Headline
RHSA-2022:0832: Red Hat Security Advisory: .NET 6.0 on RHEL 7 security and bugfix update
An update for .NET 6.0 is now available for .NET on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-24464: dotnet: ASP.NET Denial of Service via FormPipeReader
- CVE-2022-24512: dotnet: double parser stack buffer overrun
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
- Red Hat CodeReady Studio
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-03-10
Updated:
2022-03-10
RHSA-2022:0832 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: .NET 6.0 on RHEL 7 security and bugfix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for .NET 6.0 is now available for .NET on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 6.0.103 and .NET Runtime 6.0.3.
Security Fix(es):
- dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
- dotnet: double parser stack buffer overrun (CVE-2022-24512)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- dotNET on RHEL (for RHEL Server) 1 x86_64
- dotNET on RHEL (for RHEL Workstation) 1 x86_64
- dotNET on RHEL (for RHEL Compute Node) 1 x86_64
Fixes
- BZ - 2061847 - CVE-2022-24464 dotnet: ASP.NET Denial of Service via FormPipeReader
- BZ - 2061854 - CVE-2022-24512 dotnet: double parser stack buffer overrun
dotNET on RHEL (for RHEL Server) 1
SRPM
rh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm
SHA-256: a3442bf4ff164ace921fde14a8e82a54212bfe05dcee8b69ceb0eccf783fa633
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: 39fb1cbf89d85ad2e9046de2f60707345d4756241c18e6b7ea267baf682d14eb
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: 1b887c922ddf5fd9493fade36cd20cc20a596e2e9637a4989491d18da9de7652
rh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm
SHA-256: e045be22065b1c7ffcdbba115ac993c453d5b67a3e4258c27d0adb65d330ea5f
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: 1f5ef0c0618d4746bc5d0e75d02e83c7f6c00df5428cc9c8fa07fc73047bafbb
rh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm
SHA-256: e0b4978d55c797d063b99781d3e1542c7803ae76399082a86d4c13f596b01bd8
rh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm
SHA-256: a53bc2d4948b7ac96a07f565f2b5d7e56277f4e9d286a5a86492b651d113a48a
rh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: d5c97a1f7b6b92b70b3228c375dadc6489ad975134c24da840167029ebcf2ab8
rh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: 82e6b20c1fa663b6485869d92b5dafcc979d2e186eebe085f824645308404731
rh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm
SHA-256: 192d9051ba33c35aa137d095c9d8d8d012749139810b091ec50426f023bb917f
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm
SHA-256: f939758d5f796332b5035537f6330457bbbed8efd33299c898a9abf7620dcf1a
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: eb2828112e3876d07b26b97f89a2ae70d48459ab0da69d2fef652b1f91685555
rh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm
SHA-256: 9287989b3b61d68dbae0a5739c3c7767248c513591956be12e4abb9a393254be
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm
SHA-256: 84b17c22e376ebef01cbdb54c1a43177d05de0d720ddea7beb51d2b6710eed91
dotNET on RHEL (for RHEL Workstation) 1
SRPM
rh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm
SHA-256: a3442bf4ff164ace921fde14a8e82a54212bfe05dcee8b69ceb0eccf783fa633
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: 39fb1cbf89d85ad2e9046de2f60707345d4756241c18e6b7ea267baf682d14eb
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: 1b887c922ddf5fd9493fade36cd20cc20a596e2e9637a4989491d18da9de7652
rh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm
SHA-256: e045be22065b1c7ffcdbba115ac993c453d5b67a3e4258c27d0adb65d330ea5f
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: 1f5ef0c0618d4746bc5d0e75d02e83c7f6c00df5428cc9c8fa07fc73047bafbb
rh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm
SHA-256: e0b4978d55c797d063b99781d3e1542c7803ae76399082a86d4c13f596b01bd8
rh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm
SHA-256: a53bc2d4948b7ac96a07f565f2b5d7e56277f4e9d286a5a86492b651d113a48a
rh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: d5c97a1f7b6b92b70b3228c375dadc6489ad975134c24da840167029ebcf2ab8
rh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: 82e6b20c1fa663b6485869d92b5dafcc979d2e186eebe085f824645308404731
rh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm
SHA-256: 192d9051ba33c35aa137d095c9d8d8d012749139810b091ec50426f023bb917f
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm
SHA-256: f939758d5f796332b5035537f6330457bbbed8efd33299c898a9abf7620dcf1a
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: eb2828112e3876d07b26b97f89a2ae70d48459ab0da69d2fef652b1f91685555
rh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm
SHA-256: 9287989b3b61d68dbae0a5739c3c7767248c513591956be12e4abb9a393254be
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm
SHA-256: 84b17c22e376ebef01cbdb54c1a43177d05de0d720ddea7beb51d2b6710eed91
dotNET on RHEL (for RHEL Compute Node) 1
SRPM
rh-dotnet60-dotnet-6.0.103-3.el7_9.src.rpm
SHA-256: a3442bf4ff164ace921fde14a8e82a54212bfe05dcee8b69ceb0eccf783fa633
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: 39fb1cbf89d85ad2e9046de2f60707345d4756241c18e6b7ea267baf682d14eb
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: 1b887c922ddf5fd9493fade36cd20cc20a596e2e9637a4989491d18da9de7652
rh-dotnet60-dotnet-6.0.103-3.el7_9.x86_64.rpm
SHA-256: e045be22065b1c7ffcdbba115ac993c453d5b67a3e4258c27d0adb65d330ea5f
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: 1f5ef0c0618d4746bc5d0e75d02e83c7f6c00df5428cc9c8fa07fc73047bafbb
rh-dotnet60-dotnet-debuginfo-6.0.103-3.el7_9.x86_64.rpm
SHA-256: e0b4978d55c797d063b99781d3e1542c7803ae76399082a86d4c13f596b01bd8
rh-dotnet60-dotnet-host-6.0.3-3.el7_9.x86_64.rpm
SHA-256: a53bc2d4948b7ac96a07f565f2b5d7e56277f4e9d286a5a86492b651d113a48a
rh-dotnet60-dotnet-hostfxr-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: d5c97a1f7b6b92b70b3228c375dadc6489ad975134c24da840167029ebcf2ab8
rh-dotnet60-dotnet-runtime-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: 82e6b20c1fa663b6485869d92b5dafcc979d2e186eebe085f824645308404731
rh-dotnet60-dotnet-sdk-6.0-6.0.103-3.el7_9.x86_64.rpm
SHA-256: 192d9051ba33c35aa137d095c9d8d8d012749139810b091ec50426f023bb917f
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.103-3.el7_9.x86_64.rpm
SHA-256: f939758d5f796332b5035537f6330457bbbed8efd33299c898a9abf7620dcf1a
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.3-3.el7_9.x86_64.rpm
SHA-256: eb2828112e3876d07b26b97f89a2ae70d48459ab0da69d2fef652b1f91685555
rh-dotnet60-dotnet-templates-6.0-6.0.103-3.el7_9.x86_64.rpm
SHA-256: 9287989b3b61d68dbae0a5739c3c7767248c513591956be12e4abb9a393254be
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.103-3.el7_9.x86_64.rpm
SHA-256: 84b17c22e376ebef01cbdb54c1a43177d05de0d720ddea7beb51d2b6710eed91
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.