Vulnerability Scan Report for registry.suse.com/bci/openjdk-devel:17-28.3
OpenJDK 17 development container based on the SLE Base Container Image.
registry.suse.com/bci/openjdk-devel:17-28.3
Last scanned on: July 07, 2025 19:03
OpenJDK 17 development container based on the SLE Base Container Image.
Last scanned on: July 07, 2025 19:03
| Package Name | Severity | Status | Description | Reference links | |
|---|---|---|---|---|---|
| libtasn1 | HIGH | fixed |
Security update for libtasn1 Vulnerability ID: SUSE-SU-2025:0548-1 Installed Version: 4.13-150000.4.8.1 Fixed Version: 4.13-150000.4.11.1 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) |
||
| libtasn1-6 | HIGH | fixed |
Security update for libtasn1 Vulnerability ID: SUSE-SU-2025:0548-1 Installed Version: 4.13-150000.4.8.1 Fixed Version: 4.13-150000.4.11.1 This update for libtasn1 fixes the following issues: - CVE-2024-12133: the processing of input DER data containing a large number of SEQUENCE OF or SET OF elements takes quadratic time to complete. (bsc#1236878) |
||
| libudev1 | MEDIUM | fixed |
Security update for systemd Vulnerability ID: SUSE-SU-2024:3149-1 Installed Version: 249.17-150400.8.40.1 Fixed Version: 249.17-150400.8.43.1 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479). |
||
| libxml2-2 | HIGH | fixed |
Security update for libxml2 Vulnerability ID: SUSE-SU-2025:0348-1 Installed Version: 2.10.3-150500.5.17.1 Fixed Version: 2.10.3-150500.5.20.1 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460) |
||
| libxml2-2 | HIGH | fixed |
Security update for libxml2 Vulnerability ID: SUSE-SU-2025:0746-1 Installed Version: 2.10.3-150500.5.17.1 Fixed Version: 2.10.3-150500.5.23.1 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418). |
||