Vulnerability Scan Report for registry.suse.com/bci/openjdk-devel:17-16.42
OpenJDK 17 development container based on the SLE Base Container Image.
Last scanned on: December 01, 2024 21:01
OpenJDK 17 development container based on the SLE Base Container Image.
Last scanned on: December 01, 2024 21:01
Package Name | Severity | Status | Description | Reference links | |
---|---|---|---|---|---|
apache-commons-lang3 | MEDIUM | fixed |
Recommended update for mojo-parent Vulnerability ID: SUSE-RU-2024:3971-1 Installed Version: 3.12.0-150200.3.6.4 Fixed Version: 3.16.0-150200.3.9.2 This update for mojo-parent fixes the following issues: xalan-j2 was updated from version 2.7.2 to 2.7.3: - Security issues fixed: * CVE-2022-34169: Fixed integer truncation issue when processing malicious XSLT stylesheets (bsc#1201684) - Changes and Bugs fixed: * Java 8 is now the minimum requirement * Upgraded to Apache Commons BCEL 6.7.0 * Upgraded to Xerces-J 2.12.2 mojo-parent was updated from version 70 to 82: - Main changes: * Potentially Breaking Changes: + mojo.java.target should be set as '8', without '1.' + spotless plugin must be executed by JDK 11 at least + ossrh-snapshots repository was removed from parent * New features and improvements: + Removed SHA-512 checksum for source release artifact + Use only project version as tag for release + Added space before close empty elements in poms by spotless + Using Checkstyle together with Spotless + Introduce spotless for automatic code formatting + Introduce enforcer rule for minimal version of Java and Maven + Use new Plugin Tools report - maven-plugin-report-plugin + Added sisu-maven-plugin + Introduced maven.version property + Execute spotless by JDK 11 at least + Use release options for m-compiler-p with newer JDKs + Allow override of invoker.streamLogsOnFailures + Require Maven 3.9.x at least for releases + Added maven-wrapper-plugin to pluginManagement + Removed ossrh-snapshots repository from MojoHaus parent + Added build-helper-maven-plugin to pluginManagement + Require Maven 3.6.3+ + Updated palantirJavaFormat for spotless - JDK 21 compatible + Added dependencyManagement for maven-shade-plugin + Dropped recommendedJavaBuildVersion property + Format Markdown files with Spotless Plugin * Bugs fixed: + Restore source release distribution in child projects + Rename property maven.version to mavenVersion + minimalMavenBuildVersion should not be overriding by mavenVersion + Use simple checkstyle rules since spotless is executed by default + Use old spotless version only for JDK < 11 + Fixed spotless configuration for markdown - Other changes: * Removed Google search box due to privacy * Put version for mrm-maven-plugin in property * Added streamLogsOnFailures to m-invoker-p * Added property for maven-fluido-skin version * Setup Apache Matomo analytics * Require Maven 3.2.5 * Added SHA-512 hashes * Extract plugin version as variable so child pom can override if needed * Removed issue-tracking as no longer exists * Removed cim report as no longer exists bcel was updated from version 5.2 to 6.10: - Many APIs have been extended - Added riscv64 support - Various bugs were fixed apache-commons-lang3 was updated to version 3.12.0 to 3.16.0: - Included new APIs that are needed by bcel 6.x - Various minor bugs were fixed xerces-j2: - Improved RPM packaging build instructions netty3: - Generate sources with protobuf instead of using pre-generated ones |
||
ca-certificates-mozilla | UNKNOWN | fixed |
Security update for ca-certificates-mozilla Vulnerability ID: SUSE-SU-2024:2869-1 Installed Version: 2.62-150200.30.1 Fixed Version: 2.68-150200.33.1 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 |
||
container-suseconnect | MEDIUM | fixed |
Security update for container-suseconnect Vulnerability ID: SUSE-SU-2024:3360-1 Installed Version: 2.4.0-150000.4.50.2 Fixed Version: 2.5.0-150000.4.55.1 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791 |
||
curl | MEDIUM | fixed |
Security update for curl Vulnerability ID: SUSE-SU-2024:1151-1 Installed Version: 8.0.1-150400.5.41.1 Fixed Version: 8.0.1-150400.5.44.1 This update for curl fixes the following issues: - CVE-2024-2004: Fix the uUsage of disabled protocol logic. (bsc#1221665) - CVE-2024-2398: Fix HTTP/2 push headers memory-leak. (bsc#1221667) |
||
curl | MEDIUM | fixed |
Security update for curl Vulnerability ID: SUSE-SU-2024:3080-1 Installed Version: 8.0.1-150400.5.41.1 Fixed Version: 8.0.1-150400.5.47.1 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535) |