pragnagopa
commented
1 month ago We update images on a regular basis to ensure packages are up-to-date - https://github.com/Azure/azure-functions-docker/wiki/Refreshing-Upstream-Dependencies-for-all-images
I would expect next udpate ~3weeks to resolve the issue
Description: We are using the Docker image mcr.microsoft.com/azure-functions/python:4-python3.9-slim. This image includes libk5crypto3 1.18.3-6+deb11u4, which is affected by https://lists.debian.org/debian-security-announce/2024/msg00137.html. Please update libk5crypto3 1.18.3-6+deb11u4 to deb11u4 1.18.3-6+deb11u5
Steps to Reproduce: Use mcr.microsoft.com/azure-functions/python:4-python3.9-slim in a Dockerfile. Run a vulnerability scan (I'm using Aqua). Expected Behavior: No critical vulnerabilities should be present.
Actual Behavior: libk5crypto3 1.18.3-6+deb11u4 is detected as a vulnerability