Vulnerability Scan Report for registry.suse.com/bci/php-fpm:8-31.6
PHP-FPM 8 container based on the SLE Base Container Image.
Last scanned on: September 11, 2024 18:32
PHP-FPM 8 container based on the SLE Base Container Image.
Last scanned on: September 11, 2024 18:32
Package Name | Severity | Status | Description | Reference links | |
---|---|---|---|---|---|
ca-certificates-mozilla | UNKNOWN | fixed |
Security update for ca-certificates-mozilla Vulnerability ID: SUSE-SU-2024:2869-1 Installed Version: 2.62-150200.30.1 Fixed Version: 2.68-150200.33.1 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 |
||
curl | HIGH | fixed |
Security update for curl Vulnerability ID: SUSE-SU-2024:2784-1 Installed Version: 8.6.0-150600.2.2 Fixed Version: 8.6.0-150600.4.3.1 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) |
||
libcurl4 | HIGH | fixed |
Security update for curl Vulnerability ID: SUSE-SU-2024:2784-1 Installed Version: 8.6.0-150600.2.2 Fixed Version: 8.6.0-150600.4.3.1 This update for curl fixes the following issues: - CVE-2024-7264: Fixed ASN.1 date parser overread (bsc#1228535) - CVE-2024-6197: Fixed freeing stack buffer in utf8asn1str (bsc#1227888) |
||
libonig4 | MEDIUM | fixed |
Security update for oniguruma Vulnerability ID: SUSE-SU-2024:2401-1 Installed Version: 6.7.0-150000.3.3.1 Fixed Version: 6.7.0-150000.3.6.1 This update for oniguruma fixes the following issues: - CVE-2019-13225: Fixed null-pointer dereference in match_at() in regexec.c (bsc#1141157). |
||
libopenssl-3-fips-provider | HIGH | fixed |
Security update for openssl-3 Vulnerability ID: SUSE-SU-2024:2635-1 Installed Version: 3.1.4-150600.5.7.1 Fixed Version: 3.1.4-150600.5.10.1 This update for openssl-3 fixes the following issues: Security fixes: - CVE-2024-5535: Fixed SSL_select_next_proto buffer overread (bsc#1227138) Other fixes: - Build with no-afalgeng (bsc#1226463) - Build with enabled sm2 and sm4 support (bsc#1222899) - Fix non-reproducibility issue (bsc#1223336) |