Tech Preview

Vulnerability Scan Report for registry.suse.com/bci/dotnet-sdk:3.1.23-22.5

The .Net 7.0 SDK based on the SLE Base Container Image. The .NET packages contained in this image come from a 3rd-party repository http://packages.microsoft.com. You can find the respective source code in https://github.com/dotnet. SUSE doesn't provide any support or warranties.

registry.suse.com/bci/dotnet-sdk:3.1.23-22.5

Last scanned on: July 01, 2025 09:52

Package Name	Severity	Status	Description	Reference links
suse-build-key	UNKNOWN	fixed	Security update for suse-build-key Vulnerability ID: SUSE-SU-2024:0444-1 Installed Version: 12.0-8.16.1 Fixed Version: 12.0-150000.8.40.1 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123	SU-20240444-1 SUSE Bug#1219123 SUSE Bug#1219189 SUSE Mailing List [sle-security-updates] 2024-February#017898 SUSE Security Rating
terminfo-base	MEDIUM	fixed	Security update for ncurses Vulnerability ID: SUSE-SU-2022:2717-1 Installed Version: 6.1-5.9.1 Fixed Version: 6.1-150000.5.12.1 This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).	CVE-2022-29458 SU-20222717-1 SUSE Bug#1198627 SUSE Mailing List [sle-updates] 2022-August#024348 SUSE Security Rating
terminfo-base	MEDIUM	fixed	Security update for ncurses Vulnerability ID: SUSE-SU-2023:2111-1 Installed Version: 6.1-5.9.1 Fixed Version: 6.1-150000.5.15.1 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).	CVE-2023-29491 SU-20232111-1 SUSE Bug#1210434 SUSE Mailing List [sle-security-updates] 2023-May#014766 SUSE Security Rating
update-alternatives	LOW	fixed	Security update for dpkg Vulnerability ID: SUSE-SU-2022:4081-1 Installed Version: 1.19.0.4-4.3.1 Fixed Version: 1.19.0.4-150000.4.4.1 This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).	CVE-2022-1664 SU-20224081-1 SUSE Bug#1199944 SUSE Mailing List [sle-security-updates] 2022-November#012992 SUSE Security Rating
util-linux	HIGH	fixed	Security update for util-linux Vulnerability ID: SUSE-SU-2024:1170-1 Installed Version: 2.36.2-150300.4.14.3 Fixed Version: 2.36.2-150300.4.41.1 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)	CVE-2024-28085 SU-20241170-1 SUSE Bug#1194038 SUSE Bug#1207987 SUSE Bug#1221831 SUSE Mailing List [sle-updates] 2024-April#034904 SUSE Security Rating

Package Name

Severity

Status

Description

Reference links

suse-build-key

UNKNOWN

fixed

Security update for suse-build-key

Vulnerability ID: SUSE-SU-2024:0444-1

Installed Version: 12.0-8.16.1

Fixed Version: 12.0-150000.8.40.1

This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123

terminfo-base

MEDIUM

fixed

Security update for ncurses

Vulnerability ID: SUSE-SU-2022:2717-1

Installed Version: 6.1-5.9.1

Fixed Version: 6.1-150000.5.12.1

This update for ncurses fixes the following issues: - CVE-2022-29458: Fixed segfaulting out-of-bounds read in convert_strings in tinfo/read_entry.c (bsc#1198627).

terminfo-base

MEDIUM

fixed

Security update for ncurses

Vulnerability ID: SUSE-SU-2023:2111-1

Installed Version: 6.1-5.9.1

Fixed Version: 6.1-150000.5.15.1

This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434).

update-alternatives

LOW

fixed

Security update for dpkg

Vulnerability ID: SUSE-SU-2022:4081-1

Installed Version: 1.19.0.4-4.3.1

Fixed Version: 1.19.0.4-150000.4.4.1

This update for dpkg fixes the following issues: - CVE-2022-1664: Fixed a directory traversal vulnerability in Dpkg::Source::Archive (bsc#1199944).

util-linux

HIGH

fixed

Security update for util-linux

Vulnerability ID: SUSE-SU-2024:1170-1

Installed Version: 2.36.2-150300.4.14.3

Fixed Version: 2.36.2-150300.4.41.1

This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831)