Headline
RHSA-2022:7826: Red Hat Security Advisory: dotnet7.0 security, bug fix, and enhancement update
An update for dotnet7.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-41032: dotnet: Nuget cache poisoning on Linux via world-writable cache directory
Synopsis
Moderate: dotnet7.0 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for dotnet7.0 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.100 RC 2 and .NET Runtime 7.0.0 RC 2.
The following packages have been upgraded to a later upstream version: dotnet7.0 (7.0.100). (BZ#2134642).
Security Fix(es):
- dotnet: Nuget cache poisoning on Linux via world-writable cache directory (CVE-2022-41032)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for x86_64 8 x86_64
- Red Hat CodeReady Linux Builder for Power, little endian 8 ppc64le
- Red Hat CodeReady Linux Builder for ARM 64 8 aarch64
- Red Hat CodeReady Linux Builder for IBM z Systems 8 s390x
Fixes
- BZ - 2132614 - CVE-2022-41032 dotnet: Nuget cache poisoning on Linux via world-writable cache directory
- BZ - 2134642 - Update .NET 7 to RC 2 [rhel-8.7.0.z]
Red Hat Enterprise Linux for x86_64 8
SRPM
dotnet7.0-7.0.100-0.4.rc2.el8_7.src.rpm
SHA-256: c81fd940d7e1108d872fddd88e1507aec57825735c3e12d21a5f118fa2f03754
x86_64
aspnetcore-runtime-7.0-7.0.0-0.4.rc2.el8_7.x86_64.rpm
SHA-256: d048f075031f7469cacbc5053c614faf8f67428e79b414ecbc4ae177f3592e30
aspnetcore-targeting-pack-7.0-7.0.0-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 593596aa401e181d4a081394c1f059f8d9f694e602e1f462a6c4524fecbc72f2
dotnet-7.0.100-0.4.rc2.el8_7.x86_64.rpm
SHA-256: eebc65934e3814516a7e282cf83cba316fefb44acf368a6fdbae3ad8c6947b49
dotnet-apphost-pack-7.0-7.0.0-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 3234d3b30d639db797e068814cc7c3881d28e33cd597c9586a518d57ddc9ce4c
dotnet-apphost-pack-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.x86_64.rpm
SHA-256: f325aa9bc552361101c63f4680aba64c1556bdf340db2ff975fadeedb7696b22
dotnet-host-7.0.0-0.4.rc2.el8_7.x86_64.rpm
SHA-256: c85819cbec77aeca9c6c675d2aa5435513ae7f5f343bfb74950f4cf51bc8a049
dotnet-host-debuginfo-7.0.0-0.4.rc2.el8_7.x86_64.rpm
SHA-256: e283b95fa9c6a9d7716be141adb19c61e23b3cad1a12cee6b4c238c4fce1d4ce
dotnet-hostfxr-7.0-7.0.0-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 94fd19d5bd59240d0a2999a61fe03394efbc588dd17cf625a701ef0c8eb4c840
dotnet-hostfxr-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 740215fb3e0219dc0aab9802b38ca1ef18b65dc731d224da6cc9b2c01d49a4bd
dotnet-runtime-7.0-7.0.0-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 2d09e0b1b0c17ac56021e81bdd5069fa895ba1e8265d51817c71d51242330d23
dotnet-runtime-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 3a59f61da2bc32d634e0549854a4fed00c7522d3b0a81c1fa9d514fcebab627d
dotnet-sdk-7.0-7.0.100-0.4.rc2.el8_7.x86_64.rpm
SHA-256: acb6df28132084a5ce4e652ae8261b04182b43317c552d02604a70f40efa60b4
dotnet-sdk-7.0-debuginfo-7.0.100-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 8085305404fe368641e4f79e32916909eb9a230b1ee066bccd3bbf139a634ef6
dotnet-targeting-pack-7.0-7.0.0-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 4dbb1d895983e5b61de87650511e8cad3ab673f99501f60ce5564031eef601e9
