Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2025:4526-1

Опубликовано: 26 дек. 2025
Источник: suse-cvrf

Описание

Security update for buildah

This update for buildah fixes the following issues:

  • CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed out of bounds read caused by non validated message size (bsc#1254054)
  • CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253598)

Список пакетов

SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
buildah-1.35.5-150400.3.59.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
buildah-1.35.5-150400.3.59.1
SUSE Linux Enterprise Server 15 SP4-LTSS
buildah-1.35.5-150400.3.59.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4
buildah-1.35.5-150400.3.59.1

Ссылки

Описание

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.5-150400.3.59.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.5-150400.3.59.1
SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.5-150400.3.59.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.5-150400.3.59.1
Ссылки

Описание

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.5-150400.3.59.1
SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.5-150400.3.59.1
SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.5-150400.3.59.1
SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.5-150400.3.59.1
Ссылки