Headline
RHSA-2022:6057: Red Hat Security Advisory: .NET Core 3.1 security, bug fix, and enhancement update
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-34716: dotnet: External Entity Injection during XML signature verification
Synopsis
Moderate: .NET Core 3.1 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.
Security Fix(es):
- dotnet: External Entity Injection during XML signature verification (CVE-2022-34716)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
- Red Hat CodeReady Linux Builder for x86_64 8 x86_64
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
Fixes
- BZ - 2115183 - CVE-2022-34716 dotnet: External Entity Injection during XML signature verification
Red Hat Enterprise Linux for x86_64 8
SRPM
dotnet3.1-3.1.422-1.el8_6.src.rpm
SHA-256: e44f5f1313a3bfdcfc68d7696be3465f9d1aeb9b29d71cd4e5aa146b8d30cdc6
x86_64
aspnetcore-runtime-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 8cf2aba3c2fad688115e5dbbaa0ff5a1a0bd8f277cd918121a4c1ea8289d2765
aspnetcore-targeting-pack-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 09598bf73fc04267f1bbb0616a0391ebd842f62930100ec0f5088201f85c6644
dotnet-apphost-pack-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: b81cc0cf39d23ccb110eb95f6cb5f4ea1ec9a4e0b697bbabd2cfe6d5c3654972
dotnet-apphost-pack-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 3b9b578f27fc353d0cdb83e51e1b4bb4dc1495ed5a7b4b66daf2f76cdfb6a421
dotnet-hostfxr-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: e269c734114e37812bf9fcace3c944662ec683d8bd4bd278bfae3cccb89fe53d
dotnet-hostfxr-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 0575bea7d62e39c0af00ce492b1e9a3a848b8425fa1c6f05d11de6c22f3e9367
dotnet-runtime-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 0479b27741878242a16cc02d5e606b0549e29021d1bde6d9e7cd9719604f325a
dotnet-runtime-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 9c416991ebc743c5964675cc7c01b015589d6bbd2c2ae6f350a506eea82abebd
dotnet-sdk-3.1-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 842d4c5dd472433a6a66e8588ca83f47a9800ab1db1973fc0af9339d119ec570
dotnet-sdk-3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm
SHA-256: dfc3316417d9b574c56aa0c8a761fde0cebdf79fe2b0f4bd8b52cc35c71006c5
dotnet-targeting-pack-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 80abd470dcdcb1052532eecc9c2ccee93654e9ee61ff5860ea7251d4474fb67a
dotnet-templates-3.1-3.1.422-1.el8_6.x86_64.rpm
SHA-256: e46a3efc717834757ad2389987f9432e4ab2b541a18d9dc890dfb06ff8182510
dotnet3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 273d3782033c845a367c66b383dc77f831c3676984901801db0e6a208000127c
dotnet3.1-debugsource-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 9dc04ffb13745c08db97ee231358c5382b576b8592741258dea9fd6cd83cae86
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
dotnet3.1-3.1.422-1.el8_6.src.rpm
SHA-256: e44f5f1313a3bfdcfc68d7696be3465f9d1aeb9b29d71cd4e5aa146b8d30cdc6
x86_64
aspnetcore-runtime-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 8cf2aba3c2fad688115e5dbbaa0ff5a1a0bd8f277cd918121a4c1ea8289d2765
aspnetcore-targeting-pack-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 09598bf73fc04267f1bbb0616a0391ebd842f62930100ec0f5088201f85c6644
dotnet-apphost-pack-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: b81cc0cf39d23ccb110eb95f6cb5f4ea1ec9a4e0b697bbabd2cfe6d5c3654972
dotnet-apphost-pack-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 3b9b578f27fc353d0cdb83e51e1b4bb4dc1495ed5a7b4b66daf2f76cdfb6a421
dotnet-hostfxr-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: e269c734114e37812bf9fcace3c944662ec683d8bd4bd278bfae3cccb89fe53d