dotnet-templates-7.0-7.0.100-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 772646ca83c8a14d62fe7916f12e656ad3ee409195d7dd3498ac8b11ee52fb81
dotnet7.0-debuginfo-7.0.100-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 6a7e4b02e11156f07a10f3cdb062e7e2dd2c68482eaefa7e851e67caab5719c5
dotnet7.0-debugsource-7.0.100-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 6fe95eb5cd46162cbd2ea8d8f638b6407e54131e3ed11faf7046142f90a53a28
netstandard-targeting-pack-2.1-7.0.100-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 4a7e8f3c96ebb9d47e3abe22afd1e95e4153da91f443adb4a0cbe45f6e39e80b
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
dotnet7.0-7.0.100-0.4.rc2.el8_7.src.rpm
SHA-256: c81fd940d7e1108d872fddd88e1507aec57825735c3e12d21a5f118fa2f03754
s390x
aspnetcore-runtime-7.0-7.0.0-0.4.rc2.el8_7.s390x.rpm
SHA-256: be3c1aa1814e614c5943dff048ce4bd56b746a670645965881b0f7a329cf29c4
aspnetcore-targeting-pack-7.0-7.0.0-0.4.rc2.el8_7.s390x.rpm
SHA-256: a2eff04a4c45b321c20bab7d4e6fa6827518d6a87a08ac99f755c10d26a7496c
dotnet-7.0.100-0.4.rc2.el8_7.s390x.rpm
SHA-256: 24ba066c69e165579d659b54eff64b7d2765719ae0688f4a0240aa2443f352ce
dotnet-apphost-pack-7.0-7.0.0-0.4.rc2.el8_7.s390x.rpm
SHA-256: 842bf62b7cef56752b94bc35310ba374c99c48e971014aae8f921e8e9ffc607e
dotnet-apphost-pack-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.s390x.rpm
SHA-256: 3c3a2cf0807e547d30198d0a0dfff8d17c5a5a41af87dd47468344c1fa103da4
dotnet-host-7.0.0-0.4.rc2.el8_7.s390x.rpm
SHA-256: 966dbb4405293d75f583b19a796a1256e20afd4206b8dae59648ededd2787e16
dotnet-host-debuginfo-7.0.0-0.4.rc2.el8_7.s390x.rpm
SHA-256: 0f673f89bac462f0e15a40a46af09d23181f118b5bc546b3bbe16672a3cfefb7
dotnet-hostfxr-7.0-7.0.0-0.4.rc2.el8_7.s390x.rpm
SHA-256: 90f9924f542439849384db994c2bf7b5b532d8cf4a09856969e70d8474166a30
dotnet-hostfxr-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.s390x.rpm
SHA-256: 30c7062ea147ef0deb12c061a2d756c46ce6718f1bdaf8561fe2995777776af0
dotnet-runtime-7.0-7.0.0-0.4.rc2.el8_7.s390x.rpm
SHA-256: 2a3cd569a46e45938d4c97fad98dc17454cb7fad66aef05ade64e145a4d564cc
dotnet-runtime-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.s390x.rpm
SHA-256: 9f8a5f675acc1b59eaa54d20a930cc64fb53c0027bc4f465efb01f719e9a605e
dotnet-sdk-7.0-7.0.100-0.4.rc2.el8_7.s390x.rpm
SHA-256: dee1e763bd38a7722596f2ba5e15e908bdac98375e7d3f0b4f27009f0317739d
dotnet-sdk-7.0-debuginfo-7.0.100-0.4.rc2.el8_7.s390x.rpm
SHA-256: 3ca6e684c1d94eb6d2ceb3d07c3f79301353fb9f3c3902787358cac202624b9d
dotnet-targeting-pack-7.0-7.0.0-0.4.rc2.el8_7.s390x.rpm
SHA-256: 49efaba30e9f2fff90fa654495e617b28a0f82358e97e1dead9f6c7bf74ee12c
dotnet-templates-7.0-7.0.100-0.4.rc2.el8_7.s390x.rpm
SHA-256: 9aaff2448d568447a51604eacd9a124413421702e020a24ba80d45b6698088b9
dotnet7.0-debuginfo-7.0.100-0.4.rc2.el8_7.s390x.rpm
SHA-256: 7e75a542bc90edd5d03dde2c4384ab4818c9d9c819c5c9d5dd0a078df5d9b07c
dotnet7.0-debugsource-7.0.100-0.4.rc2.el8_7.s390x.rpm
SHA-256: 88a2360f49ae9167b35c4744815c0cd2def2d50eba5aa25bf5cce322ba8e24ff
netstandard-targeting-pack-2.1-7.0.100-0.4.rc2.el8_7.s390x.rpm
