Important: buildah security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:0437", "synopsis": "Important: buildah security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for buildah.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a Dockerfile; Build both Docker and OCI images. \n\nSecurity Fix(es):\n\n* golang.org/x/crypto/ssh/agent: golang.org/x/crypto/ssh/agent: SSH client panic due to unexpected SSH_AGENT_SUCCESS (CVE-2025-47913)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 9"], "fixes": [{"ticket": "2414943", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2414943", "description": ""}], "cves": [{"name": "CVE-2025-47913", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2025-47913", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": null}], "references": [], "publishedAt": "2026-01-15T09:13:58.593947Z", "rpms": {"Rocky Linux 9": {"nvras": ["buildah-2:1.41.8-1.el9_7.aarch64.rpm", "buildah-2:1.41.8-1.el9_7.ppc64le.rpm", "buildah-2:1.41.8-1.el9_7.s390x.rpm", "buildah-2:1.41.8-1.el9_7.src.rpm", "buildah-2:1.41.8-1.el9_7.x86_64.rpm", "buildah-debuginfo-2:1.41.8-1.el9_7.aarch64.rpm", "buildah-debuginfo-2:1.41.8-1.el9_7.ppc64le.rpm", "buildah-debuginfo-2:1.41.8-1.el9_7.s390x.rpm","buildah-debuginfo-2:1.41.8-1.el9_7.x86_64.rpm", "buildah-debugsource-2:1.41.8-1.el9_7.aarch64.rpm", "buildah-debugsource-2:1.41.8-1.el9_7.ppc64le.rpm", "buildah-debugsource-2:1.41.8-1.el9_7.s390x.rpm", "buildah-debugsource-2:1.41.8-1.el9_7.x86_64.rpm", "buildah-tests-2:1.41.8-1.el9_7.aarch64.rpm", "buildah-tests-2:1.41.8-1.el9_7.ppc64le.rpm", "buildah-tests-2:1.41.8-1.el9_7.s390x.rpm", "buildah-tests-2:1.41.8-1.el9_7.x86_64.rpm", "buildah-tests-debuginfo-2:1.41.8-1.el9_7.aarch64.rpm", "buildah-tests-debuginfo-2:1.41.8-1.el9_7.ppc64le.rpm", "buildah-tests-debuginfo-2:1.41.8-1.el9_7.s390x.rpm", "buildah-tests-debuginfo-2:1.41.8-1.el9_7.x86_64.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Rocky Linux 9 buildah security update addresses SSH client panic. Get details on the fix and CVE-2025-47913 today!. buildah updates. . LinuxSecurity.com Team
Get the latest Linux and open source security news straight to your inbox.