{"affected":[{"ecosystem_specific":{"binaries":[{"buildah":"1.39.5-160000.1.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"buildah","purl":"pkg:rpm/opensuse/buildah&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"1.39.5-160000.1.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for buildah fixes the following issues:\n\n- CVE-2025-47914: golang.org/x/crypto/ssh/agent: Fixed non validated message size causing a panic due to an out\n  of bounds read (bsc#1254054)\n- CVE-2025-47913: golang.org/x/crypto/ssh/agent: Fixed client process termination when receiving an unexpected\n  message type in response to a key listing or signing request (bsc#1253598)\n- CVE-2025-31133,CVE-2025-52565,CVE-2025-52881: Fixed container breakouts by bypassing runc's restrictions for writing to arbitrary /proc\n  files (bsc#1253096)\n\nOther fixes:\n\n- Updated to version 1.39.5.\n","id":"openSUSE-SU-2026:20080-1","modified":"2026-01-22T13:00:13Z","published":"2026-01-22T13:00:13Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1253096"},{"type":"REPORT","url":"https://bugzilla.suse.com/1253598"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254054"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-31133"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47913"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-47914"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-52565"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-52881"}],"related":["CVE-2025-31133","CVE-2025-47913","CVE-2025-47914","CVE-2025-52565","CVE-2025-52881"],"summary":"Security update for buildah","upstream":["CVE-2025-31133","CVE-2025-47913","CVE-2025-47914","CVE-2025-52565","CVE-2025-52881"]}