Headline
RHSA-2023:4640: Red Hat Security Advisory: .NET 6.0 security update
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution.
- CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service.
Synopsis
Important: .NET 6.0 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Security Fix(es):
- dotnet: RCE under dotnet commands (CVE-2023-35390)
- dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6 aarch64
Fixes
- BZ - 2228621 - CVE-2023-38180 dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack
- BZ - 2228622 - CVE-2023-35390 dotnet: RCE under dotnet commands
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
dotnet6.0-6.0.121-1.el8_6.src.rpm
SHA-256: 8e546c68220d358b4c2057eba3dec9668c97e7c5c38e88d2398335c7a3c473de
x86_64
aspnetcore-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 510bb023064d052566590e914421dfddfa6d81f74b7b6070fa147d15c618d901
aspnetcore-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: a6383dbb7d5ee6a3ed3fb446c29d3fc8b6a64dc23e12057a94127f1d65c7a0d3
dotnet-6.0.121-1.el8_6.x86_64.rpm
SHA-256: ac7b7fe4aaba428705e030132ba899dbc923e216ca1c80d0be0f0e337f848a9d
dotnet-apphost-pack-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: a7e478a38e40fe72d2c18a08b7b35172f1f974a73beaee93287df265ebef0a18
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: afa495f2b05d062953c062bf083c186a125e0facf9cf831195d319e296737735
dotnet-host-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 5f2788785c83c7372d92b3c353fc0fd62c201371e1f9585f3d95cb6927480198
dotnet-host-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 0369c2f0242982ee05cc94dd7dd05810e5ab7b056344e7bae6febefe6db9691e
dotnet-hostfxr-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 70e16fbe2f68a9ae16eeb792a895a8661eb7ca13af14387800b583dcef136799
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: c2d4b133d850ed48f05d8bbeb346fc99f542e5eb82d6d6d4ed70c46872a2091c
dotnet-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: dbdbc81028f82fc29d655c03a63699ed96165f35e7c20ec4c5137706e807a7b9
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 23d16ba6e0d46512ffe169ba4f403f3fd56dbe988bdd114a2af8fe750bc5f5a7
dotnet-sdk-6.0-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 4bb0bbd59809b75566dfbabe785d044f983a76839556d416d1353af1119e2512
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 0b74d7db786fb6697a191fa2dd7b425e6ab9036aba7cb58c221e245a02344ae1
dotnet-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: bcdf519359dbcff876199c404c77e9d545a37f33ba1da2b76fad7db5f84ac1ec
dotnet-templates-6.0-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 60da87dddf56e0c8e16ad887667791aa5db4cff85371468e5f0ad3b36fdbed35
dotnet6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 3caf5a8d59c5abdf565c43f27d156166acd43fae289ec2b1656ab59fd9785cd3
dotnet6.0-debugsource-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 4659099826690c9512cccadf383e50662893ef584af1924d82c4da864da0eab7
netstandard-targeting-pack-2.1-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 1ec0e60b1d467964751c24bed9f9d1cd32528929eee5b82451e9383440115f9f
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
dotnet6.0-6.0.121-1.el8_6.src.rpm
SHA-256: 8e546c68220d358b4c2057eba3dec9668c97e7c5c38e88d2398335c7a3c473de
x86_64
aspnetcore-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 510bb023064d052566590e914421dfddfa6d81f74b7b6070fa147d15c618d901
aspnetcore-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: a6383dbb7d5ee6a3ed3fb446c29d3fc8b6a64dc23e12057a94127f1d65c7a0d3
dotnet-6.0.121-1.el8_6.x86_64.rpm
SHA-256: ac7b7fe4aaba428705e030132ba899dbc923e216ca1c80d0be0f0e337f848a9d
dotnet-apphost-pack-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: a7e478a38e40fe72d2c18a08b7b35172f1f974a73beaee93287df265ebef0a18
