microsoft · CBL-Mariner-Bot · Jun 8, 2026 · Jun 8, 2026 · Jun 10, 2026
@@ -1,45 +1,39 @@
-From e9da9a48632aecf8d45a351274dc2f36269140c2 Mon Sep 17 00:00:00 2001
+From e3d1254f1e7e60baa086142c46174bf6d8d0fe50 Mon Sep 17 00:00:00 2001
 From: Nicola <nicola.murino@gmail.com>
-Date: Tue, 27 Jan 2026 12:15:18 +0100
-Subject: [PATCH] ssh/agent: preserve constraint extensions when adding keys
+Date: Sun, 1 Feb 2026 14:55:12 +0100
+Subject: [PATCH] ssh/agent: don't accept keys with unsupported constraints
 
-The client Add method only serialized the lifetime and confirm
-constraints and silently dropped AddedKey.ConstraintExtensions before
-sending the SSH_AGENTC_ADD_IDENTITY request. As a result the remote
-agent always received the key with no extension constraints, regardless
-of what the caller requested.
+The in-memory keyring cannot enforce constraint extensions, so silently
+accepting a key that carries them gave callers a false sense of
+restriction. Refuse keys with constraint extensions instead: a key
+whose constraints cannot be enforced must not be loaded. This behavior
+is consistent with OpenSSH.
 
-Applications that add a key believing custom constraint extensions
-(such as restrict-destination-v00@openssh.com) would be enforced
-instead loaded a completely unrestricted key into the agent. For
-example, an administrator forwarding their agent into an untrusted jump
-host and trying to limit the forwarded key with restrict-destination
-never had that restriction reach the agent: any user or compromised
-process on that host could make the agent sign arbitrary challenges.
-
-Serialize each entry in key.ConstraintExtensions as an
-agentConstrainExtension constraint so the constraints reach the agent,
-and add a round-trip regression test that verifies the extensions
-survive client serialization and server parsing.
+This is a deliberate behavior change: keyring.Add previously accepted
+and ignored ConstraintExtensions and now returns an error.
 
 This issue was found during a security audit by NCC Group Cryptography
 Services, sponsored by Teleport.
 
-Updates CVE-2026-39832
-Updates golang/go#79435
+Fixes CVE-2026-39832
+Fixes golang/go#79435
 
-Change-Id: I14c5583b106cbf0d282d2ba01e000e0f586f08c7
-Reviewed-on: https://go-review.googlesource.com/c/crypto/+/778640
+Change-Id: I6ca4f1c29f8edfabb287fe07299641f70896d5fe
+Reviewed-on: https://go-review.googlesource.com/c/crypto/+/778641
+Auto-Submit: Neal Patel <nealpatel@google.com>
+LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
 Reviewed-by: Neal Patel <neal@golang.org>
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
 Reviewed-by: Neal Patel <nealpatel@google.com>
-Reviewed-by: Keith Randall <khr@google.com>
-Reviewed-by: David Chase <drchase@google.com>
-LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
-Signed-off-by: Azure Linux Security Servicing Account <azurelinux-security@microsoft.com>
-Upstream-reference: https://github.com/golang/crypto/commit/a1ce0fee129597fdea8dfd58d71b6b607de6bdce.patch
+
+This CVE needs 2 commits for the fix.
+Upstream Patch reference:
+1. https://github.com/golang/crypto/commit/e3d1254f1e7e60baa086142c46174bf6d8d0fe50.patch
+2. https://github.com/golang/crypto/commit/a1ce0fee129597fdea8dfd58d71b6b607de6bdce.patch
 ---
- vendor/golang.org/x/crypto/ssh/agent/client.go | 7 +++++++
- 1 file changed, 7 insertions(+)
+ vendor/golang.org/x/crypto/ssh/agent/client.go  |  7 +++++++
+ vendor/golang.org/x/crypto/ssh/agent/keyring.go | 12 +++++++++---
+ 2 files changed, 16 insertions(+), 3 deletions(-)
 
 diff --git a/vendor/golang.org/x/crypto/ssh/agent/client.go b/vendor/golang.org/x/crypto/ssh/agent/client.go
 index 6dc73e0..d9e7f73 100644
@@ -59,6 +53,35 @@ index 6dc73e0..d9e7f73 100644
  	cert := key.Certificate
  	if cert == nil {
  		return c.insertKey(key.PrivateKey, key.Comment, constraints)
+diff --git a/vendor/golang.org/x/crypto/ssh/agent/keyring.go b/vendor/golang.org/x/crypto/ssh/agent/keyring.go
+index 21bfa87..64bc105 100644
+--- a/vendor/golang.org/x/crypto/ssh/agent/keyring.go
++++ b/vendor/golang.org/x/crypto/ssh/agent/keyring.go
+@@ -143,15 +143,21 @@ func (r *keyring) List() ([]*Key, error) {
+ 	return ids, nil
+ }
+
+-// Insert adds a private key to the keyring. If a certificate
+-// is given, that certificate is added as public key. Note that
+-// any constraints given are ignored.
++// Add adds a private key to the keyring. If a certificate is given, that
++// certificate is added as public key.
++//
++// Add returns an error if key contains ConstraintExtensions.
+ func (r *keyring) Add(key AddedKey) error {
+ 	r.mu.Lock()
+ 	defer r.mu.Unlock()
+ 	if r.locked {
+ 		return errLocked
+ 	}
++
++	if len(key.ConstraintExtensions) > 0 {
++		return errors.New("agent: constraint extensions are present but not supported")
++	}
++
+ 	signer, err := ssh.NewSignerFromKey(key.PrivateKey)
+
+ 	if err != nil {
 -- 
-2.45.4
+2.43.0
 
