Vulnerability Scan Report for registry.suse.com/suse/mariadb:10.11-42.4

MariaDB Server container based on the SLE Base Container Image.

registry.suse.com/suse/mariadb:10.11-42.4

Last scanned on: May 05, 2025 22:42

Package Name	Severity	Status	Description	Reference links
libopenssl-3-fips-provider	MEDIUM	fixed	Security update for openssl-3 Vulnerability ID: SUSE-SU-2024:3943-1 Installed Version: 3.1.4-150600.5.10.1 Fixed Version: 3.1.4-150600.5.21.1 This update for openssl-3 fixes the following issues: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262)	CVE-2023-50782 SU-20243943-1 SUSE Bug#1220262 SUSE Mailing List [sle-security-updates] 2024-November#019786 SUSE Security Rating
libopenssl-3-fips-provider	MEDIUM	fixed	Security update for openssl-3 Vulnerability ID: SUSE-SU-2025:0430-1 Installed Version: 3.1.4-150600.5.10.1 Fixed Version: 3.1.4-150600.5.24.1 This update for openssl-3 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in ECDSA signature computation (bsc#1236136).	CVE-2024-13176 SU-20250430-1 SUSE Bug#1236136 SUSE Mailing List [sle-security-updates] 2025-February#020316 SUSE Security Rating
libopenssl1_1	MEDIUM	fixed	Security update for openssl-1_1 Vulnerability ID: SUSE-SU-2024:3905-1 Installed Version: 1.1.1w-150600.5.6.1 Fixed Version: 1.1.1w-150600.5.9.1 This update for openssl-1_1 fixes the following issues: Security fixes: - CVE-2023-50782: Implicit rejection in PKCS#1 v1.5 (bsc#1220262) Other fixes: - FIPS: AES GCM external IV implementation (bsc#1228618) - FIPS: Mark PBKDF2 and HKDF HMAC input keys with size >= 112 bits as approved in the SLI. (bsc#1228623) - FIPS: Enforce KDF in FIPS style (bsc#1224270) - FIPS: Mark HKDF and TLSv1.3 KDF as approved in the SLI (bsc#1228619) - FIPS: The X9.31 scheme is not approved for RSA signature operations in FIPS 186-5. (bsc#1224269) - FIPS: Differentiate the PSS length requirements (bsc#1224275) - FIPS: Mark sigGen and sigVer primitives as non-approved (bsc#1224272) - FIPS: Disable PKCSv1.5 and shake in FIPS mode (bsc#1224271) - FIPS: Mark SHA1 as non-approved in the SLI (bsc#1224266) - FIPS: DH FIPS selftest and safe prime group (bsc#1224264) - FIPS: Remove not needed FIPS DRBG files (bsc#1224268) - FIPS: Add Pair-wise Consistency Test when generating DH key (bsc#1224265) - FIPS: Disallow non-approved KDF types (bsc#1224267) - FIPS: Disallow RSA sigVer with 1024 and ECDSA sigVer/keyVer P-192 (bsc#1224273) - FIPS: DRBG component chaining (bsc#1224258) - FIPS: Align CRNGT_BUFSIZ with Jitter RNG output size (bsc#1224260)	CVE-2023-50782 SU-20243905-1 SUSE Bug#1220262 SUSE Bug#1224258 SUSE Bug#1224260 SUSE Bug#1224264 SUSE Bug#1224265 SUSE Bug#1224266 SUSE Bug#1224267 SUSE Bug#1224268 SUSE Bug#1224269 SUSE Bug#1224270 SUSE Bug#1224271 SUSE Bug#1224272 SUSE Bug#1224273 SUSE Bug#1224275 SUSE Bug#1228618 SUSE Bug#1228619 SUSE Bug#1228623 SUSE Mailing List [sle-security-updates] 2024-November#019774 SUSE Security Rating
libopenssl1_1	MEDIUM	fixed	Security update for openssl-1_1 Vulnerability ID: SUSE-SU-2025:0613-1 Installed Version: 1.1.1w-150600.5.6.1 Fixed Version: 1.1.1w-150600.5.12.2 This update for openssl-1_1 fixes the following issues: - CVE-2024-13176: Fixed timing side-channel in the ECDSA signature computation (bsc#1236136). Other bugfixes: - Non approved PBKDF parameters wrongly resulting as approved (bsc#1236771).	CVE-2024-13176 SU-20250613-1 SUSE Bug#1236136 SUSE Bug#1236771 SUSE Mailing List [sle-security-updates] 2025-February#020395 SUSE Security Rating
libopenssl3	HIGH	fixed	Security update for openssl-3 Vulnerability ID: SUSE-SU-2024:3106-1 Installed Version: 3.1.4-150600.5.10.1 Fixed Version: 3.1.4-150600.5.15.1 This update for openssl-3 fixes the following issues: - CVE-2024-6119: Fixed denial of service in X.509 name checks (bsc#1229465) Other fixes: - FIPS: Deny SHA-1 signature verification in FIPS provider (bsc#1221365). - FIPS: RSA keygen PCT requirements. - FIPS: Check that the fips provider is available before setting it as the default provider in FIPS mode (bsc#1220523). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: Block non-Approved Elliptic Curves (bsc#1221786). - FIPS: Service Level Indicator (bsc#1221365). - FIPS: Output the FIPS-validation name and module version which uniquely identify the FIPS validated module (bsc#1221751). - FIPS: Add required selftests: (bsc#1221760). - FIPS: DH: Disable FIPS 186-4 Domain Parameters (bsc#1221821). - FIPS: Recommendation for Password-Based Key Derivation (bsc#1221827). - FIPS: Zero initialization required (bsc#1221752). - FIPS: Reseed DRBG (bsc#1220690, bsc#1220693, bsc#1220696). - FIPS: NIST SP 800-56Brev2 (bsc#1221824). - FIPS: Approved Modulus Sizes for RSA Digital Signature for FIPS 186-4 (bsc#1221787). - FIPS: Port openssl to use jitterentropy (bsc#1220523). - FIPS: NIST SP 800-56Arev3 (bsc#1221822). - FIPS: Error state has to be enforced (bsc#1221753).	CVE-2024-6119 SU-20243106-1 SUSE Bug#1220523 SUSE Bug#1220690 SUSE Bug#1220693 SUSE Bug#1220696 SUSE Bug#1221365 SUSE Bug#1221751 SUSE Bug#1221752 SUSE Bug#1221753 SUSE Bug#1221760 SUSE Bug#1221786 SUSE Bug#1221787 SUSE Bug#1221821 SUSE Bug#1221822 SUSE Bug#1221824 SUSE Bug#1221827 SUSE Bug#1229465 SUSE Mailing List [sle-updates] 2024-September#036766 SUSE Security Rating