SHA-256: 9b21b791b9ec0553deea177eacbd15dba147a3871de8aa4f9d4171441936d413
Red Hat Enterprise Linux for Power, little endian 8
SRPM
dotnet7.0-7.0.100-0.4.rc2.el8_7.src.rpm
SHA-256: c81fd940d7e1108d872fddd88e1507aec57825735c3e12d21a5f118fa2f03754
ppc64le
aspnetcore-runtime-7.0-7.0.0-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: e7804749e230e6485a83a3522da69665bfceedcb5b9cd19f546b8dd4cd42aff8
aspnetcore-targeting-pack-7.0-7.0.0-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: 47d7500bebf51f780a74cf7a27a627ffdb4ce2d0f627305226799c0dd490b1e8
dotnet-7.0.100-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: 9bd0892f7a6ba503667fd6f102ac9cd3a1a747640b64267029fb283e0a481275
dotnet-apphost-pack-7.0-7.0.0-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: a89e8000d12fbd20bf5fd7786ac5cffe9a9d0a05a03d313a88ec0d06946339f4
dotnet-apphost-pack-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: e47c6c92ea6db0ed41a06c58a379d2ca18b6973db0c88e0f92db15e177c22f2e
dotnet-host-7.0.0-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: 1de43a5a1e5293de8e1ca8ba61eb45bac53975f62e791a46caf7503b2a7ed87a
dotnet-host-debuginfo-7.0.0-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: 0747a8d6a2e8143a4f583fb6e9f24f06d13af7ec56c77fc83813582dc452e9a8
dotnet-hostfxr-7.0-7.0.0-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: 94581321c27f919467396dfb581a808b189f3b897bfa7bd487d1e1b689bd6ec0
dotnet-hostfxr-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: e4f7343df6556d5e3cae4e9910a02c4f6ad41aa9e7fa0d711d5e3fe9c038607e
dotnet-runtime-7.0-7.0.0-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: 674dfb5f8a58a2761fe4c298563387b6ad3b6082c04b902b3b60c3ff8a2c38f9
dotnet-runtime-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: f3dfda9e615e51612c377e706cf4b1aa64795b2339fe94f96312a097c26e3ce9
dotnet-sdk-7.0-7.0.100-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: 8be511ac1a429724089dbb1df7212b1e28f59ee381b5bd23bad055a372211f9a
dotnet-sdk-7.0-debuginfo-7.0.100-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: 745b688a027a23ac9a09817cf3738bebb0c3f3bdd9a77757bcf109de374e113e
dotnet-targeting-pack-7.0-7.0.0-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: 16453b4152ab8098265594d71165c3c8a3a6f709a34fcee4cc8da0c51baba35c
dotnet-templates-7.0-7.0.100-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: 6ae328683a61a7406ec2ec7cf58c990cbc8e7284c062907c89a786955110bcab
dotnet7.0-debuginfo-7.0.100-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: 3e774a6f5bd9f4f12aa1fb751c8b41e41bcdd3694636ff51886d1e6ad0fb812d
dotnet7.0-debugsource-7.0.100-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: a311234c81fdf4813e7a9756aee2fff7ade4c4e7a56d0eb9dbdbaffb3a9b91e2
netstandard-targeting-pack-2.1-7.0.100-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: 81eeb56c0997baf1c6333535c0a5a4eee8891d977938cece4415c250f21410e3
Red Hat Enterprise Linux for ARM 64 8
SRPM
dotnet7.0-7.0.100-0.4.rc2.el8_7.src.rpm
SHA-256: c81fd940d7e1108d872fddd88e1507aec57825735c3e12d21a5f118fa2f03754
aarch64
aspnetcore-runtime-7.0-7.0.0-0.4.rc2.el8_7.aarch64.rpm
