Vulnerability Scan Report for registry.suse.com/bci/openjdk-devel:17-13.10

OpenJDK 17 development container based on the SLE Base Container Image.

registry.suse.com/bci/openjdk-devel:17-13.10

Last scanned on: June 09, 2025 12:55

Package Name	Severity	Status	Description	Reference links
container-suseconnect	MEDIUM	fixed	Security update for container-suseconnect Vulnerability ID: SUSE-SU-2024:3360-1 Installed Version: 2.4.0-150000.4.46.1 Fixed Version: 2.5.0-150000.4.55.1 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791	CVE-2024-24789 CVE-2024-24790 CVE-2024-24791 SU-20243360-1 SUSE Bug#1225973 SUSE Bug#1225974 SUSE Bug#1227314 SUSE Mailing List [sle-security-updates] 2024-September#019493 SUSE Security Rating
cpio	MEDIUM	fixed	Security update for cpio Vulnerability ID: SUSE-SU-2024:0238-1 Installed Version: 2.13-150400.1.98 Fixed Version: 2.13-150400.3.3.1 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed a path traversal issue that could lead to an arbitrary file write during archive extraction (bsc#1218571).	CVE-2023-7207 SU-20240238-1 SUSE Bug#1218571 SUSE Mailing List [sle-security-updates] 2024-January#017765 SUSE Security Rating
cpio	LOW	fixed	Security update for cpio Vulnerability ID: SUSE-SU-2024:0305-1 Installed Version: 2.13-150400.1.98 Fixed Version: 2.13-150400.3.6.1 This update for cpio fixes the following issues: - Fixed cpio not extracting correctly when using --no-absolute-filenames option the security fix for CVE-2023-7207 (bsc#1218571, bsc#1219238)	CVE-2023-7207 SU-20240305-1 SUSE Bug#1218571 SUSE Bug#1219238 SUSE Mailing List [sle-security-updates] 2024-February#017842 SUSE Security Rating
curl	MEDIUM	fixed	Security update for curl Vulnerability ID: SUSE-SU-2024:1151-1 Installed Version: 8.0.1-150400.5.41.1 Fixed Version: 8.0.1-150400.5.44.1 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667)	CVE-2024-2004 CVE-2024-2398 SU-20241151-1 SUSE Bug#1221665 SUSE Bug#1221667 SUSE Mailing List [sle-updates] 2024-April#034871 SUSE Security Rating
curl	MEDIUM	fixed	Security update for curl Vulnerability ID: SUSE-SU-2024:3080-1 Installed Version: 8.0.1-150400.5.41.1 Fixed Version: 8.0.1-150400.5.47.1 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535)	CVE-2024-7264 SU-20243080-1 SUSE Bug#1228535 SUSE Mailing List [sle-updates] 2024-September#036722 SUSE Security Rating