eeich/mcphost
SHA256
1
0
Fork 0
forked from AI_MCP/mcphost
Code Pull Requests 1 Activity

Cve 01 2026 #1

Open
eeich wants to merge 1 commits from CVE_01_2026 into main
pull from: CVE_01_2026
merge into: eeich:main
Conversation 0 Commits 1 Files Changed 5 +56 -30
eeich commented 2026-01-06 18:21:47 +01:00
Owner
Copy Link
No description provided.
eeich added 1 commit 2026-01-06 18:21:48 +01:00
- Fix CVEs c09ea7b1f5 
* GO-2025-4135 (CVE-2025-47914)
    SSH Agent servers do not validate the size of messages
    when processing new identity requests, which may cause
    the program to panic if the message is malformed due to
    an out of bounds read.
  * GO-2025-4116 (CVE-2025-47913)
    SSH clients receiving SSH_AGENT_SUCCESS when expecting a
    typed response will panic and cause early termination of
    the client process.
  * GO-2025-4134 (CVE-2025-58181, bsc#1253952).
    SSH servers parsing GSSAPI authentication
    requests do not validate the number of mechanisms
    specified in the request, allowing an attacker to cause
    unbounded memory consumption.

Signed-off-by: Egbert Eich <eich@suse.com>
eeich force-pushed CVE_01_2026 from c09ea7b1f5 to d7bcf5b155 2026-01-06 19:14:42 +01:00 Compare
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin CVE_01_2026:CVE_01_2026
git checkout CVE_01_2026
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
eeich
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: eeich/mcphost#1
Delete Branch "CVE_01_2026"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?