Vulnerability Scan Report for registry.suse.com/bci/php-fpm:8.2.20-38.1
PHP-FPM 8 container based on the SLE Base Container Image.
Last scanned on: December 10, 2024 05:31
PHP-FPM 8 container based on the SLE Base Container Image.
Last scanned on: December 10, 2024 05:31
Package Name | Severity | Status | Description | Reference links | |
---|---|---|---|---|---|
container-suseconnect | MEDIUM | fixed |
Security update for container-suseconnect Vulnerability ID: SUSE-SU-2024:3360-1 Installed Version: 2.5.0-150000.4.53.2 Fixed Version: 2.5.0-150000.4.55.1 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791 |
||
curl | MEDIUM | fixed |
Security update for curl Vulnerability ID: SUSE-SU-2024:3925-1 Installed Version: 8.6.0-150600.4.6.1 Fixed Version: 8.6.0-150600.4.12.1 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) |
||
libcurl4 | MEDIUM | fixed |
Security update for curl Vulnerability ID: SUSE-SU-2024:3925-1 Installed Version: 8.6.0-150600.4.6.1 Fixed Version: 8.6.0-150600.4.12.1 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528) |
||
libglib-2_0-0 | HIGH | fixed |
Security update for glib2 Vulnerability ID: SUSE-SU-2024:4254-1 Installed Version: 2.78.6-150600.4.3.1 Fixed Version: 2.78.6-150600.4.8.1 This update for glib2 fixes the following issues: Security issues fixed: - CVE-2024-52533: Fix a single byte buffer overflow in set_connect_msg() (bsc#1233282). Non-security issue fixed: - Fix error when uninstalling packages (bsc#1231463). |
||
libopenssl-3-fips-provider | HIGH | fixed |
Security update for openssl-3 Vulnerability ID: SUSE-SU-2024:3501-1 Installed Version: 3.1.4-150600.5.15.1 Fixed Version: 3.1.4-150600.5.18.1 This update for openssl-3 fixes the following issues: - CVE-2024-41996: Validating the order of the public keys in the Diffie-Hellman Key Agreement Protocol, when an approved safe prime is used, allows remote attackers to trigger expensive server-side DHE (bsc#1230698) |