dotnet-hostfxr-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 0575bea7d62e39c0af00ce492b1e9a3a848b8425fa1c6f05d11de6c22f3e9367
dotnet-runtime-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 0479b27741878242a16cc02d5e606b0549e29021d1bde6d9e7cd9719604f325a
dotnet-runtime-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 9c416991ebc743c5964675cc7c01b015589d6bbd2c2ae6f350a506eea82abebd
dotnet-sdk-3.1-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 842d4c5dd472433a6a66e8588ca83f47a9800ab1db1973fc0af9339d119ec570
dotnet-sdk-3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm
SHA-256: dfc3316417d9b574c56aa0c8a761fde0cebdf79fe2b0f4bd8b52cc35c71006c5
dotnet-targeting-pack-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 80abd470dcdcb1052532eecc9c2ccee93654e9ee61ff5860ea7251d4474fb67a
dotnet-templates-3.1-3.1.422-1.el8_6.x86_64.rpm
SHA-256: e46a3efc717834757ad2389987f9432e4ab2b541a18d9dc890dfb06ff8182510
dotnet3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 273d3782033c845a367c66b383dc77f831c3676984901801db0e6a208000127c
dotnet3.1-debugsource-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 9dc04ffb13745c08db97ee231358c5382b576b8592741258dea9fd6cd83cae86
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
dotnet3.1-3.1.422-1.el8_6.src.rpm
SHA-256: e44f5f1313a3bfdcfc68d7696be3465f9d1aeb9b29d71cd4e5aa146b8d30cdc6
x86_64
aspnetcore-runtime-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 8cf2aba3c2fad688115e5dbbaa0ff5a1a0bd8f277cd918121a4c1ea8289d2765
aspnetcore-targeting-pack-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 09598bf73fc04267f1bbb0616a0391ebd842f62930100ec0f5088201f85c6644
dotnet-apphost-pack-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: b81cc0cf39d23ccb110eb95f6cb5f4ea1ec9a4e0b697bbabd2cfe6d5c3654972
dotnet-apphost-pack-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 3b9b578f27fc353d0cdb83e51e1b4bb4dc1495ed5a7b4b66daf2f76cdfb6a421
dotnet-hostfxr-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: e269c734114e37812bf9fcace3c944662ec683d8bd4bd278bfae3cccb89fe53d
dotnet-hostfxr-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 0575bea7d62e39c0af00ce492b1e9a3a848b8425fa1c6f05d11de6c22f3e9367
dotnet-runtime-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 0479b27741878242a16cc02d5e606b0549e29021d1bde6d9e7cd9719604f325a
dotnet-runtime-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 9c416991ebc743c5964675cc7c01b015589d6bbd2c2ae6f350a506eea82abebd
dotnet-sdk-3.1-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 842d4c5dd472433a6a66e8588ca83f47a9800ab1db1973fc0af9339d119ec570
dotnet-sdk-3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm
SHA-256: dfc3316417d9b574c56aa0c8a761fde0cebdf79fe2b0f4bd8b52cc35c71006c5
dotnet-targeting-pack-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 80abd470dcdcb1052532eecc9c2ccee93654e9ee61ff5860ea7251d4474fb67a
dotnet-templates-3.1-3.1.422-1.el8_6.x86_64.rpm
SHA-256: e46a3efc717834757ad2389987f9432e4ab2b541a18d9dc890dfb06ff8182510
dotnet3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 273d3782033c845a367c66b383dc77f831c3676984901801db0e6a208000127c
dotnet3.1-debugsource-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 9dc04ffb13745c08db97ee231358c5382b576b8592741258dea9fd6cd83cae86
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
dotnet3.1-3.1.422-1.el8_6.src.rpm
SHA-256: e44f5f1313a3bfdcfc68d7696be3465f9d1aeb9b29d71cd4e5aa146b8d30cdc6
x86_64
aspnetcore-runtime-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 8cf2aba3c2fad688115e5dbbaa0ff5a1a0bd8f277cd918121a4c1ea8289d2765
