SUSE-SU-2025:4526-1

Details

This update for buildah fixes the following issues:

CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed out of bounds read caused by non validated message size (bsc#1254054)
CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253598)

Affected Packages

buildah

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOSSUSE Linux Enterprise High Performance Computing 15 SP4-LTSSSUSE Linux Enterprise Server 15 SP4-LTSSSUSE Linux Enterprise Server for SAP Applications 15 SP4

Fixed in:

1.35.5-150400.3.59.1

References

REPORThttps://bugzilla.suse.com/1253598 REPORThttps://bugzilla.suse.com/1254054 WEBhttps://www.suse.com/security/cve/CVE-2025-47913 WEBhttps://www.suse.com/security/cve/CVE-2025-47914 ADVISORYhttps://www.suse.com/support/update/announcement/2025/suse-su-20254526-1/

SUSE-SU-2025:4526-1

Details

Affected Packages

References

Upstream

Related

Ecosystems

Timeline