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: afa495f2b05d062953c062bf083c186a125e0facf9cf831195d319e296737735
dotnet-host-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 5f2788785c83c7372d92b3c353fc0fd62c201371e1f9585f3d95cb6927480198
dotnet-host-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 0369c2f0242982ee05cc94dd7dd05810e5ab7b056344e7bae6febefe6db9691e
dotnet-hostfxr-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 70e16fbe2f68a9ae16eeb792a895a8661eb7ca13af14387800b583dcef136799
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: c2d4b133d850ed48f05d8bbeb346fc99f542e5eb82d6d6d4ed70c46872a2091c
dotnet-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: dbdbc81028f82fc29d655c03a63699ed96165f35e7c20ec4c5137706e807a7b9
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 23d16ba6e0d46512ffe169ba4f403f3fd56dbe988bdd114a2af8fe750bc5f5a7
dotnet-sdk-6.0-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 4bb0bbd59809b75566dfbabe785d044f983a76839556d416d1353af1119e2512
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 0b74d7db786fb6697a191fa2dd7b425e6ab9036aba7cb58c221e245a02344ae1
dotnet-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: bcdf519359dbcff876199c404c77e9d545a37f33ba1da2b76fad7db5f84ac1ec
dotnet-templates-6.0-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 60da87dddf56e0c8e16ad887667791aa5db4cff85371468e5f0ad3b36fdbed35
dotnet6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 3caf5a8d59c5abdf565c43f27d156166acd43fae289ec2b1656ab59fd9785cd3
dotnet6.0-debugsource-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 4659099826690c9512cccadf383e50662893ef584af1924d82c4da864da0eab7
netstandard-targeting-pack-2.1-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 1ec0e60b1d467964751c24bed9f9d1cd32528929eee5b82451e9383440115f9f
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
dotnet6.0-6.0.121-1.el8_6.src.rpm
SHA-256: 8e546c68220d358b4c2057eba3dec9668c97e7c5c38e88d2398335c7a3c473de
s390x
aspnetcore-runtime-6.0-6.0.21-1.el8_6.s390x.rpm
SHA-256: 03bf284488804bb65a30674c73363c2e417456077f1a5c87f3d88fbb3a627bc5
aspnetcore-targeting-pack-6.0-6.0.21-1.el8_6.s390x.rpm
SHA-256: 9cc2a2142a263a06fadaf9788e6bac4e95b53ad2644313980bba560451f3a583
dotnet-6.0.121-1.el8_6.s390x.rpm
SHA-256: 0d89b3908916696ce1912fc3d0281c079c549863b5910f897c6ce6a1e2721153
dotnet-apphost-pack-6.0-6.0.21-1.el8_6.s390x.rpm
SHA-256: b788290dbb7e3448d0d38b75c1f5e12cb546a09e90a7926fcea03be921cbc993
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm
SHA-256: 17027c5b457d513eb0095dd4124b14931b103bf20d40d1ab2f504814577609e6
dotnet-host-6.0.21-1.el8_6.s390x.rpm
SHA-256: 6a0e6ef8f8240bff70d30308069c96ab7cd1505c900c6c7b844bc3100061758a
dotnet-host-debuginfo-6.0.21-1.el8_6.s390x.rpm
SHA-256: bc802d0fcecaffb355e2b272f857433c8278b99c51647e6d63811ca53815e8b3
dotnet-hostfxr-6.0-6.0.21-1.el8_6.s390x.rpm
SHA-256: 86a2ad54d906de3bd95cf4f0078c58c4f59af9f702fa272a07c300ebe7d9af71
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm
SHA-256: f4af8d8f4f67ef8512950d610698d4b730b576cebc1f61f4abe1e4a917c6f459
dotnet-runtime-6.0-6.0.21-1.el8_6.s390x.rpm
SHA-256: 9f64123b8b98fb76d3a8fd4d36edb12b9f70b4994298e014f79b79b64b4dc38a
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm
SHA-256: 0a8411a568f5c74cb6cbe412f47868f61d546d5a5590f81d32e096cfa077bb47
dotnet-sdk-6.0-6.0.121-1.el8_6.s390x.rpm
SHA-256: 4f256274f53eb0eb6611459e42aa633e19d54d536ad1e804eacc83dd09cb8a41
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.s390x.rpm
SHA-256: 3bdb928e9616dfb979185fa1b490fdfd89757fa16a5108a51f0ef4114305f9b1
dotnet-targeting-pack-6.0-6.0.21-1.el8_6.s390x.rpm
