Vulnerability Scan Report for registry.suse.com/bci/bci-micro:15.4.18.2

A micro environment for containers based on the SLE Base Container Image.

registry.suse.com/bci/bci-micro:15.4.18.2

Last scanned on: March 03, 2025 02:30

Package Name	Severity	Status	Description	Reference links
glibc	MEDIUM	fixed	Security update for glibc Vulnerability ID: SUSE-SU-2023:4110-1 Installed Version: 2.31-150300.41.1 Fixed Version: 2.31-150300.63.1 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Also a regression from a previous update was fixed: - elf: Align argument of __munmap to page size (bsc#1215891, BZ #28676)	CVE-2023-4813 SU-20234110-1 SUSE Bug#1215286 SUSE Bug#1215891 SUSE Mailing List [sle-security-updates] 2023-October#016723 SUSE Security Rating
glibc	LOW	fixed	Security update for glibc Vulnerability ID: SUSE-SU-2025:0562-1 Installed Version: 2.31-150300.41.1 Fixed Version: 2.31-150300.92.1 This update for glibc fixes the following issues: - CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282)	CVE-2025-0395 SU-20250562-1 SUSE Bug#1236282 SUSE Mailing List [sle-security-updates] 2025-February#020358 SUSE Security Rating
glibc	UNKNOWN	fixed	Security update for glibc Vulnerability ID: SUSE-SU-2024:0870-1 Installed Version: 2.31-150300.41.1 Fixed Version: 2.31-150300.68.1 This update for glibc fixes the following issues: Security issues fixed: - qsort: harden handling of degenerated / non transient compare function (bsc#1218866) Other issues fixed: - getaddrinfo: translate ENOMEM to EAI_MEMORY (bsc#1217589, BZ #31163) - aarch64: correct CFI in rawmemchr (bsc#1217445, BZ #31113)	SU-20240870-1 SUSE Bug#1217445 SUSE Bug#1217589 SUSE Bug#1218866 SUSE Mailing List [sle-security-updates] 2024-March#018164 SUSE Security Rating
libcap2	MEDIUM	fixed	Security update for libcap Vulnerability ID: SUSE-SU-2023:2765-1 Installed Version: 2.63-150400.1.7 Fixed Version: 2.63-150400.3.3.1 This update for libcap fixes the following issues: - CVE-2023-2602: Fixed improper memory release in libcap/psx/psx.c:__wrap_pthread_create() (bsc#1211418). - CVE-2023-2603: Fixed an integer overflow or wraparound in libcap/cap_alloc.c:_libcap_strdup() (bsc#1211419).	CVE-2023-2602 CVE-2023-2603 SU-20232765-1 SUSE Bug#1211418 SUSE Bug#1211419 SUSE Mailing List [sle-security-updates] 2023-July#015408 SUSE Security Rating
libgcc_s1	HIGH	fixed	Security update for gcc12 Vulnerability ID: SUSE-SU-2023:3661-1 Installed Version: 12.2.1+git416-150000.1.7.1 Fixed Version: 12.3.0+git1204-150000.1.16.1 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).	CVE-2023-4039 SU-20233661-1 SUSE Bug#1214052 SUSE Mailing List [sle-security-updates] 2024-February#018046 SUSE Security Rating