Vulnerability Scan Report for registry.suse.com/bci/golang:1.20-2.16

Go 1.21 development container based on the SLE Base Container Image.

registry.suse.com/bci/golang:1.20-2.16

Last scanned on: July 03, 2025 15:31

Package Name	Severity	Status	Description	Reference links
krb5	HIGH	fixed	Security update for krb5 Vulnerability ID: SUSE-SU-2024:2322-1 Installed Version: 1.19.2-150400.3.3.1 Fixed Version: 1.19.2-150400.3.12.1 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187).	CVE-2024-37370 CVE-2024-37371 SU-20242322-1 SUSE Bug#1227186 SUSE Bug#1227187 SUSE Mailing List [sle-updates] 2024-July#035853 SUSE Security Rating
less	HIGH	fixed	Security update for less Vulnerability ID: SUSE-SU-2024:1192-1 Installed Version: 590-150400.3.3.1 Fixed Version: 590-150400.3.6.2 This update for less fixes the following issues: - CVE-2022-48624: Fixed LESSCLOSE handling in less that does not quote shell metacharacters (bsc#1219901).	CVE-2022-48624 SU-20241192-1 SUSE Bug#1219901 SUSE Mailing List [sle-updates] 2024-April#034922 SUSE Security Rating
less	HIGH	fixed	Security update for less Vulnerability ID: SUSE-SU-2024:1598-1 Installed Version: 590-150400.3.3.1 Fixed Version: 590-150400.3.9.1 This update for less fixes the following issues: - CVE-2024-32487: Fixed mishandling of \n character in paths when LESSOPEN is set leads to OS command execution. (bsc#1222849)	CVE-2024-32487 SU-20241598-1 SUSE Bug#1222849 SUSE Mailing List [sle-updates] 2024-May#035227 SUSE Security Rating
libasan4	HIGH	fixed	Security update for gcc7 Vulnerability ID: SUSE-SU-2023:3686-1 Installed Version: 7.5.0+r278197-4.30.1 Fixed Version: 7.5.0+r278197-150000.4.35.1 This update for gcc7 fixes the following issues: Security issue fixed: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052). Other fixes: - Fixed KASAN kernel compile. [bsc#1205145] - Fixed ICE with C++17 code as reported in [bsc#1204505] - Fixed altivec.h redefining bool in C++ which makes bool unusable (bsc#1195517): - Adjust gnats idea of the target, fixing the build of gprbuild. [bsc#1196861]	CVE-2023-4039 SU-20233686-1 SUSE Bug#1195517 SUSE Bug#1196861 SUSE Bug#1204505 SUSE Bug#1205145 SUSE Bug#1214052 SUSE Mailing List [sle-security-updates] 2023-September#016210 SUSE Security Rating
libatomic1	HIGH	fixed	Security update for gcc12 Vulnerability ID: SUSE-SU-2023:3661-1 Installed Version: 12.2.1+git416-150000.1.7.1 Fixed Version: 12.3.0+git1204-150000.1.16.1 This update for gcc12 fixes the following issues: - CVE-2023-4039: Fixed incorrect stack protector for C99 VLAs on Aarch64 (bsc#1214052).	CVE-2023-4039 SU-20233661-1 SUSE Bug#1214052 SUSE Mailing List [sle-security-updates] 2024-February#018046 SUSE Security Rating