Vulnerability Scan Report for registry.suse.com/bci/golang:1.18-19.18

Go 1.21 development container based on the SLE Base Container Image.

registry.suse.com/bci/golang:1.18-19.18

Last scanned on: June 23, 2025 15:23

Package Name	Severity	Status	Description	Reference links
openssh-fips	MEDIUM	fixed	Security update for openssh Vulnerability ID: SUSE-SU-2025:1576-1 Installed Version: 8.4p1-150300.3.15.4 Fixed Version: 8.4p1-150300.3.49.1 This update for openssh fixes the following issues: - Security issues fixed: * CVE-2025-32728: Fixed a logic error in DisableForwarding option (bsc#1241012) - Other bugs fixed: * Allow KEX hashes greater than 256 bits (bsc#1241045) * Fixed hostname being left out of the audit output (bsc#1228634) * Fixed failures with very large MOTDs (bsc#1232533)	CVE-2025-32728 SU-20251576-1 SUSE Bug#1228634 SUSE Bug#1232533 SUSE Bug#1241012 SUSE Bug#1241045 SUSE Mailing List [sle-updates] 2025-May#039241 SUSE Security Rating
openssl-1_1	HIGH	fixed	Security update for openssl-1_1 Vulnerability ID: SUSE-SU-2023:0311-1 Installed Version: 1.1.1l-150400.7.16.1 Fixed Version: 1.1.1l-150400.7.22.1 This update for openssl-1_1 fixes the following issues: - CVE-2023-0286: Fixed X.400 address type confusion in X.509 GENERAL_NAME_cmp for x400Address (bsc#1207533). - CVE-2023-0215: Fixed use-after-free following BIO_new_NDEF() (bsc#1207536). - CVE-2022-4450: Fixed double free after calling PEM_read_bio_ex() (bsc#1207538). - CVE-2022-4304: Fixed timing Oracle in RSA Decryption (bsc#1207534).	CVE-2022-4304 CVE-2022-4450 CVE-2023-0215 CVE-2023-0286 SU-20230311-1 SUSE Bug#1207533 SUSE Bug#1207534 SUSE Bug#1207536 SUSE Bug#1207538 SUSE Mailing List [sle-security-updates] 2023-February#013658 SUSE Security Rating
openssl-1_1	HIGH	fixed	Security update for openssl-1_1 Vulnerability ID: SUSE-SU-2024:2089-1 Installed Version: 1.1.1l-150400.7.16.1 Fixed Version: 1.1.1l-150400.7.69.1 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)	CVE-2024-4741 SU-20242089-1 SUSE Bug#1225551 SUSE Mailing List [sle-updates] 2024-June#035647 SUSE Security Rating
openssl-1_1	MEDIUM	fixed	Security update for openssl-1_1 Vulnerability ID: SUSE-SU-2023:1745-1 Installed Version: 1.1.1l-150400.7.16.1 Fixed Version: 1.1.1l-150400.7.31.2 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).	CVE-2023-0464 SU-20231745-1 SUSE Bug#1209624 SUSE Mailing List [sle-updates] 2023-April#028609 SUSE Security Rating
openssl-1_1	MEDIUM	fixed	Security update for openssl-1_1 Vulnerability ID: SUSE-SU-2023:1911-1 Installed Version: 1.1.1l-150400.7.16.1 Fixed Version: 1.1.1l-150400.7.34.1 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).	CVE-2023-0465 CVE-2023-0466 SU-20231911-1 SUSE Bug#1209873 SUSE Bug#1209878 SUSE Mailing List [sle-security-updates] 2023-April#014498 SUSE Security Rating