Headline
RHSA-2022:5061: Red Hat Security Advisory: .NET Core 3.1 security and bugfix update
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-30184: dotnet: NuGet Credential leak due to loss of control of third party symbol server domain
Synopsis
Moderate: .NET Core 3.1 security and bugfix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.420 and .NET Runtime 3.1.26.
Security Fix(es):
- dotnet: NuGet Credential leak due to loss of control of third party symbol server domain (CVE-2022-30184)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
- Red Hat CodeReady Linux Builder for x86_64 8 x86_64
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
Fixes
- BZ - 2096963 - CVE-2022-30184 dotnet: NuGet Credential leak due to loss of control of third party symbol server domain
Red Hat Enterprise Linux for x86_64 8
SRPM
dotnet3.1-3.1.420-1.el8_6.src.rpm
SHA-256: bb4265b7c3d636f1b7f0d8274ce04d2c1e057400bfb046ebc38b1874a3c797e3
x86_64
aspnetcore-runtime-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 0cebb0eb6a4ae0ace3107639671bdc01e6e15df4c1ed3b1d10f97320ef9262a4
aspnetcore-targeting-pack-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: e8f87c223bb0e314f2c35c5ee5ab6fba76877d7ade4be881697a30cd971856ff
dotnet-apphost-pack-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: bd56c9f472f84fe007c151b65cce300f0cbd6233145f999d13a8931dece88123
dotnet-apphost-pack-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 832d7f05c2652cfc64d330de3bb259487d17376f53bf51a32faa215af347e0f4
dotnet-hostfxr-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 9f6fd84a6b319335f5b62496032f1d3fdb7abfcd2a656f67934b52be320b8dd4
dotnet-hostfxr-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 69d033202377c9f2da9b623e9a858a6eab3ebde148c3b3328889a0f368d7a51f
dotnet-runtime-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: a0dd6a14bb5b9b982b5c76b35b6c4f7ddf99e586a0fa5491ded3922ac902d8a5
dotnet-runtime-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 247b606c5d98eba553152a8f17639078f6c92a9cd4556e1465e9e67c5b4742d5
dotnet-sdk-3.1-3.1.420-1.el8_6.x86_64.rpm
SHA-256: d9d865e3ad091d2e970c45a60b9bc28ce63c018ac4a088e69497dca669abec77
dotnet-sdk-3.1-debuginfo-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 389c94756f3007c027093b4c21f7ed1dc6450387375571c7e29215090f0b71b0
dotnet-targeting-pack-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: a4fbc911ebe3169ffd9c043c4c062095e9cca54d9b7b4bc4234c55e678893d60
dotnet-templates-3.1-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 8fa7d1f03b41ebc4059182fb550bcb3e9ec6e9737e739134683693f3e153483e
dotnet3.1-debuginfo-3.1.420-1.el8_6.x86_64.rpm
SHA-256: b84a2c786af1c3cdb4e7a528ac6d47f751af7e6419e26f64c9941c0c368472f7
dotnet3.1-debugsource-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 69a14e97cde6a29650dd0baf5d7680db5b1a0eb2100ccc00781b34be0a1cc423
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
dotnet3.1-3.1.420-1.el8_6.src.rpm
SHA-256: bb4265b7c3d636f1b7f0d8274ce04d2c1e057400bfb046ebc38b1874a3c797e3
x86_64
aspnetcore-runtime-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 0cebb0eb6a4ae0ace3107639671bdc01e6e15df4c1ed3b1d10f97320ef9262a4
aspnetcore-targeting-pack-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: e8f87c223bb0e314f2c35c5ee5ab6fba76877d7ade4be881697a30cd971856ff
dotnet-apphost-pack-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: bd56c9f472f84fe007c151b65cce300f0cbd6233145f999d13a8931dece88123
dotnet-apphost-pack-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 832d7f05c2652cfc64d330de3bb259487d17376f53bf51a32faa215af347e0f4
dotnet-hostfxr-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 9f6fd84a6b319335f5b62496032f1d3fdb7abfcd2a656f67934b52be320b8dd4
dotnet-hostfxr-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 69d033202377c9f2da9b623e9a858a6eab3ebde148c3b3328889a0f368d7a51f