SHA-256: e6ccd8e16f7099d25bbfd31fecea6d36c49b02477e1189ed2303b230d1a89e20
dotnet-templates-6.0-6.0.121-1.el8_6.s390x.rpm
SHA-256: e2b73add6f358688d6fbbdf8557df6ed2d80ab11248c7d99039fb32e7748cc8c
dotnet6.0-debuginfo-6.0.121-1.el8_6.s390x.rpm
SHA-256: ca7f4c07d098e81e1298dd679ec5d9c85e3ec959adcc54c28e95ece8be750d35
dotnet6.0-debugsource-6.0.121-1.el8_6.s390x.rpm
SHA-256: 43133019ea5053043d9d28b389244a61c4f5c6e3cd793832d0425fb92075db74
netstandard-targeting-pack-2.1-6.0.121-1.el8_6.s390x.rpm
SHA-256: 90b3b8aba2f234b042cde1d595eba9fd39b63209903f247481a4ff2044cfbf05
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
dotnet6.0-6.0.121-1.el8_6.src.rpm
SHA-256: 8e546c68220d358b4c2057eba3dec9668c97e7c5c38e88d2398335c7a3c473de
x86_64
aspnetcore-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 510bb023064d052566590e914421dfddfa6d81f74b7b6070fa147d15c618d901
aspnetcore-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: a6383dbb7d5ee6a3ed3fb446c29d3fc8b6a64dc23e12057a94127f1d65c7a0d3
dotnet-6.0.121-1.el8_6.x86_64.rpm
SHA-256: ac7b7fe4aaba428705e030132ba899dbc923e216ca1c80d0be0f0e337f848a9d
dotnet-apphost-pack-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: a7e478a38e40fe72d2c18a08b7b35172f1f974a73beaee93287df265ebef0a18
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: afa495f2b05d062953c062bf083c186a125e0facf9cf831195d319e296737735
dotnet-host-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 5f2788785c83c7372d92b3c353fc0fd62c201371e1f9585f3d95cb6927480198
dotnet-host-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 0369c2f0242982ee05cc94dd7dd05810e5ab7b056344e7bae6febefe6db9691e
dotnet-hostfxr-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 70e16fbe2f68a9ae16eeb792a895a8661eb7ca13af14387800b583dcef136799
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: c2d4b133d850ed48f05d8bbeb346fc99f542e5eb82d6d6d4ed70c46872a2091c
dotnet-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: dbdbc81028f82fc29d655c03a63699ed96165f35e7c20ec4c5137706e807a7b9
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 23d16ba6e0d46512ffe169ba4f403f3fd56dbe988bdd114a2af8fe750bc5f5a7
dotnet-sdk-6.0-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 4bb0bbd59809b75566dfbabe785d044f983a76839556d416d1353af1119e2512
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 0b74d7db786fb6697a191fa2dd7b425e6ab9036aba7cb58c221e245a02344ae1
dotnet-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: bcdf519359dbcff876199c404c77e9d545a37f33ba1da2b76fad7db5f84ac1ec
dotnet-templates-6.0-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 60da87dddf56e0c8e16ad887667791aa5db4cff85371468e5f0ad3b36fdbed35
dotnet6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 3caf5a8d59c5abdf565c43f27d156166acd43fae289ec2b1656ab59fd9785cd3
dotnet6.0-debugsource-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 4659099826690c9512cccadf383e50662893ef584af1924d82c4da864da0eab7
netstandard-targeting-pack-2.1-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 1ec0e60b1d467964751c24bed9f9d1cd32528929eee5b82451e9383440115f9f
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
dotnet6.0-6.0.121-1.el8_6.src.rpm
SHA-256: 8e546c68220d358b4c2057eba3dec9668c97e7c5c38e88d2398335c7a3c473de
aarch64
aspnetcore-runtime-6.0-6.0.21-1.el8_6.aarch64.rpm
SHA-256: 0472375f2b994d6c2706b20dad78b14a155f0d58fbad2818b2a2110dc77f3903
aspnetcore-targeting-pack-6.0-6.0.21-1.el8_6.aarch64.rpm
SHA-256: e2c51df7d08536918f4567c56ce81534d7ce489e5e2d4942fb6b77bf5e5414aa
dotnet-6.0.121-1.el8_6.aarch64.rpm
SHA-256: af1463488e9cb5f940997604a2e4138bfd469c2d2b242b3be500f7a1a7b37641
dotnet-apphost-pack-6.0-6.0.21-1.el8_6.aarch64.rpm
SHA-256: 4acf4c8a751457f896628fbc7c29d7539b4f56068b5113e5b51eeb6de6150470
