Vulnerability Scan Report for registry.suse.com/bci/bci-init:15.4.29.50

Systemd environment for containers based on the SLE Base Container Image. This container is only supported with podman.

registry.suse.com/bci/bci-init:15.4.29.50

Last scanned on: May 19, 2025 06:51

Package Name	Severity	Status	Description	Reference links
krb5	HIGH	fixed	Security update for krb5 Vulnerability ID: SUSE-SU-2024:1006-1 Installed Version: 1.19.2-150400.3.6.1 Fixed Version: 1.19.2-150400.3.9.1 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771).	CVE-2024-26458 CVE-2024-26461 SU-20241006-1 SUSE Bug#1220770 SUSE Bug#1220771 SUSE Mailing List [sle-security-updates] 2024-March#018224 SUSE Security Rating
krb5	HIGH	fixed	Security update for krb5 Vulnerability ID: SUSE-SU-2024:2322-1 Installed Version: 1.19.2-150400.3.6.1 Fixed Version: 1.19.2-150400.3.12.1 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).	CVE-2024-37370 CVE-2024-37371 SU-20242322-1 SUSE Bug#1227186 SUSE Bug#1227187 SUSE Mailing List [sle-updates] 2024-July#035853 SUSE Security Rating
libapparmor1	MEDIUM	fixed	Security update for apparmor Vulnerability ID: SUSE-SU-2025:1549-1 Installed Version: 3.0.4-150400.5.6.1 Fixed Version: 3.0.4-150400.5.18.1 This update for apparmor fixes the following issues: - Add dac_read_search capability for unix_chkpwd to allow it to read the shadow file even if it has 000 permissions. This is needed after the CVE-2024-10041 fix in PAM. (bsc#1241678)	CVE-2024-10041 SU-20251549-1 SUSE Bug#1241678 SUSE Mailing List [sle-updates] 2025-May#039212 SUSE Security Rating
libapparmor1	UNKNOWN	fixed	Security update for apparmor Vulnerability ID: SUSE-SU-2025:1193-1 Installed Version: 3.0.4-150400.5.6.1 Fixed Version: 3.0.4-150400.5.12.2 This update for apparmor fixes the following issue: - Allow dovecot-auth to execute unix check password from /sbin, not only from /usr/bin (bsc#1234452).	SU-20251193-1 SUSE Bug#1234452 SUSE Mailing List [sle-updates] 2025-April#038955 SUSE Security Rating
libblkid1	HIGH	fixed	Security update for util-linux Vulnerability ID: SUSE-SU-2024:1169-1 Installed Version: 2.37.2-150400.8.20.1 Fixed Version: 2.37.2-150400.8.29.1 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)	CVE-2024-28085 SU-20241169-1 SUSE Bug#1207987 SUSE Bug#1220117 SUSE Bug#1221831 SUSE Mailing List [sle-updates] 2024-April#034905 SUSE Security Rating