8 matches found
MGASA-2026-0179 Updated golang-x-crypto & golang-x-sys-devel packages fix security vulnerability
fixes a protocol weakness in the golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise the integrity of the secure channel before it was established, allowing them to prevent transmission of a number of messages immediately after the secure channel was established without...
RLSA-2026:0545 Important: podman security update
The podman tool manages pods, container images, and containers. It is part of the libpod library, which is for applications that use container pods. Container pods is a concept in Kubernetes. Security Fixes: golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to...
CVE-2025-47913
SSH clients receiving SSHAGENTSUCCESS when expecting a typed response will panic and cause early termination of the client process...
Linux Distros Unpatched Vulnerability : CVE-2019-11840
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the...
Security update for buildah
This update for buildah fixes the following issues: CVE-2025-22869: Fixed Denial of Service in the Key Exchange of golang.org/x/crypto/ssh bsc1239339. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...
Misuse of connection.serverAuthenticate may cause authorization bypass in golang.org/x/crypto
...
golang.org/x/crypto: Keystream loop in amd64 assembly when overflowing 32-bit counter
An issue was discovered in the supplementary Go cryptography library, golang.org/x/crypto, before v0.0.0-20190320223903-b7391e95e576. A flaw was found in the amd64 implementation of the golang.org/x/crypto/salsa20 and golang.org/x/crypto/salsa20/salsa packages. If more than 256 GiB of keystream i...
PT-2017-4225 · Go · Golang.Org/X/Crypto/Ssh
Name of the Vulnerable Software and Affected Versions: golang.org/x/crypto/ssh versions prior to the version that includes commit e4e2799 Description: The issue is related to the default behavior of the Go SSH library, which does not verify host keys. This facilitates man-in-the-middle attacks if...