SHA-256: 8faf91209d5ec9c25d920885101c7619ee5fadc5733ffa23e433c43570cb8e8c
aspnetcore-targeting-pack-7.0-7.0.0-0.4.rc2.el8_7.aarch64.rpm
SHA-256: cbbb138eb1d3397b8725a13acfe17e4695ff6d72c24a96df636bccf50e56ef0b
dotnet-7.0.100-0.4.rc2.el8_7.aarch64.rpm
SHA-256: b4c7dddc560b2f74c0d85c38bd69c35da02794c14927a5294ecbcd1f463a2b72
dotnet-apphost-pack-7.0-7.0.0-0.4.rc2.el8_7.aarch64.rpm
SHA-256: f170e5e76c83a130f21cabf9b1093cd75db0738acbf15821c7450eb3643c9a9f
dotnet-apphost-pack-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.aarch64.rpm
SHA-256: a0f32b57f19abe335c7e66279e116359b776d632e6e581fbd59f75a958af890a
dotnet-host-7.0.0-0.4.rc2.el8_7.aarch64.rpm
SHA-256: a2644ad6ff2252be0f4da550c9eb9b2675e0113ad71f2e107662635fc9285a60
dotnet-host-debuginfo-7.0.0-0.4.rc2.el8_7.aarch64.rpm
SHA-256: 7414f32e0460db5fa9a10338e4af1b6da522fc48ada12d712fbb048e4ac2c27f
dotnet-hostfxr-7.0-7.0.0-0.4.rc2.el8_7.aarch64.rpm
SHA-256: 742c4195c6a74ad50aa5c28bde6cdd9f4e5526179224e99298cbd37fc209dd42
dotnet-hostfxr-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.aarch64.rpm
SHA-256: 4984c6fd0b6c7223c11512055e04c3ca102c196f64768c1e656540858f08589b
dotnet-runtime-7.0-7.0.0-0.4.rc2.el8_7.aarch64.rpm
SHA-256: 32b1f62cb93ba487ebdd1c277353d59fd14953cdc8e5db9054ea9e89cb4a67e6
dotnet-runtime-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.aarch64.rpm
SHA-256: edd9433c18dd0f88c4b3fed73a1471e69b28b2ffbdb782b793523620017fb825
dotnet-sdk-7.0-7.0.100-0.4.rc2.el8_7.aarch64.rpm
SHA-256: 97e892fd7907a7c24ab382298f2fb9ebc96a12093a185d22452df2d1f9275e79
dotnet-sdk-7.0-debuginfo-7.0.100-0.4.rc2.el8_7.aarch64.rpm
SHA-256: 07f8092910b10bdefc85db09e5051774758972cd91cb4705f27af39725f81eff
dotnet-targeting-pack-7.0-7.0.0-0.4.rc2.el8_7.aarch64.rpm
SHA-256: 8224e47769e2d1db968d3a1345e07c349c9dbadf8f6e28d96fd082726469b661
dotnet-templates-7.0-7.0.100-0.4.rc2.el8_7.aarch64.rpm
SHA-256: 7cb0b47736a19858decee9a0442a635df2fd84b208a11f964b4e1bf4461cca62
dotnet7.0-debuginfo-7.0.100-0.4.rc2.el8_7.aarch64.rpm
SHA-256: 9fc7391dd4f11b74c8cf73c9b3fed54e068978a69bfd2cdd429c69177de37a05
dotnet7.0-debugsource-7.0.100-0.4.rc2.el8_7.aarch64.rpm
SHA-256: dec39312153eafa5083fb78126fedb5a73f93652b670d4b8c9badbe91cc5a70d
netstandard-targeting-pack-2.1-7.0.100-0.4.rc2.el8_7.aarch64.rpm
SHA-256: 27c52d403be9fa1e17c867d822f693f1794cc165adfb4d12ed96ef15c59b046d
Red Hat CodeReady Linux Builder for x86_64 8
SRPM
x86_64
dotnet-apphost-pack-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.x86_64.rpm
SHA-256: f325aa9bc552361101c63f4680aba64c1556bdf340db2ff975fadeedb7696b22
dotnet-host-debuginfo-7.0.0-0.4.rc2.el8_7.x86_64.rpm
SHA-256: e283b95fa9c6a9d7716be141adb19c61e23b3cad1a12cee6b4c238c4fce1d4ce
dotnet-hostfxr-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 740215fb3e0219dc0aab9802b38ca1ef18b65dc731d224da6cc9b2c01d49a4bd
dotnet-runtime-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 3a59f61da2bc32d634e0549854a4fed00c7522d3b0a81c1fa9d514fcebab627d
dotnet-sdk-7.0-debuginfo-7.0.100-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 8085305404fe368641e4f79e32916909eb9a230b1ee066bccd3bbf139a634ef6
