Vulnerability Scan Report for registry.suse.com/suse/postgres:14-24.27
PostgreSQL 15 container based on the SLE Base Container Image.
registry.suse.com/suse/postgres:14-24.27
Last scanned on: July 01, 2025 01:01
PostgreSQL 15 container based on the SLE Base Container Image.
Last scanned on: July 01, 2025 01:01
| Package Name | Severity | Status | Description | Reference links | |
|---|---|---|---|---|---|
| libpq5 | MEDIUM | fixed |
Security update for postgresql17 Vulnerability ID: SUSE-SU-2025:01783-1 Installed Version: 16.1-150200.5.7.1 Fixed Version: 17.5-150200.5.13.1 This update for postgresql17 fixes the following issues: Upgrade to 17.5: - CVE-2025-4207: Fixed PostgreSQL GB18030 encoding validation can read one byte past end of allocation for text that fails validation (bsc#1242931) Changelog: https://www.postgresql.org/docs/release/17.5/ |
||
| libsmartcols1 | HIGH | fixed |
Security update for util-linux Vulnerability ID: SUSE-SU-2024:1169-1 Installed Version: 2.37.2-150400.8.20.1 Fixed Version: 2.37.2-150400.8.29.1 This update for util-linux fixes the following issues: - CVE-2024-28085: Properly neutralize escape sequences in wall. (bsc#1221831) |
||
| libsqlite3-0 | HIGH | fixed |
Security update for sqlite3 Vulnerability ID: SUSE-SU-2025:01456-2 Installed Version: 3.44.0-150000.3.23.1 Fixed Version: 3.49.1-150000.3.27.1 This update for sqlite3 fixes the following issues: - CVE-2025-29087,CVE-2025-3277: Fixed integer overflow in sqlite concat function (bsc#1241020) - CVE-2025-29088: Fixed integer overflow through the SQLITE_DBCONFIG_LOOKASIDE component (bsc#1241078) Other fixes: - Updated to version 3.49.1 from Factory (jsc#SLE-16032) |
||
| libssh-config | HIGH | fixed |
Security update for libssh Vulnerability ID: SUSE-SU-2024:0140-1 Installed Version: 0.9.6-150400.1.5 Fixed Version: 0.9.8-150400.3.3.1 This update for libssh fixes the following issues: Security fixes: - CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209) - CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126) - CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186) - CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188) - CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) Other fixes: - Update to version 0.9.8 - Allow @ in usernames when parsing from URI composes - Update to version 0.9.7 - Fix several memory leaks in GSSAPI handling code |
||
| libssh4 | HIGH | fixed |
Security update for libssh Vulnerability ID: SUSE-SU-2024:0140-1 Installed Version: 0.9.6-150400.1.5 Fixed Version: 0.9.8-150400.3.3.1 This update for libssh fixes the following issues: Security fixes: - CVE-2023-6004: Fixed command injection using proxycommand (bsc#1218209) - CVE-2023-48795: Fixed potential downgrade attack using strict kex (bsc#1218126) - CVE-2023-6918: Fixed missing checks for return values of MD functions (bsc#1218186) - CVE-2023-1667: Fixed NULL dereference during rekeying with algorithm guessing (bsc#1211188) - CVE-2023-2283: Fixed possible authorization bypass in pki_verify_data_signature under low-memory conditions (bsc#1211190) Other fixes: - Update to version 0.9.8 - Allow @ in usernames when parsing from URI composes - Update to version 0.9.7 - Fix several memory leaks in GSSAPI handling code |
||