OPENSUSE-SU-2026:20080-1
Advisory lineage Upstream: 5 Downstream: 0
Published: 22 Jan 2026, 13:00
Last modified:23 Mar 2026, 04:54
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
22 Jan 2026, 13:00
Published
Vulnerability first disclosed
23 Mar 2026, 04:54
Last Modified
Vulnerability information updated
Description
Security update for buildah This update for buildah fixes the following issues: - CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed non validated message size causing a panic due to an out of bounds read (bsc#1254054) - CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253598) - CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc files (bsc#1253096) Other fixes: - Updated to version 1.39.5.
Affected Systems
- opensuse•buildah&distro=openSUSE Leap 16.0
< 1.39.5-160000.1.1
References (8)
- https://bugzilla.suse.com/1253096
- https://bugzilla.suse.com/1253598
- https://bugzilla.suse.com/1254054
- https://www.suse.com/security/cve/CVE-2025-31133
- https://www.suse.com/security/cve/CVE-2025-47913
- https://www.suse.com/security/cve/CVE-2025-47914
- https://www.suse.com/security/cve/CVE-2025-52565
- https://www.suse.com/security/cve/CVE-2025-52881