Vulnerability Scan Report for registry.suse.com/bci/bci-init:15.4.29.48

Systemd environment for containers based on the SLE Base Container Image. This container is only supported with podman.

registry.suse.com/bci/bci-init:15.4.29.48

Last scanned on: May 14, 2025 16:36

Package Name	Severity	Status	Description	Reference links
libcurl4	MEDIUM	fixed	Security update for curl Vulnerability ID: SUSE-SU-2024:3080-2 Installed Version: 8.0.1-150400.5.26.1 Fixed Version: 8.0.1-150400.5.47.1 This update for curl fixes the following issues: - CVE-2024-7264: Fixed out-of-bounds read in ASN.1 date parser GTime2str() (bsc#1228535)	CVE-2024-7264 SU-20243080-2 SUSE Bug#1228535 SUSE Mailing List [sle-security-updates] 2024-September#019434 SUSE Security Rating
libcurl4	MEDIUM	fixed	Security update for curl Vulnerability ID: SUSE-SU-2024:3926-1 Installed Version: 8.0.1-150400.5.26.1 Fixed Version: 8.0.1-150400.5.56.1 This update for curl fixes the following issues: - CVE-2024-9681: Fixed HSTS subdomain overwrites parent cache entry (bsc#1232528)	CVE-2024-9681 SU-20243926-1 SUSE Bug#1232528 SUSE Mailing List [sle-security-updates] 2024-November#019778 SUSE Security Rating
libcurl4	MEDIUM	fixed	Security update for curl Vulnerability ID: SUSE-SU-2025:0370-1 Installed Version: 8.0.1-150400.5.26.1 Fixed Version: 8.0.1-150400.5.62.1 This update for curl fixes the following issues: - CVE-2025-0725: Fixed gzip integer overflow (bsc#1236590) - CVE-2025-0167: Fixed netrc and default credential leak (bsc#1236588)	CVE-2025-0167 CVE-2025-0725 SU-20250370-1 SUSE Bug#1236588 SUSE Bug#1236590 SUSE Security Rating Reference #1
libeconf0	HIGH	fixed	Security update for libeconf Vulnerability ID: SUSE-SU-2023:3954-1 Installed Version: 0.4.6+git20220427.3016f4e-150400.3.3.1 Fixed Version: 0.5.2-150400.3.6.1 This update for libeconf fixes the following issues: Update to version 0.5.2. - CVE-2023-30078, CVE-2023-32181: Fixed a stack-buffer-overflow vulnerability in 'econf_writeFile' function (bsc#1211078). - CVE-2023-30079, CVE-2023-22652: Fixed a stack-buffer-overflow vulnerability in 'read_file' function. (bsc#1211078)	CVE-2023-22652 CVE-2023-30078 CVE-2023-30079 CVE-2023-32181 SU-20233954-1 SUSE Bug#1211078 SUSE Mailing List [sle-security-updates] 2023-October#016487 SUSE Security Rating
libexpat1	HIGH	fixed	Security update for expat Vulnerability ID: SUSE-SU-2024:1129-1 Installed Version: 2.4.4-150400.3.12.1 Fixed Version: 2.4.4-150400.3.17.1 This update for expat fixes the following issues: - CVE-2023-52425: Fixed a DoS caused by processing large tokens. (bsc#1219559) - CVE-2024-28757: Fixed an XML Entity Expansion. (bsc#1221289)	CVE-2023-52425 CVE-2024-28757 SU-20241129-1 SUSE Bug#1219559 SUSE Bug#1221289 SUSE Mailing List [sle-security-updates] 2024-April#018262 SUSE Security Rating