Vulnerability Scan Report for registry.suse.com/suse/mariadb:10.11-42.4

MariaDB Server container based on the SLE Base Container Image.

registry.suse.com/suse/mariadb:10.11-42.4

Last scanned on: May 05, 2025 22:42

Package Name	Severity	Status	Description	Reference links
procps	LOW	fixed	Security update for procps Vulnerability ID: SUSE-SU-2025:0741-1 Installed Version: 3.3.17-150000.7.39.1 Fixed Version: 3.3.17-150000.7.42.1 This update for procps fixes the following issues: - Integer overflow due to incomplete fix for CVE-2023-4016 can lead to segmentation fault in ps command when pid argument has a leading space (bsc#1236842, bsc#1214290).	CVE-2023-4016 SU-20250741-1 SUSE Bug#1214290 SUSE Bug#1236842 SUSE Mailing List [sle-security-updates] 2025-February#020453 SUSE Security Rating
python3-base	HIGH	fixed	Security update for python3 Vulnerability ID: SUSE-SU-2024:3470-1 Installed Version: 3.6.15-150300.10.65.1 Fixed Version: 3.6.15-150300.10.72.1 This update for python3 fixes the following issues: - CVE-2024-6923: Fixed uncontrolled CPU resource consumption when in http.cookies module (bsc#1228780). - CVE-2024-5642: Fixed buffer overread when NPN is used and invalid values are sent to the OpenSSL API (bsc#1227233). - CVE-2024-7592: Fixed Email header injection due to unquoted newlines (bsc#1229596). - CVE-2024-6232: excessive backtracking when parsing tarfile headers leads to ReDoS. (bsc#1230227) Bug fixes: - %{profileopt} variable is set according to the variable %{do_profiling} (bsc#1227999). - Stop using %%defattr, it seems to be breaking proper executable attributes on /usr/bin/ scripts (bsc#1227378). - Remove %suse_update_desktop_file macro as it is not useful any more.	CVE-2024-5642 CVE-2024-6232 CVE-2024-6923 CVE-2024-7592 SU-20243470-1 SUSE Bug#1227233 SUSE Bug#1227378 SUSE Bug#1227999 SUSE Bug#1228780 SUSE Bug#1229596 SUSE Bug#1230227 SUSE Mailing List [sle-updates] 2024-September#037102 SUSE Security Rating
python3-base	MEDIUM	fixed	Security update for python3 Vulnerability ID: SUSE-SU-2024:3879-1 Installed Version: 3.6.15-150300.10.65.1 Fixed Version: 3.6.15-150300.10.75.1 This update for python3 fixes the following issues: Security fixes: - CVE-2024-9287: properly quote path names provided when creating a virtual environment (bsc#1232241) Other fixes: - Drop .pyc files from docdir for reproducible builds (bsc#1230906)	CVE-2024-9287 SU-20243879-1 SUSE Bug#1230906 SUSE Bug#1232241 SUSE Mailing List [sle-security-updates] 2024-November#019766 SUSE Security Rating
python3-base	MEDIUM	fixed	Security update for python3 Vulnerability ID: SUSE-SU-2024:4193-1 Installed Version: 3.6.15-150300.10.65.1 Fixed Version: 3.6.15-150300.10.78.1 This update for python3 fixes the following issues: - CVE-2024-11168: Fixed improper validation of IPv6 and IPvFuture addresses (bsc#1233307) Other fixes: - Remove -IVendor/ from python-config (bsc#1231795)	CVE-2024-11168 SU-20244193-1 SUSE Bug#1231795 SUSE Bug#1233307 SUSE Mailing List [sle-security-updates] 2024-December#019921 SUSE Security Rating
python3-base	MEDIUM	fixed	Security update for python3 Vulnerability ID: SUSE-SU-2025:0554-1 Installed Version: 3.6.15-150300.10.65.1 Fixed Version: 3.6.15-150300.10.81.1 This update for python3 fixes the following issues: - CVE-2025-0938: domain names containing square brackets are not identified as incorrect by urlparse. (bsc#1236705)	CVE-2025-0938 SU-20250554-1 SUSE Bug#1236705 SUSE Mailing List [sle-security-updates] 2025-February#020354 SUSE Security Rating