CVE-2022-37434 for ASP.Net 6

[Ravikrishna216]

We are using aspnet docker image

mcr.microsoft.com/dotnet/aspnet:6.0

From Sysdig scan a vulnerability is scanned CVE-2022-37434

Will the base image will be updated to handle this vulnerability ??

[mthalman]

This is now resolved. I've rebuilt all affected .NET images based on Debian 11 so that they now contain the latest zlib1g package version which patches this vulnerability.

> docker pull mcr.microsoft.com/dotnet/aspnet:6.0
6.0: Pulling from dotnet/aspnet
Digest: sha256:30f462a50ad021c35ab3ebbbb8f16049c8d41499f7063a95bc68e7c69b0a97c4
Status: Image is up to date for mcr.microsoft.com/dotnet/aspnet:6.0
mcr.microsoft.com/dotnet/aspnet:6.0

> docker run --rm mcr.microsoft.com/dotnet/aspnet:6.0 apt list zlib1g

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

Listing...
zlib1g/now 1:1.2.11.dfsg-2+deb11u2 amd64 [installed,local]

[mthalman]

In the future, please log issues specific to .NET container images at https://github.com/dotnet/dotnet-docker.

[Ravikrishna216]

Sure.. Thank you for the update.

[Ravikrishna216]

Thank you.. It is working now