aspnetcore-targeting-pack-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 09598bf73fc04267f1bbb0616a0391ebd842f62930100ec0f5088201f85c6644
dotnet-apphost-pack-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: b81cc0cf39d23ccb110eb95f6cb5f4ea1ec9a4e0b697bbabd2cfe6d5c3654972
dotnet-apphost-pack-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 3b9b578f27fc353d0cdb83e51e1b4bb4dc1495ed5a7b4b66daf2f76cdfb6a421
dotnet-hostfxr-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: e269c734114e37812bf9fcace3c944662ec683d8bd4bd278bfae3cccb89fe53d
dotnet-hostfxr-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 0575bea7d62e39c0af00ce492b1e9a3a848b8425fa1c6f05d11de6c22f3e9367
dotnet-runtime-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 0479b27741878242a16cc02d5e606b0549e29021d1bde6d9e7cd9719604f325a
dotnet-runtime-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 9c416991ebc743c5964675cc7c01b015589d6bbd2c2ae6f350a506eea82abebd
dotnet-sdk-3.1-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 842d4c5dd472433a6a66e8588ca83f47a9800ab1db1973fc0af9339d119ec570
dotnet-sdk-3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm
SHA-256: dfc3316417d9b574c56aa0c8a761fde0cebdf79fe2b0f4bd8b52cc35c71006c5
dotnet-targeting-pack-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 80abd470dcdcb1052532eecc9c2ccee93654e9ee61ff5860ea7251d4474fb67a
dotnet-templates-3.1-3.1.422-1.el8_6.x86_64.rpm
SHA-256: e46a3efc717834757ad2389987f9432e4ab2b541a18d9dc890dfb06ff8182510
dotnet3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 273d3782033c845a367c66b383dc77f831c3676984901801db0e6a208000127c
dotnet3.1-debugsource-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 9dc04ffb13745c08db97ee231358c5382b576b8592741258dea9fd6cd83cae86
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
dotnet3.1-3.1.422-1.el8_6.src.rpm
SHA-256: e44f5f1313a3bfdcfc68d7696be3465f9d1aeb9b29d71cd4e5aa146b8d30cdc6
x86_64
aspnetcore-runtime-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 8cf2aba3c2fad688115e5dbbaa0ff5a1a0bd8f277cd918121a4c1ea8289d2765
aspnetcore-targeting-pack-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 09598bf73fc04267f1bbb0616a0391ebd842f62930100ec0f5088201f85c6644
dotnet-apphost-pack-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: b81cc0cf39d23ccb110eb95f6cb5f4ea1ec9a4e0b697bbabd2cfe6d5c3654972
dotnet-apphost-pack-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 3b9b578f27fc353d0cdb83e51e1b4bb4dc1495ed5a7b4b66daf2f76cdfb6a421
dotnet-hostfxr-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: e269c734114e37812bf9fcace3c944662ec683d8bd4bd278bfae3cccb89fe53d
dotnet-hostfxr-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 0575bea7d62e39c0af00ce492b1e9a3a848b8425fa1c6f05d11de6c22f3e9367
dotnet-runtime-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 0479b27741878242a16cc02d5e606b0549e29021d1bde6d9e7cd9719604f325a
dotnet-runtime-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 9c416991ebc743c5964675cc7c01b015589d6bbd2c2ae6f350a506eea82abebd
dotnet-sdk-3.1-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 842d4c5dd472433a6a66e8588ca83f47a9800ab1db1973fc0af9339d119ec570
dotnet-sdk-3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm
SHA-256: dfc3316417d9b574c56aa0c8a761fde0cebdf79fe2b0f4bd8b52cc35c71006c5
dotnet-targeting-pack-3.1-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 80abd470dcdcb1052532eecc9c2ccee93654e9ee61ff5860ea7251d4474fb67a
dotnet-templates-3.1-3.1.422-1.el8_6.x86_64.rpm
SHA-256: e46a3efc717834757ad2389987f9432e4ab2b541a18d9dc890dfb06ff8182510
dotnet3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 273d3782033c845a367c66b383dc77f831c3676984901801db0e6a208000127c
