Vulnerability Scan Report for registry.suse.com/suse/sle15:15.2.9.5.326
Image containing a minimal environment for containers based on SUSE Linux Enterprise Server 15 SP2.
Last scanned on: February 14, 2025 05:44

Image containing a minimal environment for containers based on SUSE Linux Enterprise Server 15 SP2.
Last scanned on: February 14, 2025 05:44
Package Name | Severity | Status | Description | Reference links | |
---|---|---|---|---|---|
glibc | HIGH | fixed |
Security update for glibc Vulnerability ID: SUSE-SU-2024:1977-1 Installed Version: 2.26-13.65.1 Fixed Version: 2.26-150000.13.73.1 This update for glibc fixes the following issues: - nscd: Release read lock after resetting timeout - nscd: Fix use-after-free in addgetnetgrentX (BZ #23520) - CVE-2024-33599; nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423, BZ #31677) - CVE-2024-33600; nscd: Avoid null pointer crashes after notfound response (bsc#1223424, BZ #31678) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424, BZ #31678) - CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425, BZ #31680) - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) |
||
glibc | MEDIUM | fixed |
Security update for glibc Vulnerability ID: SUSE-SU-2023:4047-1 Installed Version: 2.26-13.65.1 Fixed Version: 2.26-150000.13.70.1 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-4813: Fixed a potential use-after-free in gaih_inet() (bsc#1215286, BZ #28931) Other changes: - Added GB18030-2022 charmap (jsc#PED-4908, BZ #30243) - Run vismain only if linker supports protected data symbol (bsc#1215505) |
||
krb5 | HIGH | fixed |
Security update for krb5 Vulnerability ID: SUSE-SU-2023:3434-1 Installed Version: 1.16.3-150100.3.27.1 Fixed Version: 1.16.3-150100.3.30.1 This update for krb5 fixes the following issues: - CVE-2023-36054: Fixed a DoS that could be triggered by an authenticated remote user. (bsc#1214054) |
||
krb5 | HIGH | fixed |
Security update for krb5 Vulnerability ID: SUSE-SU-2024:0999-1 Installed Version: 1.16.3-150100.3.27.1 Fixed Version: 1.16.3-150100.3.33.1 This update for krb5 fixes the following issues: - CVE-2024-26458: Fixed memory leak at /krb5/src/lib/rpc/pmap_rmt.c (bsc#1220770). - CVE-2024-26461: Fixed memory leak at /krb5/src/lib/gssapi/krb5/k5sealv3.c (bsc#1220771). |
||
krb5 | HIGH | fixed |
Security update for krb5 Vulnerability ID: SUSE-SU-2024:2305-1 Installed Version: 1.16.3-150100.3.27.1 Fixed Version: 1.16.3-150100.3.36.1 This update for krb5 fixes the following issues: - CVE-2024-37370: Fixed confidential GSS krb5 wrap tokens with invalid fields were errouneously accepted (bsc#1227186). - CVE-2024-37371: Fixed invalid memory read when processing message tokens with invalid length fields (bsc#1227187). |