42 matches found
SUSE-SU-2026:2693-1 Security update for podman
This update for podman fixes the following issues - CVE-2026-34986: github.com/go-jose/go-jose/v4,github.com/go-jose/go-jose/v3: crafted JWE input with a missing encrypted key can lead to a denial of service bsc1262856. - CVE-2026-39829,CVE-2026-39830,CVE-2026-42508,CVE-2026-46598:...
GHSA-F5WC-C3C7-36MC golang.org/x/crypto/ssh/agent doesn't drop invoking agent constraints when forwarding keys
When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...
golang.org/x/crypto/ssh: golang.org/x/crypto/ssh: Denial of Service via crafted public key with excessive parameters
A flaw was found in golang.org/x/crypto/ssh. The RSA and DSA public key parsers in the affected component did not enforce size limits on key parameters. This vulnerability allows an unauthenticated client to provide a crafted public key with an excessively large modulus or DSA parameter during...
OPENSUSE-SU-2026:20956-1 Security update for trivy
This update for trivy fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267047. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...
Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
...
Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
...
Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh
...
Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh
...
Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
...
CVE-2026-46595
CVE-2026-46595 affects golang.org/x/crypto/ssh. The issue arises when VerifiedPublicKeyCallback is invoked with a callback type other than public key, causing the source-address validation to be bypassed and enabling an authorization bypass. The description notes this is a continuation of CVE-202...
CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts
Previously, a revoked 'SignatureKey' belonging to a CA was not correctly checked for revocation. Now, both the 'key' and 'key.SignatureKey' are checked for @revoked...
CVE-2026-46597
CVE-2026-46597 describes an incorrectly placed cast from bytes to int that can cause a server-side panic in the AES-GCM packet decoder when processing crafted inputs. The entry lists high availability impact with network-based exploitability and no privileges required, but the provided documents ...
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh
When an SSH server authentication callback returned PartialSuccessError with non-nil Permissions, those permissions were silently discarded, potentially dropping certificate restrictions such as force-command after a second factor succeeded. Returning non-nil Permissions with PartialSuccessError...
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh
An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...
SUSE-SU-2026:1118-1 Security update for docker-stable
This update for docker-stable fixes the following issues: - CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption bsc1253904...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : cosign (SUSE-SU-2026:0777-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0777-1 advisory. Update to version 3.0.5 jscSLE-23879. Security issues fixed: - CVE-2025-11065:...
container-tools:rhel8 security update
An update is available for module.crun, fuse-overlayfs, module.slirp4netns, python-podman, module.runc, container-selinux, module.podman, module.udica, module.aardvark-dns, module.fuse-overlayfs, cockpit-podman, aardvark-dns, module.conmon, containers-common, libslirp, criu,...
RockyLinux 8 : container-tools:rhel8 (RLSA-2026:0753)
The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:0753 advisory. golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS CVE-2025-47913 Tenable has extracted the precedin...
MiracleLinux 8 : container-tools:rhel8 (AXSA:2025-9813:01)
The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-9813:01 advisory. golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh CVE-2025-22869 Tenable has extracted the preceding description bloc...