Security update for buildah SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:4526-1 Final 1 1 2025-12-26T12:24:16Z current 2025-12-26T12:24:16Z 2025-12-26T12:24:16Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for buildah This update for buildah fixes the following issues: - CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed out of bounds read caused by non validated message size (bsc#1254054) - CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253598) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-4526,SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-4526,SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-4526,SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-4526,SUSE-SLE-Product-SLES_SAP-15-SP4-2025-4526 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20254526-1/ Link for SUSE-SU-2025:4526-1 https://lists.suse.com/pipermail/sle-security-updates/2025-December/023656.html E-Mail link for SUSE-SU-2025:4526-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1253598 SUSE Bug 1253598 https://bugzilla.suse.com/1254054 SUSE Bug 1254054 https://www.suse.com/security/cve/CVE-2025-47913/ SUSE CVE CVE-2025-47913 page https://www.suse.com/security/cve/CVE-2025-47914/ SUSE CVE CVE-2025-47914 page SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS SUSE Linux Enterprise Server 15 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP4 buildah-1.35.5-150400.3.59.1 buildah-1.35.5-150400.3.59.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS buildah-1.35.5-150400.3.59.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS buildah-1.35.5-150400.3.59.1 as a component of SUSE Linux Enterprise Server 15 SP4-LTSS buildah-1.35.5-150400.3.59.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP4 SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process. CVE-2025-47913 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.5-150400.3.59.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.5-150400.3.59.1 SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.5-150400.3.59.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.5-150400.3.59.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254526-1/ https://www.suse.com/security/cve/CVE-2025-47913.html CVE-2025-47913 https://bugzilla.suse.com/1253506 SUSE Bug 1253506 SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. CVE-2025-47914 SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS:buildah-1.35.5-150400.3.59.1 SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS:buildah-1.35.5-150400.3.59.1 SUSE Linux Enterprise Server 15 SP4-LTSS:buildah-1.35.5-150400.3.59.1 SUSE Linux Enterprise Server for SAP Applications 15 SP4:buildah-1.35.5-150400.3.59.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20254526-1/ https://www.suse.com/security/cve/CVE-2025-47914.html CVE-2025-47914 https://bugzilla.suse.com/1253967 SUSE Bug 1253967