GHSA-F5WC-C3C7-36MC golang.org/x/crypto/ssh/agent doesn't drop invoking agent constraints when forwarding keys

When adding a key to a remote agent constraint extensions such as [email protected] were not serialized in the request. Destination restrictions were silently stripped when forwarding keys, allowing unrestricted use of the key on the remote host. The client now serializes all...

Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent

...

RockyLinux 8 : container-tools:rhel8 (RLSA-2026:0753)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2026:0753 advisory. golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSHAGENTSUCCESS CVE-2025-47913 Tenable has extracted the precedin...

SUSE-SU-2025:4157-1 Security update for podman

This update for podman fixes the following issues: - CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request bsc1253542...

CVE-2025-47914

CVE-2025-47914 involves IBM Storage Scale CloudKit. The IBM Security Bulletin identifies that SSH Agent identity-processing can panic from an out-of-bounds read when processing new identities, with affected builds including IBM Storage Scale 5.2.3.0–5.2.3.5 and 6.0.0.0. remediation is to upgrade ...