Our Greenbone scanner reports a security vulnerability for Docker on openSUSE Leap 15.5/15.6 based on Security Advisory SUSE-SU-2024:4360-1.
The installed version (docker-26.1.5_ce-150000.212.1) is flagged as vulnerable, while the “fixed” version (docker-26.1.5.ce-150000.212.1) appears to be identical according to the advisory.
Details:
- Installed version:
docker-26.1.5_ce-150000.212.1 - Fixed version:
docker-26.1.5.ce-150000.212.1 - Scanner OID:
1.3.6.1.4.1.25623.1.0.856863 - Scan date: February 12, 2025
- Affected system:
openSUSE Leap 15.5/15.6
The only visible difference is the underscore _ce vs. dot .ce in the version number. Since openSUSE itself uses _ce in its package naming, this appears to be an incorrect version detection by the scanner.
Expected Behavior:
The scanner should recognize docker-26.1.5_ce-150000.212.1 as patched, as it matches the latest version available in the official SUSE repositories.
Could you please verify whether this is a false positive or if there is another explanation for this detection?
Thank you for your support!
