SUSE Package Hub - openSUSE-2026-117

Update Info

openSUSE-2026-117

Security update for keybase-client

Type: security

Severity: important

Issued: 2026-04-03

Description:

This update for keybase-client fixes the following issues:

- CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (boo#1254023)
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (boo#1253563)
- CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption (boo#1253864)

References

CVE: CVE-2025-58181
CVE: CVE-2025-47914
CVE: CVE-2025-47913
Bugzilla: 1254023 VUL-0: CVE-2025-47914: keybase-client: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read
Bugzilla: 1253864 VUL-0: CVE-2025-58181: keybase-client: golang.org/x/crypto/ssh: invalidated number of mechanisms can cause unbounded memory consumption
Bugzilla: 1253563 VUL-0: CVE-2025-47913: keybase-client: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request

Packages

keybase-client-6.2.8-bp157.2.3.15