Vulnerability Scan Report for registry.suse.com/bci/openjdk-devel:17-11.8

OpenJDK 17 development container based on the SLE Base Container Image.

registry.suse.com/bci/openjdk-devel:17-11.8

Last scanned on: April 18, 2025 16:41

Package Name	Severity	Status	Description	Reference links
curl	HIGH	fixed	Security update for curl Vulnerability ID: SUSE-SU-2022:4597-1 Installed Version: 7.79.1-150400.5.9.1 Fixed Version: 7.79.1-150400.5.12.1 This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free (bsc#1206309). - CVE-2022-43551: Fixed HSTS bypass via IDN (bsc#1206308).	CVE-2022-43551 CVE-2022-43552 SU-20224597-1 SUSE Bug#1206308 SUSE Bug#1206309 SUSE Mailing List [sle-security-updates] 2022-December#013302 SUSE Security Rating
curl	HIGH	fixed	Security update for curl Vulnerability ID: SUSE-SU-2023:0429-1 Installed Version: 7.79.1-150400.5.9.1 Fixed Version: 7.79.1-150400.5.15.1 This update for curl fixes the following issues: - CVE-2023-23914: Fixed HSTS ignored on multiple requests (bsc#1207990). - CVE-2023-23915: Fixed HSTS amnesia with --parallel (bsc#1207991). - CVE-2023-23916: Fixed HTTP multi-header compression denial of service (bsc#1207992).	CVE-2023-23914 CVE-2023-23915 CVE-2023-23916 SU-20230429-1 SUSE Bug#1207990 SUSE Bug#1207991 SUSE Bug#1207992 SUSE Mailing List [sle-security-updates] 2023-February#013777 SUSE Security Rating
curl	HIGH	fixed	Security update for curl Vulnerability ID: SUSE-SU-2023:2224-1 Installed Version: 7.79.1-150400.5.9.1 Fixed Version: 8.0.1-150400.5.23.1 This update for curl adds the following feature: Update to version 8.0.1 (jsc#PED-2580) - CVE-2023-28319: use-after-free in SSH sha256 fingerprint check (bsc#1211230). - CVE-2023-28320: siglongjmp race condition (bsc#1211231). - CVE-2023-28321: IDN wildcard matching (bsc#1211232). - CVE-2023-28322: POST-after-PUT confusion (bsc#1211233).	CVE-2023-28319 CVE-2023-28320 CVE-2023-28321 CVE-2023-28322 SU-20232224-1 SUSE Bug#1211230 SUSE Bug#1211231 SUSE Bug#1211232 SUSE Bug#1211233 SUSE Mailing List [sle-security-updates] 2023-May#014913 SUSE Security Rating
curl	HIGH	fixed	Security update for curl Vulnerability ID: SUSE-SU-2023:3823-1 Installed Version: 7.79.1-150400.5.9.1 Fixed Version: 8.0.1-150400.5.29.1 This update for curl fixes the following issues: - CVE-2023-38039: Fixed possible DoS when receiving too large HTTP header. (bsc#1215026)	CVE-2023-38039 SU-20233823-1 SUSE Bug#1215026 SUSE Mailing List [sle-updates] 2023-September#031742 SUSE Security Rating
curl	HIGH	fixed	Security update for curl Vulnerability ID: SUSE-SU-2023:4044-1 Installed Version: 7.79.1-150400.5.9.1 Fixed Version: 8.0.1-150400.5.32.1 This update for curl fixes the following issues: - CVE-2023-38545: Fixed a heap buffer overflow in SOCKS5. (bsc#1215888) - CVE-2023-38546: Fixed a cookie injection with none file. (bsc#1215889)	CVE-2023-38545 CVE-2023-38546 SU-20234044-1 SUSE Bug#1215888 SUSE Bug#1215889 SUSE Mailing List [sle-updates] 2023-October#032069 SUSE Security Rating