255074"},{"type":"REPORT","url":"https://bugzilla.suse.com/1255333"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-31133"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-52565"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-52881"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-68156"}],"related":["CVE-2025-31133","CVE-2025-52565","CVE-2025-52881","CVE-2025-68156"],"summary":"Security update for alloy","upstream":["CVE-2025-31133","CVE-2025-52565","CVE-2025-52881","CVE-2025-68156"]}