Vulnerability Scan Report for registry.suse.com/bci/bci-init:15.3.9.13
Systemd environment for containers based on the SLE Base Container Image. This container is only supported with podman.
Last scanned on: September 24, 2024 15:22
Systemd environment for containers based on the SLE Base Container Image. This container is only supported with podman.
Last scanned on: September 24, 2024 15:22
Package Name | Severity | Status | Description | Reference links | |
---|---|---|---|---|---|
udev | MEDIUM | fixed |
Security update for systemd Vulnerability ID: SUSE-SU-2022:4630-1 Installed Version: 246.16-150300.7.39.1 Fixed Version: 246.16-150300.7.57.1 This update for systemd fixes the following issues: - CVE-2022-4415: Fixed systemd-coredump that did not respect the fs.suid_dumpable kernel setting (bsc#1205000). Bug fixes: - Support by-path devlink for multipath nvme block devices (bsc#1200723). - Set SYSTEMD_NSS_DYNAMIC_BYPASS=1 env var for dbus-daemon (bsc#1203857). - Restrict cpu rule to x86_64, and also update the rule files to make use of the 'CONST{arch}' syntax (bsc#1204423). |
||
update-alternatives | LOW | fixed |
Security update for dpkg Vulnerability ID: SUSE-SU-2022:4081-1 Installed Version: 1.19.0.4-2.48 Fixed Version: 1.19.0.4-150000.4.4.1 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944). |
||
util-linux | HIGH | fixed |
Security update for util-linux Vulnerability ID: SUSE-SU-2024:1170-1 Installed Version: 2.36.2-4.5.1 Fixed Version: 2.36.2-150300.4.41.1 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) |
||
util-linux | MEDIUM | fixed |
Security update for libeconf, shadow and util-linux Vulnerability ID: SUSE-SU-2022:0727-1 Installed Version: 2.36.2-4.5.1 Fixed Version: 2.36.2-150300.4.14.3 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) |
||
zypper | MEDIUM | fixed |
Recommended update for libzypp, zypper, PackageKit Vulnerability ID: SUSE-RU-2024:1202-1 Installed Version: 1.14.51-24.1 Fixed Version: 1.14.69-150200.73.7 This update for libzypp, zypper, PackageKit fixes the following issues: - Fixup New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - CVE-2024-0217: Check that Finished signal is emitted at most once (bsc#1218544) - Add resolver option 'removeOrphaned' for distupgrade (bsc#1221525) - New VendorSupportOption flag VendorSupportSuperseded (jsc#OBS-301, jsc#PED-8014) - Add default stripe minimum - Don't expose std::optional where YAST/PK explicitly use c++11. - Digest: Avoid using the deprecated OPENSSL_config - version 17.32.0 - ProblemSolution::skipsPatchesOnly overload to handout the patches - Show active dry-run/download-only at the commit propmpt - Add --skip-not-applicable-patches option - Fix printing detailed solver problem description - Fix bash-completion to work with right adjusted numbers in the 1st column too - Set libzypp shutdown request signal on Ctrl+C - In the detailed view show all baseurls not just the first one (bsc#1218171) |