@@ -0,0 +1,83 @@
+From 0fb843a472225645e917c84f1f9744757f0bab14 Mon Sep 17 00:00:00 2001
+From: Nicola <nicola.murino@gmail.com>
+Date: Sun, 8 Feb 2026 15:28:56 +0100
+Subject: [PATCH] ssh/agent: reject keys with unsupported confirm constraint
+
+The in-memory keyring supports the "lifetime" constraint but does not
+implement the "confirm" constraint. Previously, keyring.Add silently
+ignored ConfirmBeforeUse: the key was stored, advertised through List,
+and used for signing without any interactive confirmation, potentially
+misleading callers into believing this security measure was enforced.
+
+Return an error when ConfirmBeforeUse is set instead of silently
+downgrading the caller's security expectations. Implementing real
+confirm-before-use in an in-memory library keyring is infeasible (there
+is no UI or confirmation callback), so failing closed is the correct
+behavior; adding actual confirm support would require an API addition
+and is out of scope.
+
+This is a deliberate behavior change: keyring.Add previously accepted
+and ignored ConfirmBeforeUse and now returns an error. This change also
+updates the keyring doc comments to document the supported constraints.
+
+This issue was found during a security audit by NCC Group Cryptography
+Services, sponsored by Teleport.
+
+Fixes CVE-2026-39833
+Updates golang/go#47533
+Fixes golang/go#79436
+
+Change-Id: I1b3a286f0c1e4a4e08ac37109f7e491692ca90ae
+Reviewed-on: https://go-review.googlesource.com/c/crypto/+/778642
+Reviewed-by: Dmitri Shuralyov <dmitshur@google.com>
+Reviewed-by: Neal Patel <nealpatel@google.com>
+Reviewed-by: Neal Patel <neal@golang.org>
+Auto-Submit: Neal Patel <nealpatel@google.com>
+LUCI-TryBot-Result: golang-scoped@luci-project-accounts.iam.gserviceaccount.com <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
+
+Upstream Patch reference: https://github.com/golang/crypto/commit/0fb843a472225645e917c84f1f9744757f0bab14.patch
+---
+ vendor/golang.org/x/crypto/ssh/agent/keyring.go | 13 ++++++++++---
+ 1 file changed, 10 insertions(+), 3 deletions(-)
+
+diff --git a/vendor/golang.org/x/crypto/ssh/agent/keyring.go b/vendor/golang.org/x/crypto/ssh/agent/keyring.go
+index 64bc105..8d8cdb7 100644
+--- a/vendor/golang.org/x/crypto/ssh/agent/keyring.go
++++ b/vendor/golang.org/x/crypto/ssh/agent/keyring.go
+@@ -32,8 +32,10 @@ type keyring struct {
+
+ var errLocked = errors.New("agent: locked")
+
+-// NewKeyring returns an Agent that holds keys in memory.  It is safe
+-// for concurrent use by multiple goroutines.
++// NewKeyring returns an Agent that holds keys in memory.  It is safe for
++// concurrent use by multiple goroutines.
++//
++// The returned Agent only supports the "lifetime" constraint.
+ func NewKeyring() Agent {
+ 	return &keyring{}
+ }
+@@ -146,7 +148,8 @@ func (r *keyring) List() ([]*Key, error) {
+ // Add adds a private key to the keyring. If a certificate is given, that
+ // certificate is added as public key.
+ //
+-// Add returns an error if key contains ConstraintExtensions.
++// Add returns an error if key contains ConstraintExtensions or
++// ConfirmBeforeUse.
+ func (r *keyring) Add(key AddedKey) error {
+ 	r.mu.Lock()
+ 	defer r.mu.Unlock()
+@@ -154,6 +157,10 @@ func (r *keyring) Add(key AddedKey) error {
+ 		return errLocked
+ 	}
+
++	if key.ConfirmBeforeUse {
++		return errors.New("agent: confirm before use constraint is not supported")
++	}
++
+ 	if len(key.ConstraintExtensions) > 0 {
+ 		return errors.New("agent: constraint extensions are present but not supported")
+ 	}
+-- 
+2.43.0
+
@@ -4,7 +4,7 @@ Summary:        A Docker CLI plugin for extended build capabilities with BuildKi
 Name:           docker-buildx
 # update "commit_hash" above when upgrading version
 Version:        0.14.0
-Release:        14%{?dist}
+Release:        15%{?dist}
 License:        ASL 2.0
 Group:          Tools/Container
 Vendor:         Microsoft Corporation
@@ -36,6 +36,7 @@ Patch21:        CVE-2026-39827.patch
 Patch22:        CVE-2026-39835.patch
 Patch23:        CVE-2026-42502.patch
 Patch24:        CVE-2026-46598.patch
+Patch25:        CVE-2026-39833.patch
 
 BuildRequires: bash
 BuildRequires: golang < 1.25
@@ -69,6 +70,9 @@ install -m 755 buildx "%{buildroot}%{_libexecdir}/docker/cli-plugins/docker-buil
 %{_libexecdir}/docker/cli-plugins/docker-buildx
 
 %changelog
+* Mon Jun 01 2026 Akhila Guruju <v-guakhila@microsoft.com> - 0.14.0-15
+- Patch CVE-2026-39833 and fix patch for CVE-2026-39832
+
 * Mon Jun 01 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 0.14.0-14
 - Patch for CVE-2026-46598, CVE-2026-42502, CVE-2026-39835, CVE-2026-39827, CVE-2026-25681, CVE-2026-25680