SUSE Package Hub - openSUSE-2025-437

Update Info

openSUSE-2025-437

Security update for act

Type: security

Severity: important

Issued: 2025-11-24

Description:

This update for act fixes the following issues:

- CVE-2025-47913: Prevent panic in embedded golang.org/x/crypto/ssh/agent
  client when receiving unexpected message types for key listing or signing
  requests by returning a descriptive error instead. (boo#1253608)

References

CVE: CVE-2025-47913
Bugzilla: 1253608 VUL-0: CVE-2025-47913: act: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request

Packages

act-0.2.45-bp157.3.3.1