Vulnerability Scan Report for registry.suse.com/bci/golang:1.20-2.23
Go 1.21 development container based on the SLE Base Container Image.
Last scanned on: December 10, 2024 01:43
Go 1.21 development container based on the SLE Base Container Image.
Last scanned on: December 10, 2024 01:43
Package Name | Severity | Status | Description | Reference links | |
---|---|---|---|---|---|
login_defs | MEDIUM | fixed |
Security update for shadow Vulnerability ID: SUSE-SU-2024:2658-1 Installed Version: 4.8.1-150400.10.3.1 Fixed Version: 4.8.1-150400.10.18.1 This update for shadow fixes the following issues: - CVE-2013-4235: Fixed a race condition when copying and removing directory trees (bsc#916845). |
||
login_defs | LOW | fixed |
Security update for shadow Vulnerability ID: SUSE-SU-2023:4024-1 Installed Version: 4.8.1-150400.10.3.1 Fixed Version: 4.8.1-150400.10.12.1 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). |
||
ncurses-utils | MEDIUM | fixed |
Security update for ncurses Vulnerability ID: SUSE-SU-2023:2111-1 Installed Version: 6.1-150000.5.12.1 Fixed Version: 6.1-150000.5.15.1 This update for ncurses fixes the following issues: - CVE-2023-29491: Fixed memory corruption issues when processing malformed terminfo data (bsc#1210434). |
||
ncurses-utils | MEDIUM | fixed |
Security update for ncurses Vulnerability ID: SUSE-SU-2023:4891-1 Installed Version: 6.1-150000.5.12.1 Fixed Version: 6.1-150000.5.20.1 This update for ncurses fixes the following issues: - CVE-2023-50495: Fixed a segmentation fault via _nc_wrap_entry() (bsc#1218014) - Modify reset command to avoid altering clocal if the terminal uses a modem (bsc#1201384) |
||
openssh-clients | HIGH | fixed |
Security update for openssh Vulnerability ID: SUSE-SU-2023:2945-1 Installed Version: 8.4p1-150300.3.15.4 Fixed Version: 8.4p1-150300.3.22.1 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] |