dotnet-runtime-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: a0dd6a14bb5b9b982b5c76b35b6c4f7ddf99e586a0fa5491ded3922ac902d8a5
dotnet-runtime-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 247b606c5d98eba553152a8f17639078f6c92a9cd4556e1465e9e67c5b4742d5
dotnet-sdk-3.1-3.1.420-1.el8_6.x86_64.rpm
SHA-256: d9d865e3ad091d2e970c45a60b9bc28ce63c018ac4a088e69497dca669abec77
dotnet-sdk-3.1-debuginfo-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 389c94756f3007c027093b4c21f7ed1dc6450387375571c7e29215090f0b71b0
dotnet-targeting-pack-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: a4fbc911ebe3169ffd9c043c4c062095e9cca54d9b7b4bc4234c55e678893d60
dotnet-templates-3.1-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 8fa7d1f03b41ebc4059182fb550bcb3e9ec6e9737e739134683693f3e153483e
dotnet3.1-debuginfo-3.1.420-1.el8_6.x86_64.rpm
SHA-256: b84a2c786af1c3cdb4e7a528ac6d47f751af7e6419e26f64c9941c0c368472f7
dotnet3.1-debugsource-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 69a14e97cde6a29650dd0baf5d7680db5b1a0eb2100ccc00781b34be0a1cc423
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
dotnet3.1-3.1.420-1.el8_6.src.rpm
SHA-256: bb4265b7c3d636f1b7f0d8274ce04d2c1e057400bfb046ebc38b1874a3c797e3
x86_64
aspnetcore-runtime-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 0cebb0eb6a4ae0ace3107639671bdc01e6e15df4c1ed3b1d10f97320ef9262a4
aspnetcore-targeting-pack-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: e8f87c223bb0e314f2c35c5ee5ab6fba76877d7ade4be881697a30cd971856ff
dotnet-apphost-pack-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: bd56c9f472f84fe007c151b65cce300f0cbd6233145f999d13a8931dece88123
dotnet-apphost-pack-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 832d7f05c2652cfc64d330de3bb259487d17376f53bf51a32faa215af347e0f4
dotnet-hostfxr-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 9f6fd84a6b319335f5b62496032f1d3fdb7abfcd2a656f67934b52be320b8dd4
dotnet-hostfxr-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 69d033202377c9f2da9b623e9a858a6eab3ebde148c3b3328889a0f368d7a51f
dotnet-runtime-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: a0dd6a14bb5b9b982b5c76b35b6c4f7ddf99e586a0fa5491ded3922ac902d8a5
dotnet-runtime-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 247b606c5d98eba553152a8f17639078f6c92a9cd4556e1465e9e67c5b4742d5
dotnet-sdk-3.1-3.1.420-1.el8_6.x86_64.rpm
SHA-256: d9d865e3ad091d2e970c45a60b9bc28ce63c018ac4a088e69497dca669abec77
dotnet-sdk-3.1-debuginfo-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 389c94756f3007c027093b4c21f7ed1dc6450387375571c7e29215090f0b71b0
dotnet-targeting-pack-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: a4fbc911ebe3169ffd9c043c4c062095e9cca54d9b7b4bc4234c55e678893d60
dotnet-templates-3.1-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 8fa7d1f03b41ebc4059182fb550bcb3e9ec6e9737e739134683693f3e153483e
dotnet3.1-debuginfo-3.1.420-1.el8_6.x86_64.rpm
SHA-256: b84a2c786af1c3cdb4e7a528ac6d47f751af7e6419e26f64c9941c0c368472f7
dotnet3.1-debugsource-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 69a14e97cde6a29650dd0baf5d7680db5b1a0eb2100ccc00781b34be0a1cc423
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
dotnet3.1-3.1.420-1.el8_6.src.rpm
SHA-256: bb4265b7c3d636f1b7f0d8274ce04d2c1e057400bfb046ebc38b1874a3c797e3
x86_64
aspnetcore-runtime-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 0cebb0eb6a4ae0ace3107639671bdc01e6e15df4c1ed3b1d10f97320ef9262a4
aspnetcore-targeting-pack-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: e8f87c223bb0e314f2c35c5ee5ab6fba76877d7ade4be881697a30cd971856ff
dotnet-apphost-pack-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: bd56c9f472f84fe007c151b65cce300f0cbd6233145f999d13a8931dece88123