dotnet3.1-debugsource-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 9dc04ffb13745c08db97ee231358c5382b576b8592741258dea9fd6cd83cae86
Red Hat CodeReady Linux Builder for x86_64 8
SRPM
x86_64
dotnet-apphost-pack-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 3b9b578f27fc353d0cdb83e51e1b4bb4dc1495ed5a7b4b66daf2f76cdfb6a421
dotnet-hostfxr-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 0575bea7d62e39c0af00ce492b1e9a3a848b8425fa1c6f05d11de6c22f3e9367
dotnet-runtime-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 9c416991ebc743c5964675cc7c01b015589d6bbd2c2ae6f350a506eea82abebd
dotnet-sdk-3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm
SHA-256: dfc3316417d9b574c56aa0c8a761fde0cebdf79fe2b0f4bd8b52cc35c71006c5
dotnet-sdk-3.1-source-built-artifacts-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 4432ce3da1ed7d0367c9214daf57b32ed0bfceb06ee6509240b9292a8fc807d8
dotnet3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 273d3782033c845a367c66b383dc77f831c3676984901801db0e6a208000127c
dotnet3.1-debugsource-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 9dc04ffb13745c08db97ee231358c5382b576b8592741258dea9fd6cd83cae86
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6
SRPM
x86_64
dotnet-apphost-pack-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 3b9b578f27fc353d0cdb83e51e1b4bb4dc1495ed5a7b4b66daf2f76cdfb6a421
dotnet-hostfxr-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 0575bea7d62e39c0af00ce492b1e9a3a848b8425fa1c6f05d11de6c22f3e9367
dotnet-runtime-3.1-debuginfo-3.1.28-1.el8_6.x86_64.rpm
SHA-256: 9c416991ebc743c5964675cc7c01b015589d6bbd2c2ae6f350a506eea82abebd
dotnet-sdk-3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm
SHA-256: dfc3316417d9b574c56aa0c8a761fde0cebdf79fe2b0f4bd8b52cc35c71006c5
dotnet-sdk-3.1-source-built-artifacts-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 4432ce3da1ed7d0367c9214daf57b32ed0bfceb06ee6509240b9292a8fc807d8
dotnet3.1-debuginfo-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 273d3782033c845a367c66b383dc77f831c3676984901801db0e6a208000127c
dotnet3.1-debugsource-3.1.422-1.el8_6.x86_64.rpm
SHA-256: 9dc04ffb13745c08db97ee231358c5382b576b8592741258dea9fd6cd83cae86
Related news
Red Hat Security Advisory 2022-6057-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.
Red Hat Security Advisory 2022-6058-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.108 and .NET Runtime 6.0.8.
Red Hat Security Advisory 2022-6043-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.108 and .NET Runtime 6.0.8.
Red Hat Security Advisory 2022-6038-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Red Hat Security Advisory 2022-6037-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-34716: dotnet: External Entity Injection during XML signature verification
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-34716: dotnet: External Entity Injection during XML signature verification
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-34716: dotnet: External Entity Injection during XML signature verification
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information. ## Affected software * Any .NET 6.0 application running on .NET 6.0.7 or earlier. * Any .NET Core 3.1 applicaiton running on .NET Core 3.1.27 or earlier. ## Patches * If you're using .NET 6.0, you should download and install Runtime 6.0.8 or SDK 6.0.108 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0. * If you're using .NET Core 3.1, you should download and install Runtime 3.1.28 (for Visual Studio 2019 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1.