Vulnerability Scan Report for registry.suse.com/bci/bci-init:15.5.14.21

Systemd environment for containers based on the SLE Base Container Image. This container is only supported with podman.

registry.suse.com/bci/bci-init:15.5.14.21

Last scanned on: June 14, 2025 22:13

Package Name	Severity	Status	Description	Reference links
libudev1	MEDIUM	fixed	Security update for systemd Vulnerability ID: SUSE-SU-2024:3149-1 Installed Version: 249.17-150400.8.40.1 Fixed Version: 249.17-150400.8.43.1 This update for systemd fixes the following issues: - CVE-2023-7008: Fixed man-in-the-middle due to unsigned name response in signed zone not refused when DNSSEC=yes (bsc#1218297) Other fixes: - Unit: drop ProtectClock=yes from systemd-udevd.service (bsc#1226414) - Don't mention any rpm macros inside comments, even if escaped (bsc#1228091) - Skip redundant dependencies specified the LSB description that references the file name of the service itself for early boot scripts (bsc#1221479).	CVE-2023-7008 SU-20243149-1 SUSE Bug#1218297 SUSE Bug#1221479 SUSE Bug#1226414 SUSE Bug#1228091 SUSE Mailing List [sle-security-updates] 2024-September#019374 SUSE Security Rating
libuuid1	HIGH	fixed	Security update for util-linux Vulnerability ID: SUSE-SU-2024:1172-1 Installed Version: 2.37.4-150500.9.3.1 Fixed Version: 2.37.4-150500.9.6.1 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)	CVE-2024-28085 SU-20241172-1 SUSE Bug#1207987 SUSE Bug#1221831 SUSE Mailing List [sle-updates] 2024-April#034902 SUSE Security Rating
libxml2-2	HIGH	fixed	Security update for libxml2 Vulnerability ID: SUSE-SU-2025:0348-1 Installed Version: 2.10.3-150500.5.14.1 Fixed Version: 2.10.3-150500.5.20.1 This update for libxml2 fixes the following issues: - CVE-2022-49043: Fixed a use-after-free in xmlXIncludeAddNode. (bsc#1236460)	CVE-2022-49043 SU-20250348-1 SUSE Bug#1236460 SUSE Mailing List [sle-security-updates] 2025-February#020269 SUSE Security Rating
libxml2-2	HIGH	fixed	Security update for libxml2 Vulnerability ID: SUSE-SU-2025:0746-1 Installed Version: 2.10.3-150500.5.14.1 Fixed Version: 2.10.3-150500.5.23.1 This update for libxml2 fixes the following issues: - CVE-2024-56171: use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c (bsc#1237363). - CVE-2025-24928: stack-based buffer overflow in xmlSnprintfElements in valid.c (bsc#1237370). - CVE-2025-27113: NULL pointer dereference in xmlPatMatch in pattern.c (bsc#1237418).	CVE-2024-56171 CVE-2025-24928 CVE-2025-27113 SU-20250746-1 SUSE Bug#1237363 SUSE Bug#1237370 SUSE Bug#1237418 SUSE Mailing List [sle-security-updates] 2025-February#020469 SUSE Security Rating
libxml2-2	LOW	fixed	Security update for libxml2 Vulnerability ID: SUSE-SU-2024:2290-1 Installed Version: 2.10.3-150500.5.14.1 Fixed Version: 2.10.3-150500.5.17.1 This update for libxml2 fixes the following issues: - CVE-2024-34459: Fixed buffer over-read in xmlHTMLPrintFileContext in xmllint.c (bsc#1224282).	CVE-2024-34459 SU-20242290-1 SUSE Bug#1224282 SUSE Mailing List [sle-updates] 2024-July#035812 SUSE Security Rating