Vulnerability Scan Report for registry.suse.com/suse/sle15:15.2.9.5.326
Image containing a minimal environment for containers based on SUSE Linux Enterprise Server 15 SP2.
Last scanned on: July 23, 2024 10:41
![](/assets/images/containers-7e1f6ccbb2a74b9ca8542ef74aad5cfeb395762b.webp)
Image containing a minimal environment for containers based on SUSE Linux Enterprise Server 15 SP2.
Last scanned on: July 23, 2024 10:41
Package Name | Severity | Status | Description | Reference links | |
---|---|---|---|---|---|
pam | MEDIUM | fixed |
Security update for pam Vulnerability ID: SUSE-SU-2024:0136-1 Installed Version: 1.3.0-150000.6.61.1 Fixed Version: 1.3.0-150000.6.66.1 This update for pam fixes the following issues: - CVE-2024-22365: Fixed a local denial of service during PAM login due to a missing check during path manipulation (bsc#1218475). - Check localtime_r() return value to fix crashing (bsc#1217000) |
||
perl-base | HIGH | fixed |
Security update for perl Vulnerability ID: SUSE-SU-2024:1630-1 Installed Version: 5.26.1-150000.7.15.1 Fixed Version: 5.26.1-150000.7.18.1 This update for perl fixes the following issues: Security issues fixed: - CVE-2018-6913: Fixed space calculation issues in pp_pack.c (bsc#1082216) - CVE-2018-6798: Fixed heap buffer overflow in regexec.c (bsc#1082233) - CVE-2023-31484: Enabled TLS certificate verification in CPAN (bsc#1210999) - CVE-2017-6512: Fixed File::Path rmtree/remove_tree race condition (bsc#1047178) |
||
shadow | LOW | fixed |
Security update for shadow Vulnerability ID: SUSE-SU-2023:4025-1 Installed Version: 4.6-150100.3.8.1 Fixed Version: 4.6-150100.3.11.1 This update for shadow fixes the following issues: - CVE-2023-4641: Fixed potential password leak (bsc#1214806). |
||
suse-build-key | UNKNOWN | fixed |
Security update for suse-build-key Vulnerability ID: SUSE-SU-2023:4672-1 Installed Version: 12.0-150000.8.31.1 Fixed Version: 12.0-150000.8.37.1 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc |
||
suse-build-key | UNKNOWN | fixed |
Security update for suse-build-key Vulnerability ID: SUSE-SU-2024:0444-1 Installed Version: 12.0-150000.8.31.1 Fixed Version: 12.0-150000.8.40.1 This update for suse-build-key fixes the following issues: This update runs a import-suse-build-key script. The previous libzypp-post-script based installation is replaced with a systemd timer and service (bsc#1217215 bsc#1216410 jsc#PED-2777). - suse-build-key-import.service - suse-build-key-import.timer It imports the future SUSE Linux Enterprise 15 4096 bit RSA key primary and reserve keys. After successful import the timer is disabled. To manually import them you can also run: # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-3fa1d6ce-63c9481c.asc # rpm --import /usr/lib/rpm/gnupg/keys/gpg-pubkey-d588dc46-63c939db.asc Bugfix added since last update: - run rpm commands in import script only when libzypp is not active. bsc#1219189 bsc#1219123 |