Vulnerability Scan Report for registry.suse.com/bci/nodejs:20-31.11

Node.js 20 development container based on the SLE Base Container Image.

registry.suse.com/bci/nodejs:20-31.11

Last scanned on: May 16, 2025 07:13

Package Name	Severity	Status	Description	Reference links
krb5	MEDIUM	fixed	Security update for crypto-policies, krb5 Vulnerability ID: SUSE-SU-2025:0401-1 Installed Version: 1.20.1-150600.11.3.1 Fixed Version: 1.20.1-150600.11.8.1 This update for crypto-policies and krb5 fixes the following issues: Security issue fixed: - CVE-2025-24528: Fixed out-of-bounds write caused by overflow when calculating ulog block size can lead to process crash (bsc#1236619). Feature addition: - Add crypto-policies support; (jsc#PED-12018) * The default krb5.conf has been updated to include config snippets in the krb5.conf.d directory, where crypto-policies drops its. - Allow to use KRB5KDF in FIPS mode; (jsc#PED-12018); * This key derivation function is used by AES256-CTS-HMAC-SHA1-96 and AES128-CTS-HMAC-SHA1-96 encryption types, used by Active directory. If these encryption types are allowed or not in FIPS mode is enforced now by the FIPS:AD-SUPPORT subpolicy.	CVE-2025-24528 SU-20250401-1 SUSE Bug#1236619 SUSE Mailing List [sle-security-updates] 2025-February#020299 SUSE Security Rating
libaugeas0	LOW	fixed	Security update for augeas Vulnerability ID: SUSE-SU-2025:1534-1 Installed Version: 1.14.1-150600.1.3 Fixed Version: 1.14.1-150600.3.3.1 This update for augeas fixes the following issues: - CVE-2025-2588: Check for NULL pointers when calling re_case_expand in function fa_expand_nocase. (bsc#1239909)	CVE-2025-2588 SU-20251534-1 SUSE Bug#1239909 SUSE Mailing List [sle-security-updates] 2025-May#020822 SUSE Security Rating
libcurl4	HIGH	fixed	Security update for curl Vulnerability ID: SUSE-SU-2024:2784-1 Installed Version: 8.6.0-150600.2.2 Fixed Version: 8.6.0-150600.4.3.1 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888)	CVE-2024-6197 CVE-2024-7264 SU-20242784-1 SUSE Bug#1227888 SUSE Bug#1228535 SUSE Mailing List [sle-updates] 2024-August#036337 SUSE Security Rating
libcurl4	MEDIUM	fixed	Security update for curl Vulnerability ID: SUSE-SU-2024:3204-1 Installed Version: 8.6.0-150600.2.2 Fixed Version: 8.6.0-150600.4.6.1 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)	CVE-2024-8096 SU-20243204-1 SUSE Bug#1230093 SUSE Mailing List [sle-security-updates] 2024-September#019412 SUSE Security Rating
libcurl4	MEDIUM	fixed	Security update for curl Vulnerability ID: SUSE-SU-2024:3925-1 Installed Version: 8.6.0-150600.2.2 Fixed Version: 8.6.0-150600.4.12.1 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)	CVE-2024-9681 SU-20243925-1 SUSE Bug#1232528 SUSE Mailing List [sle-security-updates] 2024-November#019779 SUSE Security Rating