- Fix CVEs #3

Merged

mslacken merged 1 commits from eeich/mcphost:CVE_01_2026 into main

2026-01-07 16:15:33 +01:00

Author	SHA256	Message	Date
Egbert Eich	d7bcf5b155	- Fix CVEs * GO-2025-4135 (CVE-2025-47914) SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read. * GO-2025-4116 (CVE-2025-47913) SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process. * GO-2025-4134 (CVE-2025-58181, bsc#1253952). SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. Signed-off-by: Egbert Eich <eich@suse.com>	2026-01-06 19:13:44 +01:00

Author

SHA256

Message

Date

Egbert Eich

d7bcf5b155

- Fix CVEs

* GO-2025-4135 (CVE-2025-47914)
    SSH Agent servers do not validate the size of messages
    when processing new identity requests, which may cause
    the program to panic if the message is malformed due to
    an out of bounds read.
  * GO-2025-4116 (CVE-2025-47913)
    SSH clients receiving SSH_AGENT_SUCCESS when expecting a
    typed response will panic and cause early termination of
    the client process.
  * GO-2025-4134 (CVE-2025-58181, bsc#1253952).
    SSH servers parsing GSSAPI authentication
    requests do not validate the number of mechanisms
    specified in the request, allowing an attacker to cause
    unbounded memory consumption.

Signed-off-by: Egbert Eich <eich@suse.com>

2026-01-06 19:13:44 +01:00

- Fix CVEs #3

1 Commits