Vulnerability Scan Report for registry.suse.com/bci/golang:1.20-2.16

Go 1.21 development container based on the SLE Base Container Image.

registry.suse.com/bci/golang:1.20-2.16

Last scanned on: June 04, 2025 14:11

Package Name	Severity	Status	Description	Reference links
openssh-fips	MEDIUM	fixed	Security update for openssh Vulnerability ID: SUSE-SU-2025:1576-1 Installed Version: 8.4p1-150300.3.15.4 Fixed Version: 8.4p1-150300.3.49.1 This update for openssh fixes the following issues: - Security issues fixed: * CVE-2025-32728: Fixed a logic error in DisableForwarding option (bsc#1241012) - Other bugs fixed: * Allow KEX hashes greater than 256 bits (bsc#1241045) * Fixed hostname being left out of the audit output (bsc#1228634) * Fixed failures with very large MOTDs (bsc#1232533)	CVE-2025-32728 SU-20251576-1 SUSE Bug#1228634 SUSE Bug#1232533 SUSE Bug#1241012 SUSE Bug#1241045 SUSE Mailing List [sle-updates] 2025-May#039241 SUSE Security Rating
openssl-1_1	HIGH	fixed	Security update for openssl-1_1 Vulnerability ID: SUSE-SU-2024:2089-1 Installed Version: 1.1.1l-150400.7.28.1 Fixed Version: 1.1.1l-150400.7.69.1 This update for openssl-1_1 fixes the following issues: - CVE-2024-4741: Fixed a use-after-free with SSL_free_buffers. (bsc#1225551)	CVE-2024-4741 SU-20242089-1 SUSE Bug#1225551 SUSE Mailing List [sle-updates] 2024-June#035647 SUSE Security Rating
openssl-1_1	MEDIUM	fixed	Security update for openssl-1_1 Vulnerability ID: SUSE-SU-2023:1745-1 Installed Version: 1.1.1l-150400.7.28.1 Fixed Version: 1.1.1l-150400.7.31.2 This update for openssl-1_1 fixes the following issues: - CVE-2023-0464: Fixed excessive Resource Usage Verifying X.509 Policy Constraints (bsc#1209624).	CVE-2023-0464 SU-20231745-1 SUSE Bug#1209624 SUSE Mailing List [sle-updates] 2023-April#028609 SUSE Security Rating
openssl-1_1	MEDIUM	fixed	Security update for openssl-1_1 Vulnerability ID: SUSE-SU-2023:1911-1 Installed Version: 1.1.1l-150400.7.28.1 Fixed Version: 1.1.1l-150400.7.34.1 This update for openssl-1_1 fixes the following issues: - CVE-2023-0465: Invalid certificate policies in leaf certificates were silently ignored (bsc#1209878). - CVE-2023-0466: Certificate policy check were not enabled (bsc#1209873).	CVE-2023-0465 CVE-2023-0466 SU-20231911-1 SUSE Bug#1209873 SUSE Bug#1209878 SUSE Mailing List [sle-security-updates] 2023-April#014498 SUSE Security Rating
openssl-1_1	MEDIUM	fixed	Security update for openssl-1_1 Vulnerability ID: SUSE-SU-2023:2342-1 Installed Version: 1.1.1l-150400.7.28.1 Fixed Version: 1.1.1l-150400.7.37.1 This update for openssl-1_1 fixes the following issues: - CVE-2023-2650: Fixed possible denial of service translating ASN.1 object identifiers (bsc#1211430).	CVE-2023-2650 SU-20232342-1 SUSE Bug#1211430 SUSE Mailing List [sle-updates] 2023-June#029660 SUSE Security Rating