dotnet-sdk-7.0-source-built-artifacts-7.0.100-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 0565701ab1269cd545902bea3e47a4430b13a49681f272c9d461f6c6fef187fe
dotnet7.0-debuginfo-7.0.100-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 6a7e4b02e11156f07a10f3cdb062e7e2dd2c68482eaefa7e851e67caab5719c5
dotnet7.0-debugsource-7.0.100-0.4.rc2.el8_7.x86_64.rpm
SHA-256: 6fe95eb5cd46162cbd2ea8d8f638b6407e54131e3ed11faf7046142f90a53a28
Red Hat CodeReady Linux Builder for Power, little endian 8
SRPM
ppc64le
dotnet-apphost-pack-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: e47c6c92ea6db0ed41a06c58a379d2ca18b6973db0c88e0f92db15e177c22f2e
dotnet-host-debuginfo-7.0.0-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: 0747a8d6a2e8143a4f583fb6e9f24f06d13af7ec56c77fc83813582dc452e9a8
dotnet-hostfxr-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: e4f7343df6556d5e3cae4e9910a02c4f6ad41aa9e7fa0d711d5e3fe9c038607e
dotnet-runtime-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: f3dfda9e615e51612c377e706cf4b1aa64795b2339fe94f96312a097c26e3ce9
dotnet-sdk-7.0-debuginfo-7.0.100-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: 745b688a027a23ac9a09817cf3738bebb0c3f3bdd9a77757bcf109de374e113e
dotnet-sdk-7.0-source-built-artifacts-7.0.100-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: 7416e5a834e7f3daff06167da01815241d7870f5606c1fa58602e31b7f423fea
dotnet7.0-debuginfo-7.0.100-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: 3e774a6f5bd9f4f12aa1fb751c8b41e41bcdd3694636ff51886d1e6ad0fb812d
dotnet7.0-debugsource-7.0.100-0.4.rc2.el8_7.ppc64le.rpm
SHA-256: a311234c81fdf4813e7a9756aee2fff7ade4c4e7a56d0eb9dbdbaffb3a9b91e2
Red Hat CodeReady Linux Builder for ARM 64 8
SRPM
aarch64
dotnet-apphost-pack-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.aarch64.rpm
SHA-256: a0f32b57f19abe335c7e66279e116359b776d632e6e581fbd59f75a958af890a
dotnet-host-debuginfo-7.0.0-0.4.rc2.el8_7.aarch64.rpm
SHA-256: 7414f32e0460db5fa9a10338e4af1b6da522fc48ada12d712fbb048e4ac2c27f
dotnet-hostfxr-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.aarch64.rpm
SHA-256: 4984c6fd0b6c7223c11512055e04c3ca102c196f64768c1e656540858f08589b
dotnet-runtime-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.aarch64.rpm
SHA-256: edd9433c18dd0f88c4b3fed73a1471e69b28b2ffbdb782b793523620017fb825
dotnet-sdk-7.0-debuginfo-7.0.100-0.4.rc2.el8_7.aarch64.rpm
SHA-256: 07f8092910b10bdefc85db09e5051774758972cd91cb4705f27af39725f81eff
dotnet-sdk-7.0-source-built-artifacts-7.0.100-0.4.rc2.el8_7.aarch64.rpm
SHA-256: f248a76a8cdee91577c20f1af168d4609a51f192b46b72b31a7c048496b20588
dotnet7.0-debuginfo-7.0.100-0.4.rc2.el8_7.aarch64.rpm
SHA-256: 9fc7391dd4f11b74c8cf73c9b3fed54e068978a69bfd2cdd429c69177de37a05
dotnet7.0-debugsource-7.0.100-0.4.rc2.el8_7.aarch64.rpm
SHA-256: dec39312153eafa5083fb78126fedb5a73f93652b670d4b8c9badbe91cc5a70d
Red Hat CodeReady Linux Builder for IBM z Systems 8
SRPM
s390x
dotnet-apphost-pack-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.s390x.rpm
SHA-256: 3c3a2cf0807e547d30198d0a0dfff8d17c5a5a41af87dd47468344c1fa103da4
dotnet-host-debuginfo-7.0.0-0.4.rc2.el8_7.s390x.rpm
