Vulnerability Scan Report for registry.suse.com/bci/golang:1.18-19.12

Go 1.21 development container based on the SLE Base Container Image.

registry.suse.com/bci/golang:1.18-19.12

Last scanned on: June 05, 2025 17:04

Package Name	Severity	Status	Description	Reference links
openssh-fips	HIGH	fixed	Security update for openssh Vulnerability ID: SUSE-SU-2023:4902-1 Installed Version: 8.4p1-150300.3.15.4 Fixed Version: 8.4p1-150300.3.27.1 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump	CVE-2023-48795 SU-20234902-1 SUSE Bug#1214788 SUSE Bug#1217950 SUSE Mailing List [sle-security-updates] 2023-December#017494 SUSE Security Rating
openssh-fips	HIGH	fixed	Security update for openssh Vulnerability ID: SUSE-SU-2024:0596-1 Installed Version: 8.4p1-150300.3.15.4 Fixed Version: 8.4p1-150300.3.30.1 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215)	CVE-2023-51385 SU-20240596-1 SUSE Bug#1218215 SUSE Mailing List [sle-security-updates] 2024-February#017998 SUSE Security Rating
openssh-fips	MEDIUM	fixed	Security update for openssh Vulnerability ID: SUSE-SU-2025:0605-1 Installed Version: 8.4p1-150300.3.15.4 Fixed Version: 8.4p1-150300.3.42.1 This update for openssh fixes the following issues: - CVE-2025-26465: Fixed MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client (bsc#1237040).	CVE-2025-26465 SU-20250605-1 SUSE Bug#1237040 SUSE Mailing List [sle-security-updates] 2025-February#020381 SUSE Security Rating
openssh-fips	MEDIUM	fixed	Security update for openssh Vulnerability ID: SUSE-SU-2025:1576-1 Installed Version: 8.4p1-150300.3.15.4 Fixed Version: 8.4p1-150300.3.49.1 This update for openssh fixes the following issues: - Security issues fixed: * CVE-2025-32728: Fixed a logic error in DisableForwarding option (bsc#1241012) - Other bugs fixed: * Allow KEX hashes greater than 256 bits (bsc#1241045) * Fixed hostname being left out of the audit output (bsc#1228634) * Fixed failures with very large MOTDs (bsc#1232533)	CVE-2025-32728 SU-20251576-1 SUSE Bug#1228634 SUSE Bug#1232533 SUSE Bug#1241012 SUSE Bug#1241045 SUSE Mailing List [sle-updates] 2025-May#039241 SUSE Security Rating
openssl-1_1	HIGH	fixed	Security update for openssl-1_1 Vulnerability ID: SUSE-SU-2023:0311-1 Installed Version: 1.1.1l-150400.7.16.1 Fixed Version: 1.1.1l-150400.7.22.1 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).	CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 SU-20230311-1 SUSE Bug#1207533 SUSE Bug#1207534 SUSE Bug#1207536 SUSE Bug#1207538 SUSE Mailing List [sle-security-updates] 2023-February#013658 SUSE Security Rating