Vulnerability Scan Report for registry.suse.com/bci/golang:1.20-2.59
Go 1.20-openssl development container based on the SLE Base Container Image.
Last scanned on: November 03, 2024 02:11
Go 1.20-openssl development container based on the SLE Base Container Image.
Last scanned on: November 03, 2024 02:11
Package Name | Severity | Status | Description | Reference links | |
---|---|---|---|---|---|
ncurses-utils | MEDIUM | fixed |
Security update for ncurses Vulnerability ID: SUSE-SU-2023:4891-1 Installed Version: 6.1-150000.5.15.1 Fixed Version: 6.1-150000.5.20.1 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) |
||
openssh-clients | HIGH | fixed |
Security update for openssh Vulnerability ID: SUSE-SU-2023:2945-1 Installed Version: 8.4p1-150300.3.18.2 Fixed Version: 8.4p1-150300.3.22.1 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] |
||
openssh-clients | HIGH | fixed |
Security update for openssh Vulnerability ID: SUSE-SU-2023:4902-1 Installed Version: 8.4p1-150300.3.18.2 Fixed Version: 8.4p1-150300.3.27.1 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump |
||
openssh-clients | HIGH | fixed |
Security update for openssh Vulnerability ID: SUSE-SU-2024:0596-1 Installed Version: 8.4p1-150300.3.18.2 Fixed Version: 8.4p1-150300.3.30.1 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215) |
||
openssh-common | HIGH | fixed |
Security update for openssh Vulnerability ID: SUSE-SU-2023:2945-1 Installed Version: 8.4p1-150300.3.18.2 Fixed Version: 8.4p1-150300.3.22.1 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] |