Vulnerability Scan Report for registry.suse.com/bci/golang:1.20-2.16
Go 1.21 development container based on the SLE Base Container Image.
Last scanned on: December 12, 2024 23:22
Go 1.21 development container based on the SLE Base Container Image.
Last scanned on: December 12, 2024 23:22
Package Name | Severity | Status | Description | Reference links | |
---|---|---|---|---|---|
go1.20 | MEDIUM | fixed |
Security update for go1.20 Vulnerability ID: SUSE-SU-2023:2846-1 Installed Version: 1.20.2-150000.1.5.1 Fixed Version: 1.20.6-150000.1.17.1 This update for go1.20 fixes the following issues: go was updated to version 1.20.6 (bsc#1206346): - CVE-2023-29406: Fixed insufficient sanitization of Host header in net/http (bsc#1213229). |
||
go1.20 | MEDIUM | fixed |
Security update for go1.20 Vulnerability ID: SUSE-SU-2023:4470-1 Installed Version: 1.20.2-150000.1.5.1 Fixed Version: 1.20.11-150000.1.32.1 This update for go1.20 fixes the following issues: go1.20.11 (released 2023-11-07) includes security fixes to the path/filepath package, as well as bug fixes to the linker and the net/http package. * security: fix CVE-2023-45283 CVE-2023-45284 path/filepath: insecure parsing of Windows paths (bsc#1216943, bsc#1216944) * cmd/link: split text sections for arm 32-bit * net/http: http2 page fails on firefox/safari if pushing resources |
||
krb5 | HIGH | fixed |
Security update for krb5 Vulnerability ID: SUSE-SU-2023:3363-1 Installed Version: 1.19.2-150400.3.3.1 Fixed Version: 1.19.2-150400.3.6.1 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) |
||
krb5 | HIGH | fixed |
Security update for krb5 Vulnerability ID: SUSE-SU-2024:1006-1 Installed Version: 1.19.2-150400.3.3.1 Fixed Version: 1.19.2-150400.3.9.1 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). |
||
krb5 | HIGH | fixed |
Security update for krb5 Vulnerability ID: SUSE-SU-2024:2322-1 Installed Version: 1.19.2-150400.3.3.1 Fixed Version: 1.19.2-150400.3.12.1 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). |