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm
SHA-256: 72bcafc6085c0825c33c2d37cfbc6b97a1881bff9d09ad96f9c3a1bbb63a02b2
dotnet-host-6.0.21-1.el8_6.aarch64.rpm
SHA-256: a9660d07a19c7d25ccd25e93bcaa0c07dacb043b82280d7d0873811064dc807b
dotnet-host-debuginfo-6.0.21-1.el8_6.aarch64.rpm
SHA-256: 424e3b6f85f3dc3b76511fac36728554fcb1da750e95b93b6ea1d491cf3d0ab6
dotnet-hostfxr-6.0-6.0.21-1.el8_6.aarch64.rpm
SHA-256: adbcefead1dec7b3d5765ceec6291409b4c8fd11b7bb1e5914577ef5ffdc5c4c
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm
SHA-256: ed9dc8862d6fe8cd23f02a8a59d60536474422ca214c29aa3064be9d0248dc2f
dotnet-runtime-6.0-6.0.21-1.el8_6.aarch64.rpm
SHA-256: 460df4b86f51d483aee2bf5a73e566d2039d542a8641e52cd60bcc326a5ed391
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm
SHA-256: efdf45c2eef9911583ddd4ada53ee53c3d1e7ffe587f788ef10907a048d6e8d9
dotnet-sdk-6.0-6.0.121-1.el8_6.aarch64.rpm
SHA-256: e0e5c0759ee1c0106405296eba8a5802634e3ff746abede16ac3dbdf51c37c00
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.aarch64.rpm
SHA-256: 9ab3f230b2a6efa1766d60ee7aaf8cf2622e84c657052df32b544e04cb168901
dotnet-targeting-pack-6.0-6.0.21-1.el8_6.aarch64.rpm
SHA-256: 87adfb2fefbfefc455c332a22942b31988158d0975e53bd94aeed6c333301019
dotnet-templates-6.0-6.0.121-1.el8_6.aarch64.rpm
SHA-256: 5d79ace56de6a7cf80ffbea48441d9a74ce15dea73011fd9860e184ac83375bb
dotnet6.0-debuginfo-6.0.121-1.el8_6.aarch64.rpm
SHA-256: 398d479177e9999baa7cc30c11151f374f651a650e98c383d065f1054c0b808a
dotnet6.0-debugsource-6.0.121-1.el8_6.aarch64.rpm
SHA-256: 31d98555da6cfc19602aacb9fac322f77fd3dcd6200f0bfcca87c73d5beb425c
netstandard-targeting-pack-2.1-6.0.121-1.el8_6.aarch64.rpm
SHA-256: a622e2f074b92f8e5eff7c747ddf93321577aaeeee4031b4ea0d49c7b52d625b
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
dotnet6.0-6.0.121-1.el8_6.src.rpm
SHA-256: 8e546c68220d358b4c2057eba3dec9668c97e7c5c38e88d2398335c7a3c473de
x86_64
aspnetcore-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 510bb023064d052566590e914421dfddfa6d81f74b7b6070fa147d15c618d901
aspnetcore-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: a6383dbb7d5ee6a3ed3fb446c29d3fc8b6a64dc23e12057a94127f1d65c7a0d3
dotnet-6.0.121-1.el8_6.x86_64.rpm
SHA-256: ac7b7fe4aaba428705e030132ba899dbc923e216ca1c80d0be0f0e337f848a9d
dotnet-apphost-pack-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: a7e478a38e40fe72d2c18a08b7b35172f1f974a73beaee93287df265ebef0a18
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: afa495f2b05d062953c062bf083c186a125e0facf9cf831195d319e296737735
dotnet-host-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 5f2788785c83c7372d92b3c353fc0fd62c201371e1f9585f3d95cb6927480198
dotnet-host-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 0369c2f0242982ee05cc94dd7dd05810e5ab7b056344e7bae6febefe6db9691e
dotnet-hostfxr-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 70e16fbe2f68a9ae16eeb792a895a8661eb7ca13af14387800b583dcef136799
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: c2d4b133d850ed48f05d8bbeb346fc99f542e5eb82d6d6d4ed70c46872a2091c
dotnet-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: dbdbc81028f82fc29d655c03a63699ed96165f35e7c20ec4c5137706e807a7b9
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 23d16ba6e0d46512ffe169ba4f403f3fd56dbe988bdd114a2af8fe750bc5f5a7
dotnet-sdk-6.0-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 4bb0bbd59809b75566dfbabe785d044f983a76839556d416d1353af1119e2512
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 0b74d7db786fb6697a191fa2dd7b425e6ab9036aba7cb58c221e245a02344ae1
dotnet-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm
SHA-256: bcdf519359dbcff876199c404c77e9d545a37f33ba1da2b76fad7db5f84ac1ec
