Vulnerabilities in the container image mcr.microsoft.com/dotnet/aspnet:8.0

[aashwinbhushal200]

We are using the Microsoft-provided Docker image called mcr.microsoft.com/dotnet/aspnet:8.0 in production. This is the current LTS image for the ASP.NET Core Runtime for .net 8.

Unfortunately, this image contains the following two vulnerabilities:

1. gnutls28, (A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust)

2. tar (GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump.)

3. systemd(A vulnerability was found in systemd-resolved. This issue may allow systemd-resolved to accept records of DNSSEC-signed domains even when they have no signature, allowing man-in-the-middles (or the upstream DNS resolver) to manipulate records.)

The vulnerabilities were found by the Prisma Cloud .

Would you be able to provide an update to this Docker image?

We rely on this image in production and need it urgently.

Please let me know if I can be of any assistance in resolving this issue.

[akoken]

You should take a look at this guideline.