SUSE-SU-2026:20976-1
- Source
- https://www.suse.com/support/update/announcement/2026/suse-su-202620976-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2026:20976-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/SUSE-SU-2026:20976-1
- Upstream
- Related
- Published
- 2026-03-27T10:09:30Z
- Modified
- 2026-04-10T18:24:13.249651Z
- Summary
- Security update for docker-compose
- Details
-
This update for docker-compose fixes the following issues:
- CVE-2025-47913: golang.org/x/crypto/ssh/agent: client process termination when receiving an unexpected message type in response to a key listing or signing request (bsc#1253584).
- CVE-2025-47914: golang.org/x/crypto/ssh/agent: non validated message size can cause a panic due to an out of bounds read (bsc#1254041).
- CVE-2025-62725: OCI compose artifacts can be used to escape the cache directory and overwrite arbitrary files (bsc#1252752).
- References
-
- https://www.suse.com/support/update/announcement/2026/suse-su-202620976-1/
- https://bugzilla.suse.com/1252752
- https://bugzilla.suse.com/1253584
- https://bugzilla.suse.com/1254041
- https://www.suse.com/security/cve/CVE-2025-47913
- https://www.suse.com/security/cve/CVE-2025-47914
- https://www.suse.com/security/cve/CVE-2025-62725
Affected packages
SUSE:Linux Enterprise Server 16.0 / docker-compose
Package
- Name
- docker-compose
- Purl
- pkg:rpm/suse/docker-compose&distro=SUSE%20Linux%20Enterprise%20Server%2016.0