415 matches found
SUSE SLES15 Security Update : apptainer (SUSE-SU-2026:2609-1)
The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2609-1 advisory. This update for apptainer fixes the following issues - CVE-2026-24137: github.com/sigstore/sigstore/pkg/tuf: legacy TUF client allows for...
golang.org/x/crypto/ssh/agent doesn't drop invoking agent constraints when forwarding keys
When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...
GHSA-F5WC-C3C7-36MC golang.org/x/crypto/ssh/agent doesn't drop invoking agent constraints when forwarding keys
When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...
SUSE-SU-2026:22226-1 Security update for mcphost
This update for mcphost fixes the following issues - CVE-2026-25680,CVE-2026-25681,CVE-2026-27136,CVE-2026-42502,CVE-2026-42506: golang.org/x/net/html: multiple issues when parsing HTML files bsc1267109. - CVE-2026-33814: golang.org/x/net/http2: infinite loop in HTTP/2 transport when given bad...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS : Go Cryptography vulnerabilities (USN-8447-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 22.04 LTS / 24.04 LTS / 26.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8447-1 advisory. It was discovered that Go Cryptography did not properly handle SSH global request responses. ...
SUSE SLES15 Security Update : kubevirt-1.6 (SUSE-SU-2026:2401-1)
The remote SUSE Linux SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:2401-1 advisory. This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: -...
Astra Linux – Vulnerability in OpenSSH
The PKCS11 feature in ssh-agent in OpenSSH prior to version 9.3p2 has an insufficiently trustworthy search path, which can lead to remote code execution if the agent is forwarded to a system controlled by an attacker. The code located in /usr/lib is not necessarily safe for loading into ssh-agent...
USN-8447-1 golang-go.crypto vulnerabilities
It was discovered that Go Cryptography did not properly handle SSH global request responses. A remote attacker could possibly use this issue to cause a denial of service. CVE-2026-39830 It was discovered that Go Cryptography did not properly verify user presence when using FIDO/U2F security keys...
Security update for kubevirt-1.6
This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. CVE-2025-47913: golang.org/x/crypto/ssh/agent:...
SUSE-SU-2026:2401-1 Security update for kubevirt-1.6
This update for kubevirt-1.6 fixes the following issues Update to version 1.6.6, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. - CVE-2025-47913: golang.org/x/crypto/ssh/agent...
SUSE-SU-2026:2400-1 Security update for kubevirt
This update for kubevirt fixes the following issues: Update to version 1.7.4, fixes various go embedded security issues: - CVE-2025-47911: golang.org/x/net/html: various algorithms with quadratic complexity when parsing HTML documents bsc1251420. - CVE-2025-47913: golang.org/x/crypto/ssh/agent:...
Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent
...
Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
...
SUSE-SU-2026:21827-1 Security update for mcphost
This update for mcphost fixes the following issues - CVE-2025-30153: github.com/getkin/kin-openapi/openapi3filter: Improper Handling of Highly Compressed Data Data Amplification in github.com/getkin/kin-openapi/openapi3filter bsc1264762. - CVE-2025-47913: golang.org/x/crypto/ssh/agent: client...
Improper Check for Dropped Privileges
Overview Affected versions of this package are vulnerable to Improper Check for Dropped Privileges due to the omission of constraint extensions such as [email protected] when adding a key to a remote agent. An attacker can bypass intended key usage restrictions by forwarding ke...
Improper Check for Dropped Privileges
Overview Affected versions of this package are vulnerable to Improper Check for Dropped Privileges due to the omission of constraint extensions such as [email protected] when adding a key to a remote agent. An attacker can bypass intended key usage restrictions by forwarding ke...
CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent
When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...
CVE-2026-39833
The CVE-2026-39833 issue affects the in-memory keyring used by golang.org/x/crypto/ssh/agent. The ConfirmBeforeUse constraint was silently accepted but not enforced by NewKeyring(), allowing keys to sign without a required confirmation prompt and without notifying the caller. The patch fixes this...
GO-2026-5005 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent
The in-memory keyring returned by NewKeyring silently accepted keys with the ConfirmBeforeUse constraint but never enforced it. The key would sign without any confirmation prompt, with no indication to the caller that the constraint was not in effect. NewKeyring now returns an error when...
RockyLinux 10 : openssh (RLSA-2025:20126)
The remote RockyLinux 10 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:20126 advisory. openssh: OpenSSH SSHD Agent Forwarding and X11 Forwarding CVE-2025-32728 Tenable has extracted the preceding description block directly from the RockyLinux...