Vulnerability Scan Report for registry.suse.com/bci/openjdk-devel:17-13.10

OpenJDK 17 development container based on the SLE Base Container Image.

registry.suse.com/bci/openjdk-devel:17-13.10

Last scanned on: June 09, 2025 12:55

Package Name	Severity	Status	Description	Reference links
curl	MEDIUM	fixed	Security update for curl Vulnerability ID: SUSE-SU-2024:3211-1 Installed Version: 8.0.1-150400.5.41.1 Fixed Version: 8.0.1-150400.5.50.1 This update for curl fixes the following issues: - CVE-2024-8096: OCSP stapling bypass with GnuTLS. (bsc#1230093)	CVE-2024-8096 SU-20243211-1 SUSE Bug#1230093 SUSE Mailing List [sle-updates] 2024-September#036855 SUSE Security Rating
curl	MEDIUM	fixed	Security update for curl Vulnerability ID: SUSE-SU-2024:3926-1 Installed Version: 8.0.1-150400.5.41.1 Fixed Version: 8.0.1-150400.5.56.1 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)	CVE-2024-9681 SU-20243926-1 SUSE Bug#1232528 SUSE Mailing List [sle-security-updates] 2024-November#019778 SUSE Security Rating
curl	MEDIUM	fixed	Security update for curl Vulnerability ID: SUSE-SU-2024:4359-1 Installed Version: 8.0.1-150400.5.41.1 Fixed Version: 8.0.1-150400.5.59.1 This update for curl fixes the following issues: - CVE-2024-11053: Fixed password leak in curl used for the first host to the followed-to host under certain circumstances (bsc#1234068)	CVE-2024-11053 SU-20244359-1 SUSE Bug#1234068 SUSE Mailing List [sle-security-updates] 2024-December#020021 SUSE Security Rating
curl	MEDIUM	fixed	Security update for curl Vulnerability ID: SUSE-SU-2025:0370-1 Installed Version: 8.0.1-150400.5.41.1 Fixed Version: 8.0.1-150400.5.62.1 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)	CVE-2025-0167 CVE-2025-0725 SU-20250370-1 SUSE Bug#1236588 SUSE Bug#1236590 SUSE Security Rating Reference #1
git-core	HIGH	fixed	Security update for git Vulnerability ID: SUSE-SU-2024:1807-1 Installed Version: 2.35.3-150300.10.33.1 Fixed Version: 2.35.3-150300.10.39.1 This update for git fixes the following issues: - CVE-2024-32002: Fixed recursive clones on case-insensitive filesystems that support symbolic links are susceptible to case confusion (bsc#1224168). - CVE-2024-32004: Fixed arbitrary code execution during local clones (bsc#1224170). - CVE-2024-32020: Fixed file overwriting vulnerability during local clones (bsc#1224171). - CVE-2024-32021: Fixed git may create hardlinks to arbitrary user-readable files (bsc#1224172). - CVE-2024-32465: Fixed arbitrary code execution during clone operations (bsc#1224173).	CVE-2024-32002 CVE-2024-32004 CVE-2024-32020 CVE-2024-32021 CVE-2024-32465 SU-20241807-1 SUSE Bug#1224168 SUSE Bug#1224170 SUSE Bug#1224171 SUSE Bug#1224172 SUSE Bug#1224173 SUSE Mailing List [sle-updates] 2024-May#035389 SUSE Security Rating