Vulnerability Scan Report for registry.suse.com/bci/php:8-11.3
PHP 8 container based on the SLE Base Container Image.
Last scanned on: October 02, 2024 22:00
PHP 8 container based on the SLE Base Container Image.
Last scanned on: October 02, 2024 22:00
Package Name | Severity | Status | Description | Reference links | |
---|---|---|---|---|---|
libgnutls30 | MEDIUM | fixed |
Security update for gnutls Vulnerability ID: SUSE-SU-2024:1271-1 Installed Version: 3.7.3-150400.4.38.1 Fixed Version: 3.7.3-150400.4.44.1 This update for gnutls fixes the following issues: - CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746) - CVE-2024-28835: Fixed denial of service during certificate chain verification (bsc#1221747) Other fixes: - jitterentropy: Release the memory of the entropy collector when using jitterentropy with phtreads as there is also a pre-intitization done in the main thread (bsc#1221242) |
||
libgnutls30-hmac | MEDIUM | fixed |
Security update for gnutls Vulnerability ID: SUSE-SU-2024:0638-1 Installed Version: 3.7.3-150400.4.38.1 Fixed Version: 3.7.3-150400.4.41.3 This update for gnutls fixes the following issues: - CVE-2024-0567: Fixed an incorrect rejection of certificate chains with distributed trust (bsc#1218862). - CVE-2024-0553: Fixed a timing attack against the RSA-PSK key exchange, which could lead to the leakage of sensitive data (bsc#1218865). |
||
libgnutls30-hmac | MEDIUM | fixed |
Security update for gnutls Vulnerability ID: SUSE-SU-2024:1271-1 Installed Version: 3.7.3-150400.4.38.1 Fixed Version: 3.7.3-150400.4.44.1 This update for gnutls fixes the following issues: - CVE-2024-28834: Fixed side-channel in the deterministic ECDSA (bsc#1221746) - CVE-2024-28835: Fixed denial of service during certificate chain verification (bsc#1221747) Other fixes: - jitterentropy: Release the memory of the entropy collector when using jitterentropy with phtreads as there is also a pre-intitization done in the main thread (bsc#1221242) |
||
libmount1 | HIGH | fixed |
Security update for util-linux Vulnerability ID: SUSE-SU-2024:1172-1 Installed Version: 2.37.4-150500.7.16 Fixed Version: 2.37.4-150500.9.6.1 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) |
||
libncurses6 | LOW | fixed |
Security update for ncurses Vulnerability ID: SUSE-SU-2024:1133-1 Installed Version: 6.1-150000.5.20.1 Fixed Version: 6.1-150000.5.24.1 This update for ncurses fixes the following issues: - CVE-2023-45918: Fixed NULL pointer dereference via corrupted xterm-256color file (bsc#1220061). |