Vulnerability Scan Report for registry.suse.com/bci/bci-micro:15.3

A micro environment for containers based on the SLE Base Container Image.

registry.suse.com/bci/bci-micro:15.3

Last scanned on: June 18, 2025 00:11

Package Name	Severity	Status	Description	Reference links
ca-certificates-mozilla-prebuilt	UNKNOWN	fixed	Security update for ca-certificates-mozilla Vulnerability ID: SUSE-SU-2023:3454-1 Installed Version: 2.60-150200.27.1 Fixed Version: 2.62-150200.30.1 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1	SU-20233454-1 SUSE Bug#1214248 SUSE Mailing List [sle-security-updates] 2023-August#016029 SUSE Security Rating
ca-certificates-mozilla-prebuilt	UNKNOWN	fixed	Security update for ca-certificates-mozilla Vulnerability ID: SUSE-SU-2024:2869-1 Installed Version: 2.60-150200.27.1 Fixed Version: 2.68-150200.33.1 This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3	SU-20242869-1 SUSE Bug#1220356 SUSE Bug#1227525 SUSE Mailing List [sle-security-updates] 2024-August#019164 SUSE Security Rating
glibc	HIGH	fixed	Security update for glibc Vulnerability ID: SUSE-SU-2024:1375-1 Installed Version: 2.31-150300.41.1 Fixed Version: 2.31-150300.74.1 This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992)	CVE-2024-2961 SU-20241375-1 SUSE Bug#1222992 SUSE Mailing List [sle-updates] 2024-April#035052 SUSE Security Rating
glibc	HIGH	fixed	Security update for glibc Vulnerability ID: SUSE-SU-2024:1895-1 Installed Version: 2.31-150300.41.1 Fixed Version: 2.31-150300.83.1 This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940)	CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 SU-20241895-1 SUSE Bug#1221940 SUSE Bug#1223423 SUSE Bug#1223424 SUSE Bug#1223425 SUSE Mailing List [sle-security-updates] 2024-June#018639 SUSE Security Rating
glibc	HIGH	fixed	Security update for glibc Vulnerability ID: SUSE-SU-2025:01784-1 Installed Version: 2.31-150300.41.1 Fixed Version: 2.31-150300.95.1 This update for glibc fixes the following issues: Security issues fixed: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Other issues fixed: - Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait` as a consequence of a bug related to stealing of signals (bsc#1234128).	CVE-2025-4802 SU-202501784-1 SUSE Bug#1234128 SUSE Bug#1243317 SUSE Mailing List [sle-updates] 2025-May#039476 SUSE Security Rating

Package Name

Severity

Status

Description

Reference links

ca-certificates-mozilla-prebuilt

UNKNOWN

fixed

Security update for ca-certificates-mozilla

Vulnerability ID: SUSE-SU-2023:3454-1

Installed Version: 2.60-150200.27.1

Fixed Version: 2.62-150200.30.1

This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.62 state of Mozilla SSL root CAs (bsc#1214248) Added: - Atos TrustedRoot Root CA ECC G2 2020 - Atos TrustedRoot Root CA ECC TLS 2021 - Atos TrustedRoot Root CA RSA G2 2020 - Atos TrustedRoot Root CA RSA TLS 2021 - BJCA Global Root CA1 - BJCA Global Root CA2 - LAWtrust Root CA2 (4096) - Sectigo Public Email Protection Root E46 - Sectigo Public Email Protection Root R46 - Sectigo Public Server Authentication Root E46 - Sectigo Public Server Authentication Root R46 - SSL.com Client ECC Root CA 2022 - SSL.com Client RSA Root CA 2022 - SSL.com TLS ECC Root CA 2022 - SSL.com TLS RSA Root CA 2022 Removed CAs: - Chambers of Commerce Root - E-Tugra Certification Authority - E-Tugra Global Root CA ECC v3 - E-Tugra Global Root CA RSA v3 - Hongkong Post Root CA 1

ca-certificates-mozilla-prebuilt

UNKNOWN

fixed

Security update for ca-certificates-mozilla

Vulnerability ID: SUSE-SU-2024:2869-1

Installed Version: 2.60-150200.27.1

Fixed Version: 2.68-150200.33.1

This update for ca-certificates-mozilla fixes the following issues: - Updated to 2.68 state of Mozilla SSL root CAs (bsc#1227525) - Added: FIRMAPROFESIONAL CA ROOT-A WEB - Distrust: GLOBALTRUST 2020 - Updated to 2.66 state of Mozilla SSL root CAs (bsc#1220356) Added: - CommScope Public Trust ECC Root-01 - CommScope Public Trust ECC Root-02 - CommScope Public Trust RSA Root-01 - CommScope Public Trust RSA Root-02 - D-Trust SBR Root CA 1 2022 - D-Trust SBR Root CA 2 2022 - Telekom Security SMIME ECC Root 2021 - Telekom Security SMIME RSA Root 2023 - Telekom Security TLS ECC Root 2020 - Telekom Security TLS RSA Root 2023 - TrustAsia Global Root CA G3 - TrustAsia Global Root CA G4 Removed: - Autoridad de Certificacion Firmaprofesional CIF A62634068 - Chambers of Commerce Root - 2008 - Global Chambersign Root - 2008 - Security Communication Root CA - Symantec Class 1 Public Primary Certification Authority - G6 - Symantec Class 2 Public Primary Certification Authority - G6 - TrustCor ECA-1 - TrustCor RootCert CA-1 - TrustCor RootCert CA-2 - VeriSign Class 1 Public Primary Certification Authority - G3 - VeriSign Class 2 Public Primary Certification Authority - G3

glibc

HIGH

fixed

Security update for glibc

Vulnerability ID: SUSE-SU-2024:1375-1

Installed Version: 2.31-150300.41.1

Fixed Version: 2.31-150300.74.1

This update for glibc fixes the following issues: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961, bsc#1222992)

glibc

HIGH

fixed

Security update for glibc

Vulnerability ID: SUSE-SU-2024:1895-1

Installed Version: 2.31-150300.41.1

Fixed Version: 2.31-150300.83.1

This update for glibc fixes the following issues: - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) - CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424) - CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - Avoid creating userspace live patching prologue for _start routine (bsc#1221940)

glibc

HIGH

fixed

Security update for glibc

Vulnerability ID: SUSE-SU-2025:01784-1

Installed Version: 2.31-150300.41.1

Fixed Version: 2.31-150300.95.1

This update for glibc fixes the following issues: Security issues fixed: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). Other issues fixed: - Multi-threaded application hang due to deadlock when `pthread_cond_signal` fails to wake up `pthread_cond_wait` as a consequence of a bug related to stealing of signals (bsc#1234128).