Vulnerability Scan Report for registry.suse.com/suse/sle15:15.2.9.5.326
Image containing a minimal environment for containers based on SUSE Linux Enterprise Server 15 SP2.
Last scanned on: July 23, 2024 10:41
![](/assets/images/containers-7e1f6ccbb2a74b9ca8542ef74aad5cfeb395762b.webp)
Image containing a minimal environment for containers based on SUSE Linux Enterprise Server 15 SP2.
Last scanned on: July 23, 2024 10:41
Package Name | Severity | Status | Description | Reference links | |
---|---|---|---|---|---|
container-suseconnect | UNKNOWN | fixed |
Security update for container-suseconnect Vulnerability ID: SUSE-SU-2023:4511-1 Installed Version: 2.4.0-150000.4.34.1 Fixed Version: 2.4.0-150000.4.44.1 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). |
||
container-suseconnect | UNKNOWN | fixed |
Security update for container-suseconnect Vulnerability ID: SUSE-SU-2023:4807-1 Installed Version: 2.4.0-150000.4.34.1 Fixed Version: 2.4.0-150000.4.46.1 This update of container-suseconnect fixes the following issues: - rebuild the package with the go 1.21 security release (bsc#1212475). |
||
cpio | LOW | fixed |
Security update for cpio Vulnerability ID: SUSE-SU-2024:0824-1 Installed Version: 2.12-3.9.1 Fixed Version: 2.12-150000.3.12.1 This update for cpio fixes the following issues: - CVE-2023-7207: Fixed path traversal vulnerability (bsc#1218571, bsc#1219238) |
||
glibc | HIGH | fixed |
Security update for glibc Vulnerability ID: SUSE-SU-2024:1977-1 Installed Version: 2.26-13.65.1 Fixed Version: 2.26-150000.13.73.1 This update for glibc fixes the following issues: - nscd: Release read lock after resetting timeout - nscd: Fix use-after-free in addgetnetgrentX (BZ #23520) - CVE-2024-33599; nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423, BZ #31677) - CVE-2024-33600; nscd: Avoid null pointer crashes after notfound response (bsc#1223424, BZ #31678) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424, BZ #31678) - CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425, BZ #31680) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) |
||
glibc | MEDIUM | fixed |
Security update for glibc Vulnerability ID: SUSE-SU-2023:4047-1 Installed Version: 2.26-13.65.1 Fixed Version: 2.26-150000.13.70.1 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Other changes: - Added GB18030-2022 charmap (jsc#PED-4908, BZ #30243) - Run vismain only if linker supports protected data symbol (bsc#1215505) |