Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:0830: Red Hat Security Advisory: .NET 5.0 security and bugfix update

An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2020-8927: brotli: buffer overflow when input chunk is larger than 2GiB
  • CVE-2022-24464: dotnet: ASP.NET Denial of Service via FormPipeReader
  • CVE-2022-24512: dotnet: double parser stack buffer overrun
Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#dos#nodejs#js#java#kubernetes

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Red Hat Customer Portal

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

发布:

2022-03-10

已更新:

2022-03-10

RHSA-2022:0830 - Security Advisory

  • 概述
  • 更新的软件包

概述

Important: .NET 5.0 security and bugfix update

类型/严重性

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

标题

An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

描述

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.212 and .NET Runtime 5.0.15.

Security Fix(es):

  • dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
  • dotnet: double parser stack buffer overrun (CVE-2022-24512)
  • brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

受影响的产品

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64

修复

  • BZ - 1879225 - CVE-2020-8927 brotli: buffer overflow when input chunk is larger than 2GiB
  • BZ - 2061847 - CVE-2022-24464 dotnet: ASP.NET Denial of Service via FormPipeReader
  • BZ - 2061854 - CVE-2022-24512 dotnet: double parser stack buffer overrun

CVE

  • CVE-2020-8927
  • CVE-2022-24464
  • CVE-2022-24512

参考

  • https://access.redhat.com/security/updates/classification/#important

Red Hat Enterprise Linux for x86_64 8

SRPM

dotnet5.0-5.0.212-1.el8_5.src.rpm

SHA-256: 6b3aaac728b9a4b0fb1ac086e87d87413c1815bfb4906932f6b75627ce2ecc77

x86_64

aspnetcore-runtime-5.0-5.0.15-1.el8_5.x86_64.rpm

SHA-256: 1154c426e05d6454815248b0bbc07c0860b4e1f33b4171de175d6389666d5465

aspnetcore-targeting-pack-5.0-5.0.15-1.el8_5.x86_64.rpm

SHA-256: ffa92fdcf7a9f6833e0f689734545e68c0621db90c4254d0d8cd3c6dee802fa8

dotnet-apphost-pack-5.0-5.0.15-1.el8_5.x86_64.rpm

SHA-256: 455e25c7b4ec51a98d423fb56f700b2a48e2c42c8c1cd281cac071e1fee308cd

dotnet-apphost-pack-5.0-debuginfo-5.0.15-1.el8_5.x86_64.rpm

SHA-256: ef7b543f4eb396259f249c3538590439deb66ca407d4833051130b469868c80d

dotnet-hostfxr-5.0-5.0.15-1.el8_5.x86_64.rpm

SHA-256: 3deb20256a2f601d1bd1d97bf10001b0a52382c8114fe5c7838127861bb6bab3

dotnet-hostfxr-5.0-debuginfo-5.0.15-1.el8_5.x86_64.rpm

SHA-256: 67805a5417325198277ab8607efbec997d844049472049cb95f1ce5e93d998c9

dotnet-runtime-5.0-5.0.15-1.el8_5.x86_64.rpm

SHA-256: 04c80691435b7ceea3c7d21972d27ec3bd9d26b4583da211c9a3f7352c90fc12

dotnet-runtime-5.0-debuginfo-5.0.15-1.el8_5.x86_64.rpm

SHA-256: 1569446fdb4fc394c02b4d5a2294d88c157597df33672e3f5cd4055ac7f9eddf

dotnet-sdk-5.0-5.0.212-1.el8_5.x86_64.rpm

SHA-256: e51fda8f9e4844ea08d385937274c98b91daee4975039feb1d491598edfcd391

dotnet-sdk-5.0-debuginfo-5.0.212-1.el8_5.x86_64.rpm

SHA-256: 6fc4ac437a3339980ed3010001fc76da8497c3f9740939a0c0e6c7df9cd4e24d

dotnet-targeting-pack-5.0-5.0.15-1.el8_5.x86_64.rpm

SHA-256: 38c78aceb965295d553d0dfe1c92248c6f1864b3e3ab541baa3563a9fc343ffc

dotnet-templates-5.0-5.0.212-1.el8_5.x86_64.rpm

SHA-256: 01308b78e35cc2692f2a523057a7284fb9799aa6f0087b9e8275363c27b1a73f

dotnet5.0-debuginfo-5.0.212-1.el8_5.x86_64.rpm

SHA-256: e2a788d742793efc66d5fad9f1603f950b3a218bdaef28232d2dce2fdea3c390

dotnet5.0-debugsource-5.0.212-1.el8_5.x86_64.rpm

SHA-256: 9a1214a980f4c428b62e1b2af32887bffe787679fea8591d094c9cf4cb65615f

Red Hat CodeReady Linux Builder for x86_64 8

SRPM

x86_64

dotnet-apphost-pack-5.0-debuginfo-5.0.15-1.el8_5.x86_64.rpm

SHA-256: ef7b543f4eb396259f249c3538590439deb66ca407d4833051130b469868c80d

dotnet-hostfxr-5.0-debuginfo-5.0.15-1.el8_5.x86_64.rpm

SHA-256: 67805a5417325198277ab8607efbec997d844049472049cb95f1ce5e93d998c9

dotnet-runtime-5.0-debuginfo-5.0.15-1.el8_5.x86_64.rpm

SHA-256: 1569446fdb4fc394c02b4d5a2294d88c157597df33672e3f5cd4055ac7f9eddf

dotnet-sdk-5.0-debuginfo-5.0.212-1.el8_5.x86_64.rpm

SHA-256: 6fc4ac437a3339980ed3010001fc76da8497c3f9740939a0c0e6c7df9cd4e24d

dotnet-sdk-5.0-source-built-artifacts-5.0.212-1.el8_5.x86_64.rpm

SHA-256: 3a418e6320a2c4494c009e37bffb200c2cb7f99214cb0aa69b8b00f4fe0c97eb

dotnet5.0-debuginfo-5.0.212-1.el8_5.x86_64.rpm

SHA-256: e2a788d742793efc66d5fad9f1603f950b3a218bdaef28232d2dce2fdea3c390

dotnet5.0-debugsource-5.0.212-1.el8_5.x86_64.rpm

SHA-256: 9a1214a980f4c428b62e1b2af32887bffe787679fea8591d094c9cf4cb65615f

Red Hat 安全团队联络方式为 [email protected]。 更多联络细节请参考 https://access.redhat.com/security/team/contact/。

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data