Vulnerability Scan Report for registry.suse.com/bci/golang:1.20-2.10
Go 1.20-openssl development container based on the SLE Base Container Image.
Last scanned on: November 03, 2024 15:53
Go 1.20-openssl development container based on the SLE Base Container Image.
Last scanned on: November 03, 2024 15:53
Package Name | Severity | Status | Description | Reference links | |
---|---|---|---|---|---|
cpio | LOW | fixed |
Security update for cpio Vulnerability ID: SUSE-SU-2024:0305-2 Installed Version: 2.13-150400.1.98 Fixed Version: 2.13-150400.3.6.1 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238) |
||
cpp7 | HIGH | fixed |
Security update for gcc7 Vulnerability ID: SUSE-SU-2023:3686-1 Installed Version: 7.5.0+r278197-4.30.1 Fixed Version: 7.5.0+r278197-150000.4.35.1 This update for gcc7 fixes the following issues: Security issue fixed: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). Other fixes: - Fixed KASAN kernel compile. [bsc#1205145] - Fixed ICE with C++17 code as reported in [bsc#1204505] - Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517): - Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861] |
||
curl | HIGH | fixed |
Security update for curl Vulnerability ID: SUSE-SU-2023:2224-1 Installed Version: 7.79.1-150400.5.18.1 Fixed Version: 8.0.1-150400.5.23.1 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233). |
||
curl | HIGH | fixed |
Security update for curl Vulnerability ID: SUSE-SU-2023:3823-1 Installed Version: 7.79.1-150400.5.18.1 Fixed Version: 8.0.1-150400.5.29.1 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026) |
||
curl | HIGH | fixed |
Security update for curl Vulnerability ID: SUSE-SU-2023:4044-1 Installed Version: 7.79.1-150400.5.18.1 Fixed Version: 8.0.1-150400.5.32.1 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889) |