dotnet-apphost-pack-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 832d7f05c2652cfc64d330de3bb259487d17376f53bf51a32faa215af347e0f4
dotnet-hostfxr-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 9f6fd84a6b319335f5b62496032f1d3fdb7abfcd2a656f67934b52be320b8dd4
dotnet-hostfxr-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 69d033202377c9f2da9b623e9a858a6eab3ebde148c3b3328889a0f368d7a51f
dotnet-runtime-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: a0dd6a14bb5b9b982b5c76b35b6c4f7ddf99e586a0fa5491ded3922ac902d8a5
dotnet-runtime-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 247b606c5d98eba553152a8f17639078f6c92a9cd4556e1465e9e67c5b4742d5
dotnet-sdk-3.1-3.1.420-1.el8_6.x86_64.rpm
SHA-256: d9d865e3ad091d2e970c45a60b9bc28ce63c018ac4a088e69497dca669abec77
dotnet-sdk-3.1-debuginfo-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 389c94756f3007c027093b4c21f7ed1dc6450387375571c7e29215090f0b71b0
dotnet-targeting-pack-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: a4fbc911ebe3169ffd9c043c4c062095e9cca54d9b7b4bc4234c55e678893d60
dotnet-templates-3.1-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 8fa7d1f03b41ebc4059182fb550bcb3e9ec6e9737e739134683693f3e153483e
dotnet3.1-debuginfo-3.1.420-1.el8_6.x86_64.rpm
SHA-256: b84a2c786af1c3cdb4e7a528ac6d47f751af7e6419e26f64c9941c0c368472f7
dotnet3.1-debugsource-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 69a14e97cde6a29650dd0baf5d7680db5b1a0eb2100ccc00781b34be0a1cc423
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
dotnet3.1-3.1.420-1.el8_6.src.rpm
SHA-256: bb4265b7c3d636f1b7f0d8274ce04d2c1e057400bfb046ebc38b1874a3c797e3
x86_64
aspnetcore-runtime-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 0cebb0eb6a4ae0ace3107639671bdc01e6e15df4c1ed3b1d10f97320ef9262a4
aspnetcore-targeting-pack-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: e8f87c223bb0e314f2c35c5ee5ab6fba76877d7ade4be881697a30cd971856ff
dotnet-apphost-pack-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: bd56c9f472f84fe007c151b65cce300f0cbd6233145f999d13a8931dece88123
dotnet-apphost-pack-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 832d7f05c2652cfc64d330de3bb259487d17376f53bf51a32faa215af347e0f4
dotnet-hostfxr-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 9f6fd84a6b319335f5b62496032f1d3fdb7abfcd2a656f67934b52be320b8dd4
dotnet-hostfxr-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 69d033202377c9f2da9b623e9a858a6eab3ebde148c3b3328889a0f368d7a51f
dotnet-runtime-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: a0dd6a14bb5b9b982b5c76b35b6c4f7ddf99e586a0fa5491ded3922ac902d8a5
dotnet-runtime-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 247b606c5d98eba553152a8f17639078f6c92a9cd4556e1465e9e67c5b4742d5
dotnet-sdk-3.1-3.1.420-1.el8_6.x86_64.rpm
SHA-256: d9d865e3ad091d2e970c45a60b9bc28ce63c018ac4a088e69497dca669abec77
dotnet-sdk-3.1-debuginfo-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 389c94756f3007c027093b4c21f7ed1dc6450387375571c7e29215090f0b71b0
dotnet-targeting-pack-3.1-3.1.26-1.el8_6.x86_64.rpm
SHA-256: a4fbc911ebe3169ffd9c043c4c062095e9cca54d9b7b4bc4234c55e678893d60
dotnet-templates-3.1-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 8fa7d1f03b41ebc4059182fb550bcb3e9ec6e9737e739134683693f3e153483e
dotnet3.1-debuginfo-3.1.420-1.el8_6.x86_64.rpm
SHA-256: b84a2c786af1c3cdb4e7a528ac6d47f751af7e6419e26f64c9941c0c368472f7
dotnet3.1-debugsource-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 69a14e97cde6a29650dd0baf5d7680db5b1a0eb2100ccc00781b34be0a1cc423
Red Hat CodeReady Linux Builder for x86_64 8
SRPM
x86_64
dotnet-apphost-pack-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 832d7f05c2652cfc64d330de3bb259487d17376f53bf51a32faa215af347e0f4
dotnet-hostfxr-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 69d033202377c9f2da9b623e9a858a6eab3ebde148c3b3328889a0f368d7a51f
