Egbert Eich
d7bcf5b155
* GO-2025-4135 (CVE-2025-47914)
SSH Agent servers do not validate the size of messages
when processing new identity requests, which may cause
the program to panic if the message is malformed due to
an out of bounds read.
* GO-2025-4116 (CVE-2025-47913)
SSH clients receiving SSH_AGENT_SUCCESS when expecting a
typed response will panic and cause early termination of
the client process.
* GO-2025-4134 (CVE-2025-58181, bsc#1253952).
SSH servers parsing GSSAPI authentication
requests do not validate the number of mechanisms
specified in the request, allowing an attacker to cause
unbounded memory consumption.
Signed-off-by: Egbert Eich <eich@suse.com>
8 lines
165 B
Plaintext
8 lines
165 B
Plaintext
<services>
|
|
<service name="go_modules" mode="manual">
|
|
<param name="replace">
|
|
golang.org/x/crypto=golang.org/x/crypto@v0.45.0
|
|
</param>
|
|
</service>
|
|
</services>
|