Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 556
Alerts This Week
Warning Icon 1 556

openSUSE 15-SP6 Keybase-client Important Memory Panic Fix 2026-0117-1

opensuse
Calendar Grey April 3, 2026
Dist Opensuse Esm H88
Update for keybase-client addresses important issues in openSUSE systems, enhancing security and stability.
An update that fixes three vulnerabilities is now available.

Description

This update for keybase-client fixes the following issues:

- CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message

size can cause a panic due to an out of bounds read (boo#1254023)

- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process

termination when receiving an unexpected message type in response to a

key listing or signing request (boo#1253563)

- CVE-2025-58181: golang.org/x/crypto/ssh: invalidated number of

mechanisms can cause unbounded memory consumption (boo#1253864)

Patch

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Backports SLE-15-SP7:

zypper in -t patch openSUSE-2026-117=1

- openSUSE Backports SLE-15-SP6:

zypper in -t patch openSUSE-2026-117=1

Package List

- openSUSE Backports SLE-15-SP7 (aarch64 i586 ppc64le s390x x86_64):

kbfs-6.2.8-bp157.2.3.15

kbfs-debuginfo-6.2.8-bp157.2.3.15

kbfs-git-6.2.8-bp157.2.3.15

kbfs-git-debuginfo-6.2.8-bp157.2.3.15

kbfs-tool-6.2.8-bp157.2.3.15

kbfs-tool-debuginfo-6.2.8-bp157.2.3.15

keybase-client-6.2.8-bp157.2.3.15

keybase-client-debuginfo-6.2.8-bp157.2.3.15

- openSUSE Backports SLE-15-SP6 (aarch64 i586 ppc64le s390x x86_64):

kbfs-6.2.8-bp156.2.9.16

kbfs-git-6.2.8-bp156.2.9.16

kbfs-tool-6.2.8-bp156.2.9.16

keybase-client-6.2.8-bp156.2.9.16

References

https://www.suse.com/security/cve/CVE-2025-47913.html

https://www.suse.com/security/cve/CVE-2025-47914.html

https://www.suse.com/security/cve/CVE-2025-58181.html

https://bugzilla.suse.com/1253563

https://bugzilla.suse.com/1253864

https://bugzilla.suse.com/1254023

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:0117-1
Rating: important
Affected Products: openSUSE Backports SLE-15-SP6 openSUSE Backports SLE-15-SP7

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.