Vulnerability Scan Report for registry.suse.com/bci/golang:1.20-3.4
Go 1.21 development container based on the SLE Base Container Image.
Last scanned on: November 02, 2024 04:41
Go 1.21 development container based on the SLE Base Container Image.
Last scanned on: November 02, 2024 04:41
Package Name | Severity | Status | Description | Reference links | |
---|---|---|---|---|---|
openssh-common | HIGH | fixed |
Security update for openssh Vulnerability ID: SUSE-SU-2023:2945-1 Installed Version: 8.4p1-150300.3.18.2 Fixed Version: 8.4p1-150300.3.22.1 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] |
||
openssh-common | HIGH | fixed |
Security update for openssh Vulnerability ID: SUSE-SU-2023:4902-1 Installed Version: 8.4p1-150300.3.18.2 Fixed Version: 8.4p1-150300.3.27.1 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump |
||
openssh-common | HIGH | fixed |
Security update for openssh Vulnerability ID: SUSE-SU-2024:0596-1 Installed Version: 8.4p1-150300.3.18.2 Fixed Version: 8.4p1-150300.3.30.1 This update for openssh fixes the following issues: - CVE-2023-51385: Limit the use of shell metacharacters in host- and user names to avoid command injection. (bsc#1218215) |
||
openssh-fips | HIGH | fixed |
Security update for openssh Vulnerability ID: SUSE-SU-2023:2945-1 Installed Version: 8.4p1-150300.3.18.2 Fixed Version: 8.4p1-150300.3.22.1 This update for openssh fixes the following issues: - CVE-2023-38408: Fixed a condition where specific libaries loaded via ssh-agent(1)'s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if those libraries were present on the victim's system and if the agent was forwarded to an attacker-controlled system. [bsc#1213504, CVE-2023-38408] - Close the right filedescriptor and also close fdh in read_hmac to avoid file descriptor leaks. [bsc#1209536] - Attempts to mitigate instances of secrets lingering in memory after a session exits. [bsc#1186673, bsc#1213004, bsc#1213008] |
||
openssh-fips | HIGH | fixed |
Security update for openssh Vulnerability ID: SUSE-SU-2023:4902-1 Installed Version: 8.4p1-150300.3.18.2 Fixed Version: 8.4p1-150300.3.27.1 This update for openssh fixes the following issues: - CVE-2023-48795: Fixed prefix truncation breaking ssh channel integrity (bsc#1217950). the following non-security bug was fixed: - Fix the 'no route to host' error when connecting via ProxyJump |