Vulnerability Scan Report for registry.suse.com/bci/golang:1.23.4

Go 1.23 development container based on the SLE Base Container Image.

registry.suse.com/bci/golang:1.23.4

Last scanned on: July 06, 2025 23:41

Package Name	Severity	Status	Description	Reference links
crypto-policies	MEDIUM	fixed	Security update for crypto-policies, krb5 Vulnerability ID: SUSE-SU-2025:0401-1 Installed Version: 20230920.570ea89-150600.1.9 Fixed Version: 20230920.570ea89-150600.3.3.1 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy.	CVE-2025-24528 SU-20250401-1 SUSE Bug#1236619 SUSE Mailing List [sle-security-updates] 2025-February#020299 SUSE Security Rating
curl	MEDIUM	fixed	Security update for curl Vulnerability ID: SUSE-SU-2025:0369-1 Installed Version: 8.6.0-150600.4.18.1 Fixed Version: 8.6.0-150600.4.21.1 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)	CVE-2025-0167 CVE-2025-0725 SU-20250369-1 SUSE Bug#1236588 SUSE Bug#1236590 SUSE Mailing List [sle-security-updates] 2025-February#020278 SUSE Security Rating
glibc	HIGH	fixed	Security update for glibc Vulnerability ID: SUSE-SU-2025:01702-1 Installed Version: 2.38-150600.14.20.3 Fixed Version: 2.38-150600.14.32.1 This update for glibc fixes the following issues: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).	CVE-2025-4802 SU-202501702-1 SUSE Bug#1243317 SUSE Mailing List [sle-updates] 2025-May#039341 SUSE Security Rating
glibc	LOW	fixed	Security update for glibc Vulnerability ID: SUSE-SU-2025:0582-1 Installed Version: 2.38-150600.14.20.3 Fixed Version: 2.38-150600.14.23.1 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282)	CVE-2025-0395 SU-20250582-1 SUSE Bug#1236282 SUSE Mailing List [sle-security-updates] 2025-February#020365 SUSE Security Rating
glibc-devel	HIGH	fixed	Security update for glibc Vulnerability ID: SUSE-SU-2025:01702-1 Installed Version: 2.38-150600.14.20.3 Fixed Version: 2.38-150600.14.32.1 This update for glibc fixes the following issues: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).	CVE-2025-4802 SU-202501702-1 SUSE Bug#1243317 SUSE Mailing List [sle-updates] 2025-May#039341 SUSE Security Rating

Package Name

Severity

Status

Description

Reference links

crypto-policies

MEDIUM

fixed

Security update for crypto-policies, krb5

Vulnerability ID: SUSE-SU-2025:0401-1

Installed Version: 20230920.570ea89-150600.1.9

Fixed Version: 20230920.570ea89-150600.3.3.1

This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy.

curl

MEDIUM

fixed

Security update for curl

Vulnerability ID: SUSE-SU-2025:0369-1

Installed Version: 8.6.0-150600.4.18.1

Fixed Version: 8.6.0-150600.4.21.1

This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)

glibc

HIGH

fixed

Security update for glibc

Vulnerability ID: SUSE-SU-2025:01702-1

Installed Version: 2.38-150600.14.20.3

Fixed Version: 2.38-150600.14.32.1

This update for glibc fixes the following issues: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317).

glibc

LOW

fixed

Security update for glibc

Vulnerability ID: SUSE-SU-2025:0582-1

Installed Version: 2.38-150600.14.20.3

Fixed Version: 2.38-150600.14.23.1

This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282)

glibc-devel

HIGH

fixed

Security update for glibc

Vulnerability ID: SUSE-SU-2025:01702-1

Installed Version: 2.38-150600.14.20.3

Fixed Version: 2.38-150600.14.32.1