RHSA-2022:0495: Red Hat Security Advisory: .NET 5.0 security and bugfix update

Skip to navigation Skip to main content

Utilities

• Subscriptions
• Downloads
• Containers
• Support Cases

Infrastructure and Management

• Red Hat Enterprise Linux
• Red Hat Virtualization
• Red Hat Identity Management
• Red Hat Directory Server
• Red Hat Certificate System
• Red Hat Satellite
• Red Hat Subscription Management
• Red Hat Update Infrastructure
• Red Hat Insights
• Red Hat Ansible Automation Platform

Cloud Computing

• Red Hat OpenShift
• Red Hat CloudForms
• Red Hat OpenStack Platform
• Red Hat OpenShift Container Platform
• Red Hat OpenShift Data Science
• Red Hat OpenShift Online
• Red Hat OpenShift Dedicated
• Red Hat Advanced Cluster Security for Kubernetes
• Red Hat Advanced Cluster Management for Kubernetes
• Red Hat Quay
• Red Hat CodeReady Workspaces
• Red Hat OpenShift Service on AWS

Storage

• Red Hat Gluster Storage
• Red Hat Hyperconverged Infrastructure
• Red Hat Ceph Storage
• Red Hat OpenShift Data Foundation

Runtimes

• Red Hat Runtimes
• Red Hat JBoss Enterprise Application Platform
• Red Hat Data Grid
• Red Hat JBoss Web Server
• Red Hat Single Sign On
• Red Hat support for Spring Boot
• Red Hat build of Node.js
• Red Hat build of Thorntail
• Red Hat build of Eclipse Vert.x
• Red Hat build of OpenJDK
• Red Hat build of Quarkus
• Red Hat CodeReady Studio

Integration and Automation

• Red Hat Process Automation
• Red Hat Process Automation Manager
• Red Hat Decision Manager

All Products

Issued:

2022-02-09

Updated:

2022-02-09

RHSA-2022:0495 - Security Advisory

• Overview
• Updated Packages

Synopsis

Important: .NET 5.0 security and bugfix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.211 and .NET Runtime 5.0.14.

Security Fix(es):

• dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service (CVE-2022-219862)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

• Red Hat Enterprise Linux for x86_64 8 x86_64
• Red Hat CodeReady Linux Builder for x86_64 8 x86_64

Fixes

• BZ - 2051490 - CVE-2022-219862 dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service

Red Hat Enterprise Linux for x86_64 8

SRPM

dotnet5.0-5.0.211-1.el8_5.src.rpm

SHA-256: 90313e9f16eef01474402dab3877dcd8af9b4d05d0948c0d43a6b6a480b72028

x86_64

aspnetcore-runtime-5.0-5.0.14-1.el8_5.x86_64.rpm

SHA-256: 0b168f0e4a5284c57a46aeaa8e565505ade85ebd702dbe7d97bfe20805408573

aspnetcore-targeting-pack-5.0-5.0.14-1.el8_5.x86_64.rpm

SHA-256: da97b5bd221ee6ad43a3e0e7c48e5b139cec4678af3c13952e176e750a3b0f18

dotnet-apphost-pack-5.0-5.0.14-1.el8_5.x86_64.rpm

SHA-256: 12d18a3c61c64a39faf71c3e324b327a7a10d7ddde3a4f9be95fcf3cd78d00c9

dotnet-apphost-pack-5.0-debuginfo-5.0.14-1.el8_5.x86_64.rpm

SHA-256: e3b9ab6de47e3c023726e7f43bd54dc9df76b0b8c228f0b6ea4318263e482572

dotnet-hostfxr-5.0-5.0.14-1.el8_5.x86_64.rpm

SHA-256: b86f823b00067f8e96df8e2f8441624b9f58f6c29198b26025d01035105fb6a7

dotnet-hostfxr-5.0-debuginfo-5.0.14-1.el8_5.x86_64.rpm

SHA-256: 450d4b7c7d9d40d9ea5dbe5231b2e1ab21e437b0981f3f76a8d27af6899348f2

dotnet-runtime-5.0-5.0.14-1.el8_5.x86_64.rpm

SHA-256: 54350d8444a4df6856b024c333e889a5532c1ae8c599afb18bf81dd33f05bdc0

dotnet-runtime-5.0-debuginfo-5.0.14-1.el8_5.x86_64.rpm

SHA-256: c5fc90e513258d4fe44f188c30c4821831119049baad39b3c55d1236bf9cb4f8

dotnet-sdk-5.0-5.0.211-1.el8_5.x86_64.rpm

SHA-256: 4dfc31150e0a43472607f6409b878119fdd40c1f3d021f373e4c33877535ca90

dotnet-sdk-5.0-debuginfo-5.0.211-1.el8_5.x86_64.rpm

SHA-256: a294d720def39d3993bedf8137cfd7b02b98940a4c30f4bd400f3044331364cd

dotnet-targeting-pack-5.0-5.0.14-1.el8_5.x86_64.rpm

SHA-256: dcd701bd6a8de5097180e2e9606844d0153b5cf17e7d94a41e1818947b7aa034

dotnet-templates-5.0-5.0.211-1.el8_5.x86_64.rpm

SHA-256: 5a27903a9c602d867c0397f0de071b56ead2e76e5ce3b11163fec9f04ee5f698

dotnet5.0-debuginfo-5.0.211-1.el8_5.x86_64.rpm

SHA-256: 06138c218f3590f6cd2a9cd630e7034f5fac29ceac1fda8bf1c3550866a4f43f

dotnet5.0-debugsource-5.0.211-1.el8_5.x86_64.rpm

SHA-256: 82a1618c14910fc2e063858b097fb9911df67904595df41e5c8ddc50ed831b4d

Red Hat CodeReady Linux Builder for x86_64 8

SRPM

x86_64

dotnet-apphost-pack-5.0-debuginfo-5.0.14-1.el8_5.x86_64.rpm

SHA-256: e3b9ab6de47e3c023726e7f43bd54dc9df76b0b8c228f0b6ea4318263e482572

dotnet-hostfxr-5.0-debuginfo-5.0.14-1.el8_5.x86_64.rpm

SHA-256: 450d4b7c7d9d40d9ea5dbe5231b2e1ab21e437b0981f3f76a8d27af6899348f2

dotnet-runtime-5.0-debuginfo-5.0.14-1.el8_5.x86_64.rpm

SHA-256: c5fc90e513258d4fe44f188c30c4821831119049baad39b3c55d1236bf9cb4f8

dotnet-sdk-5.0-debuginfo-5.0.211-1.el8_5.x86_64.rpm

SHA-256: a294d720def39d3993bedf8137cfd7b02b98940a4c30f4bd400f3044331364cd

dotnet-sdk-5.0-source-built-artifacts-5.0.211-1.el8_5.x86_64.rpm

SHA-256: 0c0e9fb65c4a93055b238684b8348e3f01c344fd11c65efb7b9a545eac6b51f3

dotnet5.0-debuginfo-5.0.211-1.el8_5.x86_64.rpm

SHA-256: 06138c218f3590f6cd2a9cd630e7034f5fac29ceac1fda8bf1c3550866a4f43f

dotnet5.0-debugsource-5.0.211-1.el8_5.x86_64.rpm

SHA-256: 82a1618c14910fc2e063858b097fb9911df67904595df41e5c8ddc50ed831b4d

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.