dotnet-templates-6.0-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 60da87dddf56e0c8e16ad887667791aa5db4cff85371468e5f0ad3b36fdbed35
dotnet6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 3caf5a8d59c5abdf565c43f27d156166acd43fae289ec2b1656ab59fd9785cd3
dotnet6.0-debugsource-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 4659099826690c9512cccadf383e50662893ef584af1924d82c4da864da0eab7
netstandard-targeting-pack-2.1-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 1ec0e60b1d467964751c24bed9f9d1cd32528929eee5b82451e9383440115f9f
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6
SRPM
x86_64
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: afa495f2b05d062953c062bf083c186a125e0facf9cf831195d319e296737735
dotnet-host-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 0369c2f0242982ee05cc94dd7dd05810e5ab7b056344e7bae6febefe6db9691e
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: c2d4b133d850ed48f05d8bbeb346fc99f542e5eb82d6d6d4ed70c46872a2091c
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm
SHA-256: 23d16ba6e0d46512ffe169ba4f403f3fd56dbe988bdd114a2af8fe750bc5f5a7
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 0b74d7db786fb6697a191fa2dd7b425e6ab9036aba7cb58c221e245a02344ae1
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el8_6.x86_64.rpm
SHA-256: a64ac65f957c84379f6f4f63e842f0bb2240bd22792e212f5f3c78bc59fd639c
dotnet6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 3caf5a8d59c5abdf565c43f27d156166acd43fae289ec2b1656ab59fd9785cd3
dotnet6.0-debugsource-6.0.121-1.el8_6.x86_64.rpm
SHA-256: 4659099826690c9512cccadf383e50662893ef584af1924d82c4da864da0eab7
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6
SRPM
s390x
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm
SHA-256: 17027c5b457d513eb0095dd4124b14931b103bf20d40d1ab2f504814577609e6
dotnet-host-debuginfo-6.0.21-1.el8_6.s390x.rpm
SHA-256: bc802d0fcecaffb355e2b272f857433c8278b99c51647e6d63811ca53815e8b3
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm
SHA-256: f4af8d8f4f67ef8512950d610698d4b730b576cebc1f61f4abe1e4a917c6f459
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm
SHA-256: 0a8411a568f5c74cb6cbe412f47868f61d546d5a5590f81d32e096cfa077bb47
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.s390x.rpm
SHA-256: 3bdb928e9616dfb979185fa1b490fdfd89757fa16a5108a51f0ef4114305f9b1
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el8_6.s390x.rpm
SHA-256: 30e1963b851247d98b5abf15cf3f98e22e8bdef0e53996e699882b87b7d24e5c
dotnet6.0-debuginfo-6.0.121-1.el8_6.s390x.rpm
SHA-256: ca7f4c07d098e81e1298dd679ec5d9c85e3ec959adcc54c28e95ece8be750d35
dotnet6.0-debugsource-6.0.121-1.el8_6.s390x.rpm
SHA-256: 43133019ea5053043d9d28b389244a61c4f5c6e3cd793832d0425fb92075db74
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6
SRPM
aarch64
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm
SHA-256: 72bcafc6085c0825c33c2d37cfbc6b97a1881bff9d09ad96f9c3a1bbb63a02b2
dotnet-host-debuginfo-6.0.21-1.el8_6.aarch64.rpm
SHA-256: 424e3b6f85f3dc3b76511fac36728554fcb1da750e95b93b6ea1d491cf3d0ab6
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm
SHA-256: ed9dc8862d6fe8cd23f02a8a59d60536474422ca214c29aa3064be9d0248dc2f
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm
SHA-256: efdf45c2eef9911583ddd4ada53ee53c3d1e7ffe587f788ef10907a048d6e8d9
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.aarch64.rpm
SHA-256: 9ab3f230b2a6efa1766d60ee7aaf8cf2622e84c657052df32b544e04cb168901
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el8_6.aarch64.rpm
SHA-256: 0eaf6372d66a2be7c4b7811e531f8a09ba37a9832901464c95ed0721cc418afe
dotnet6.0-debuginfo-6.0.121-1.el8_6.aarch64.rpm
SHA-256: 398d479177e9999baa7cc30c11151f374f651a650e98c383d065f1054c0b808a