SHA-256: 0f673f89bac462f0e15a40a46af09d23181f118b5bc546b3bbe16672a3cfefb7
dotnet-hostfxr-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.s390x.rpm
SHA-256: 30c7062ea147ef0deb12c061a2d756c46ce6718f1bdaf8561fe2995777776af0
dotnet-runtime-7.0-debuginfo-7.0.0-0.4.rc2.el8_7.s390x.rpm
SHA-256: 9f8a5f675acc1b59eaa54d20a930cc64fb53c0027bc4f465efb01f719e9a605e
dotnet-sdk-7.0-debuginfo-7.0.100-0.4.rc2.el8_7.s390x.rpm
SHA-256: 3ca6e684c1d94eb6d2ceb3d07c3f79301353fb9f3c3902787358cac202624b9d
dotnet-sdk-7.0-source-built-artifacts-7.0.100-0.4.rc2.el8_7.s390x.rpm
SHA-256: f7ee3bad792768ad1d6fe62adee7245f3c16e1ddf8f9f0882461c20e738a51b8
dotnet7.0-debuginfo-7.0.100-0.4.rc2.el8_7.s390x.rpm
SHA-256: 7e75a542bc90edd5d03dde2c4384ab4818c9d9c819c5c9d5dd0a078df5d9b07c
dotnet7.0-debugsource-7.0.100-0.4.rc2.el8_7.s390x.rpm
SHA-256: 88a2360f49ae9167b35c4744815c0cd2def2d50eba5aa25bf5cce322ba8e24ff
Related news
Red Hat Security Advisory 2022-8434-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.100 RC 2 and .NET Runtime 7.0.0 RC 2.
An update for dotnet7.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41032: dotnet: Nuget cache poisoning on Linux via world-writable cache directory
Red Hat Security Advisory 2022-6914-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.424 and .NET Runtime 3.1.30.
Red Hat Security Advisory 2022-6911-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.110 and .NET Runtime 6.0.10.
Red Hat Security Advisory 2022-6913-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.110 and .NET Runtime 6.0.10.
Ubuntu Security Notice 5670-1 - Edward Thomson discovered that .NET 6 incorrectly handled permissions for local NuGet cache. A local attacker could possibly use this issue to execute arbitrary code.
An update for .NET 6.0 is available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41032: dotnet: Nuget cache poisoning on Linux via world-writable cache directory
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41032: dotnet: Nuget cache poisoning on Linux via world-writable cache directory
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41032: dotnet: Nuget cache poisoning on Linux via world-writable cache directory
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41032: dotnet: Nuget cache poisoning on Linux via world-writable cache directory
## Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0.0-rc, .NET 6.0, .NET Core 3.1, and NuGet (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol). This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 7.0.0-rc.1, .NET 6.0, .NET Core 3.1, and NuGet clients (NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol) where a malicious actor could cause a user to execute arbitrary code. ## Affected software ### NuGet & NuGet Packages - Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 6.3.0 version or earlier. - Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 6.2.1 version or earlier. - Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 6.0.2 version or earlier. - Any NuGet.exe, NuGet.Commands, NuGet.CommandLine, NuGet.Protocol 5.11.2 version or earlier. - Any NuGe...