dotnet-runtime-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 247b606c5d98eba553152a8f17639078f6c92a9cd4556e1465e9e67c5b4742d5
dotnet-sdk-3.1-debuginfo-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 389c94756f3007c027093b4c21f7ed1dc6450387375571c7e29215090f0b71b0
dotnet-sdk-3.1-source-built-artifacts-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 24f6eb76cb4f172e30ad1c74f0a18ec428be67a991d292dc0a03b2a0fde04bc6
dotnet3.1-debuginfo-3.1.420-1.el8_6.x86_64.rpm
SHA-256: b84a2c786af1c3cdb4e7a528ac6d47f751af7e6419e26f64c9941c0c368472f7
dotnet3.1-debugsource-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 69a14e97cde6a29650dd0baf5d7680db5b1a0eb2100ccc00781b34be0a1cc423
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6
SRPM
x86_64
dotnet-apphost-pack-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 832d7f05c2652cfc64d330de3bb259487d17376f53bf51a32faa215af347e0f4
dotnet-hostfxr-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 69d033202377c9f2da9b623e9a858a6eab3ebde148c3b3328889a0f368d7a51f
dotnet-runtime-3.1-debuginfo-3.1.26-1.el8_6.x86_64.rpm
SHA-256: 247b606c5d98eba553152a8f17639078f6c92a9cd4556e1465e9e67c5b4742d5
dotnet-sdk-3.1-debuginfo-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 389c94756f3007c027093b4c21f7ed1dc6450387375571c7e29215090f0b71b0
dotnet-sdk-3.1-source-built-artifacts-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 24f6eb76cb4f172e30ad1c74f0a18ec428be67a991d292dc0a03b2a0fde04bc6
dotnet3.1-debuginfo-3.1.420-1.el8_6.x86_64.rpm
SHA-256: b84a2c786af1c3cdb4e7a528ac6d47f751af7e6419e26f64c9941c0c368472f7
dotnet3.1-debugsource-3.1.420-1.el8_6.x86_64.rpm
SHA-256: 69a14e97cde6a29650dd0baf5d7680db5b1a0eb2100ccc00781b34be0a1cc423
Related news
Red Hat Security Advisory 2022-5050-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.106 and .NET Runtime 6.0.6. Issues addressed include a password leak vulnerability.
Red Hat Security Advisory 2022-5062-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.420 and .NET Runtime 3.1.26. Issues addressed include a password leak vulnerability.
Red Hat Security Advisory 2022-5061-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.420 and .NET Runtime 3.1.26. Issues addressed include a password leak vulnerability.
Red Hat Security Advisory 2022-5046-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.106 and .NET Runtime 6.0.6. Issues addressed include a password leak vulnerability.
.NET and Visual Studio Information Disclosure Vulnerability.
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30184: dotnet: NuGet Credential leak due to loss of control of third party symbol server domain
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30184: dotnet: NuGet Credential leak due to loss of control of third party symbol server domain
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30184: dotnet: NuGet Credential leak due to loss of control of third party symbol server domain
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-30184: dotnet: NuGet Credential leak due to loss of control of third party symbol server domain
### Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0 and .NET Core 3.1, NuGet (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat version range from 3.5.0 to 6.2.0). This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET Core 3.1, and NuGet (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat version range from 3.5.0 to 6.2.0) where a nuget.org api key could leak due to an incorrect comparison with a server url. ### Affected software #### NuGet & NuGet Packages - Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat 6.2.0 version or earlier. - Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat 6.0.1 version or earlier. - Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.CommandLine.XPlat 5.11.1 version or earlier. - Any NuG...