Vulnerability Scan Report for registry.suse.com/bci/bci-init:15.4.24.42
Systemd environment for containers based on the SLE Base Container Image. This container is only supported with podman.
Last scanned on: October 06, 2024 13:30
Systemd environment for containers based on the SLE Base Container Image. This container is only supported with podman.
Last scanned on: October 06, 2024 13:30
Package Name | Severity | Status | Description | Reference links | |
---|---|---|---|---|---|
ca-certificates-mozilla | UNKNOWN | fixed |
Security update for ca-certificates-mozilla Vulnerability ID: SUSE-SU-2023:0037-1 Installed Version: 2.56-150200.24.1 Fixed Version: 2.60-150200.27.1 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.60 state of Mozilla SSL root CAs (bsc#1206622) Removed CAs: - Global Chambersign Root - EC-ACC - Network Solutions Certificate Authority - Staat der Nederlanden EV Root CA - SwissSign Platinum CA - G2 Added CAs: - DIGITALSIGN GLOBAL ROOT ECDSA CA - DIGITALSIGN GLOBAL ROOT RSA CA - Security Communication ECC RootCA1 - Security Communication RootCA3 Changed trust: - TrustCor certificates only trusted up to Nov 30 (bsc#1206212) - Removed CAs (bsc#1206212) as most code does not handle 'valid before nov 30 2022' and it is not clear how many certs were issued for SSL middleware by TrustCor: - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - TrustCor ECA-1 |
||
ca-certificates-mozilla | UNKNOWN | fixed |
Security update for ca-certificates-mozilla Vulnerability ID: SUSE-SU-2023:3454-1 Installed Version: 2.56-150200.24.1 Fixed Version: 2.62-150200.30.1 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1 |
||
ca-certificates-mozilla | UNKNOWN | fixed |
Security update for ca-certificates-mozilla Vulnerability ID: SUSE-SU-2024:2869-1 Installed Version: 2.56-150200.24.1 Fixed Version: 2.68-150200.33.1 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3 |
||
container-suseconnect | HIGH | fixed |
Security update for container-suseconnect Vulnerability ID: SUSE-SU-2023:0871-1 Installed Version: 2.3.0-150000.4.19.2 Fixed Version: 2.4.0-150000.4.24.1 This update of container-suseconnect fixes the following issue: - container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7. - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding (bsc#1208270). - CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls (bsc#1208271). - CVE-2022-41725: Fixed denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208272). - CVE-2023-24532: Fixed incorrect P-256 ScalarMult and ScalarBaseMult results (bsc#1209030). - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134). |
||
container-suseconnect | MEDIUM | fixed |
Security update for container-suseconnect Vulnerability ID: SUSE-SU-2024:3360-1 Installed Version: 2.3.0-150000.4.19.2 Fixed Version: 2.5.0-150000.4.55.1 This update for container-suseconnect rebuilds it against current go1.21.13.1. Security issues fixed: CVE-2024-24789, CVE-2024-24790, CVE-2024-24791 |