dotnet6.0-debugsource-6.0.121-1.el8_6.aarch64.rpm
SHA-256: 31d98555da6cfc19602aacb9fac322f77fd3dcd6200f0bfcca87c73d5beb425c
Related news
Hello everyone! This month I decided NOT to make an episode completely dedicated to Microsoft Patch Tuesday. Instead, this episode will be an answer to the question of how my Vulnerability Management month went. A retrospection of some kind. Alternative video link (for Russia): https://vk.com/video-149273431_456239134 GitHub exploits and Vulristics This month I made some improvements […]
Red Hat Security Advisory 2023-4640-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4645-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4643-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4639-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4642-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4644-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4641-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Issues addressed include a denial of service vulnerability.
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. * CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially...
Ubuntu Security Notice 6278-2 - USN-6278-1 fixed several vulnerabilities in .NET. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that .NET did properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution.
Ubuntu Security Notice 6278-2 - USN-6278-1 fixed several vulnerabilities in .NET. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that .NET did properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft's .NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-38180 (CVSS score: 7.5), the high-severity flaw relates to a case denial-of-service (DoS) impacting .NET and Visual Studio. It
Categories: Exploits and vulnerabilities Categories: News Microsoft has announced patches for 87 vulnerabilities this month, including two that are being actively exploited. (Read more...) The post August Patch Tuesday stops actively exploited attack chain and more appeared first on Malwarebytes Labs.
Ubuntu Security Notice 6278-1 - It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6278-1 - It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service.
# Microsoft Security Advisory CVE-2023-35390: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists when some dotnet commands are used in directories with weaker permissions which can result in remote code execution. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/266 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0.1xx SDK 7.0.109 or earlier. * Any .NET 7.0.3xx SDK 7.0.306 or earlier. * Any .NET 6.0.1xx SDK 6.0.120 or earlier. * Any .NET 6.0.3xx SDK 6.0.315 or earlier. * A...
# Microsoft Security Advisory CVE-2023-38180: .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1, .NET 6.0, and .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in Kestrel where, on detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/269 ### <a name="mitigation-factors"></a>Mitigation factors If your application is running behind a reverse proxy, or Web Application Firewall, which has its own mitigations against HTTP based attacks this issue may be mitigated by the proxy or WAF ## <a name="affected-software"></a>Affected software * Any .NET 7.0 applicat...
Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System
Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including a patch that addresses multiple zero-day vulnerabilities currently being exploited in the wild.
The only vulnerability Microsoft states is being exploited in the wild is CVE-2023-38180, a denial-of-service vulnerability in .NET and Microsoft Visual Studio.
.NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability