Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4640: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution.
  • CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service.
Red Hat Security Data
Open in Source
#vulnerability#linux#red_hat#dos#rce#ibm#sap

Synopsis

Important: .NET 6.0 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

Security Fix(es):

  • dotnet: RCE under dotnet commands (CVE-2023-35390)
  • dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6 aarch64

Fixes

  • BZ - 2228621 - CVE-2023-38180 dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack
  • BZ - 2228622 - CVE-2023-35390 dotnet: RCE under dotnet commands

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM

dotnet6.0-6.0.121-1.el8_6.src.rpm

SHA-256: 8e546c68220d358b4c2057eba3dec9668c97e7c5c38e88d2398335c7a3c473de

x86_64

aspnetcore-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 510bb023064d052566590e914421dfddfa6d81f74b7b6070fa147d15c618d901

aspnetcore-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: a6383dbb7d5ee6a3ed3fb446c29d3fc8b6a64dc23e12057a94127f1d65c7a0d3

dotnet-6.0.121-1.el8_6.x86_64.rpm

SHA-256: ac7b7fe4aaba428705e030132ba899dbc923e216ca1c80d0be0f0e337f848a9d

dotnet-apphost-pack-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: a7e478a38e40fe72d2c18a08b7b35172f1f974a73beaee93287df265ebef0a18

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: afa495f2b05d062953c062bf083c186a125e0facf9cf831195d319e296737735

dotnet-host-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 5f2788785c83c7372d92b3c353fc0fd62c201371e1f9585f3d95cb6927480198

dotnet-host-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 0369c2f0242982ee05cc94dd7dd05810e5ab7b056344e7bae6febefe6db9691e

dotnet-hostfxr-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 70e16fbe2f68a9ae16eeb792a895a8661eb7ca13af14387800b583dcef136799

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: c2d4b133d850ed48f05d8bbeb346fc99f542e5eb82d6d6d4ed70c46872a2091c

dotnet-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: dbdbc81028f82fc29d655c03a63699ed96165f35e7c20ec4c5137706e807a7b9

dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 23d16ba6e0d46512ffe169ba4f403f3fd56dbe988bdd114a2af8fe750bc5f5a7

dotnet-sdk-6.0-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 4bb0bbd59809b75566dfbabe785d044f983a76839556d416d1353af1119e2512

dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 0b74d7db786fb6697a191fa2dd7b425e6ab9036aba7cb58c221e245a02344ae1

dotnet-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: bcdf519359dbcff876199c404c77e9d545a37f33ba1da2b76fad7db5f84ac1ec

dotnet-templates-6.0-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 60da87dddf56e0c8e16ad887667791aa5db4cff85371468e5f0ad3b36fdbed35

dotnet6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 3caf5a8d59c5abdf565c43f27d156166acd43fae289ec2b1656ab59fd9785cd3

dotnet6.0-debugsource-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 4659099826690c9512cccadf383e50662893ef584af1924d82c4da864da0eab7

netstandard-targeting-pack-2.1-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 1ec0e60b1d467964751c24bed9f9d1cd32528929eee5b82451e9383440115f9f

Red Hat Enterprise Linux Server - AUS 8.6

SRPM

dotnet6.0-6.0.121-1.el8_6.src.rpm

SHA-256: 8e546c68220d358b4c2057eba3dec9668c97e7c5c38e88d2398335c7a3c473de

x86_64

aspnetcore-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 510bb023064d052566590e914421dfddfa6d81f74b7b6070fa147d15c618d901

aspnetcore-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: a6383dbb7d5ee6a3ed3fb446c29d3fc8b6a64dc23e12057a94127f1d65c7a0d3

dotnet-6.0.121-1.el8_6.x86_64.rpm

SHA-256: ac7b7fe4aaba428705e030132ba899dbc923e216ca1c80d0be0f0e337f848a9d

dotnet-apphost-pack-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: a7e478a38e40fe72d2c18a08b7b35172f1f974a73beaee93287df265ebef0a18

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: afa495f2b05d062953c062bf083c186a125e0facf9cf831195d319e296737735

dotnet-host-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 5f2788785c83c7372d92b3c353fc0fd62c201371e1f9585f3d95cb6927480198

dotnet-host-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 0369c2f0242982ee05cc94dd7dd05810e5ab7b056344e7bae6febefe6db9691e

dotnet-hostfxr-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 70e16fbe2f68a9ae16eeb792a895a8661eb7ca13af14387800b583dcef136799

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: c2d4b133d850ed48f05d8bbeb346fc99f542e5eb82d6d6d4ed70c46872a2091c

dotnet-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: dbdbc81028f82fc29d655c03a63699ed96165f35e7c20ec4c5137706e807a7b9

dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 23d16ba6e0d46512ffe169ba4f403f3fd56dbe988bdd114a2af8fe750bc5f5a7

dotnet-sdk-6.0-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 4bb0bbd59809b75566dfbabe785d044f983a76839556d416d1353af1119e2512

dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 0b74d7db786fb6697a191fa2dd7b425e6ab9036aba7cb58c221e245a02344ae1

dotnet-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: bcdf519359dbcff876199c404c77e9d545a37f33ba1da2b76fad7db5f84ac1ec

dotnet-templates-6.0-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 60da87dddf56e0c8e16ad887667791aa5db4cff85371468e5f0ad3b36fdbed35

dotnet6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 3caf5a8d59c5abdf565c43f27d156166acd43fae289ec2b1656ab59fd9785cd3

dotnet6.0-debugsource-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 4659099826690c9512cccadf383e50662893ef584af1924d82c4da864da0eab7

netstandard-targeting-pack-2.1-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 1ec0e60b1d467964751c24bed9f9d1cd32528929eee5b82451e9383440115f9f

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM

dotnet6.0-6.0.121-1.el8_6.src.rpm

SHA-256: 8e546c68220d358b4c2057eba3dec9668c97e7c5c38e88d2398335c7a3c473de

s390x

aspnetcore-runtime-6.0-6.0.21-1.el8_6.s390x.rpm

SHA-256: 03bf284488804bb65a30674c73363c2e417456077f1a5c87f3d88fbb3a627bc5

aspnetcore-targeting-pack-6.0-6.0.21-1.el8_6.s390x.rpm

SHA-256: 9cc2a2142a263a06fadaf9788e6bac4e95b53ad2644313980bba560451f3a583

dotnet-6.0.121-1.el8_6.s390x.rpm

SHA-256: 0d89b3908916696ce1912fc3d0281c079c549863b5910f897c6ce6a1e2721153

dotnet-apphost-pack-6.0-6.0.21-1.el8_6.s390x.rpm

SHA-256: b788290dbb7e3448d0d38b75c1f5e12cb546a09e90a7926fcea03be921cbc993

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm

SHA-256: 17027c5b457d513eb0095dd4124b14931b103bf20d40d1ab2f504814577609e6

dotnet-host-6.0.21-1.el8_6.s390x.rpm

SHA-256: 6a0e6ef8f8240bff70d30308069c96ab7cd1505c900c6c7b844bc3100061758a

dotnet-host-debuginfo-6.0.21-1.el8_6.s390x.rpm

SHA-256: bc802d0fcecaffb355e2b272f857433c8278b99c51647e6d63811ca53815e8b3

dotnet-hostfxr-6.0-6.0.21-1.el8_6.s390x.rpm

SHA-256: 86a2ad54d906de3bd95cf4f0078c58c4f59af9f702fa272a07c300ebe7d9af71

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm

SHA-256: f4af8d8f4f67ef8512950d610698d4b730b576cebc1f61f4abe1e4a917c6f459

dotnet-runtime-6.0-6.0.21-1.el8_6.s390x.rpm

SHA-256: 9f64123b8b98fb76d3a8fd4d36edb12b9f70b4994298e014f79b79b64b4dc38a

dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm

SHA-256: 0a8411a568f5c74cb6cbe412f47868f61d546d5a5590f81d32e096cfa077bb47

dotnet-sdk-6.0-6.0.121-1.el8_6.s390x.rpm

SHA-256: 4f256274f53eb0eb6611459e42aa633e19d54d536ad1e804eacc83dd09cb8a41

dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.s390x.rpm

SHA-256: 3bdb928e9616dfb979185fa1b490fdfd89757fa16a5108a51f0ef4114305f9b1

dotnet-targeting-pack-6.0-6.0.21-1.el8_6.s390x.rpm

SHA-256: e6ccd8e16f7099d25bbfd31fecea6d36c49b02477e1189ed2303b230d1a89e20

dotnet-templates-6.0-6.0.121-1.el8_6.s390x.rpm

SHA-256: e2b73add6f358688d6fbbdf8557df6ed2d80ab11248c7d99039fb32e7748cc8c

dotnet6.0-debuginfo-6.0.121-1.el8_6.s390x.rpm

SHA-256: ca7f4c07d098e81e1298dd679ec5d9c85e3ec959adcc54c28e95ece8be750d35

dotnet6.0-debugsource-6.0.121-1.el8_6.s390x.rpm

SHA-256: 43133019ea5053043d9d28b389244a61c4f5c6e3cd793832d0425fb92075db74

netstandard-targeting-pack-2.1-6.0.121-1.el8_6.s390x.rpm

SHA-256: 90b3b8aba2f234b042cde1d595eba9fd39b63209903f247481a4ff2044cfbf05

Red Hat Enterprise Linux Server - TUS 8.6

SRPM

dotnet6.0-6.0.121-1.el8_6.src.rpm

SHA-256: 8e546c68220d358b4c2057eba3dec9668c97e7c5c38e88d2398335c7a3c473de

x86_64

aspnetcore-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 510bb023064d052566590e914421dfddfa6d81f74b7b6070fa147d15c618d901

aspnetcore-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: a6383dbb7d5ee6a3ed3fb446c29d3fc8b6a64dc23e12057a94127f1d65c7a0d3

dotnet-6.0.121-1.el8_6.x86_64.rpm

SHA-256: ac7b7fe4aaba428705e030132ba899dbc923e216ca1c80d0be0f0e337f848a9d

dotnet-apphost-pack-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: a7e478a38e40fe72d2c18a08b7b35172f1f974a73beaee93287df265ebef0a18

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: afa495f2b05d062953c062bf083c186a125e0facf9cf831195d319e296737735

dotnet-host-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 5f2788785c83c7372d92b3c353fc0fd62c201371e1f9585f3d95cb6927480198

dotnet-host-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 0369c2f0242982ee05cc94dd7dd05810e5ab7b056344e7bae6febefe6db9691e

dotnet-hostfxr-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 70e16fbe2f68a9ae16eeb792a895a8661eb7ca13af14387800b583dcef136799

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: c2d4b133d850ed48f05d8bbeb346fc99f542e5eb82d6d6d4ed70c46872a2091c

dotnet-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: dbdbc81028f82fc29d655c03a63699ed96165f35e7c20ec4c5137706e807a7b9

dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 23d16ba6e0d46512ffe169ba4f403f3fd56dbe988bdd114a2af8fe750bc5f5a7

dotnet-sdk-6.0-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 4bb0bbd59809b75566dfbabe785d044f983a76839556d416d1353af1119e2512

dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 0b74d7db786fb6697a191fa2dd7b425e6ab9036aba7cb58c221e245a02344ae1

dotnet-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: bcdf519359dbcff876199c404c77e9d545a37f33ba1da2b76fad7db5f84ac1ec

dotnet-templates-6.0-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 60da87dddf56e0c8e16ad887667791aa5db4cff85371468e5f0ad3b36fdbed35

dotnet6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 3caf5a8d59c5abdf565c43f27d156166acd43fae289ec2b1656ab59fd9785cd3

dotnet6.0-debugsource-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 4659099826690c9512cccadf383e50662893ef584af1924d82c4da864da0eab7

netstandard-targeting-pack-2.1-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 1ec0e60b1d467964751c24bed9f9d1cd32528929eee5b82451e9383440115f9f

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM

dotnet6.0-6.0.121-1.el8_6.src.rpm

SHA-256: 8e546c68220d358b4c2057eba3dec9668c97e7c5c38e88d2398335c7a3c473de

aarch64

aspnetcore-runtime-6.0-6.0.21-1.el8_6.aarch64.rpm

SHA-256: 0472375f2b994d6c2706b20dad78b14a155f0d58fbad2818b2a2110dc77f3903

aspnetcore-targeting-pack-6.0-6.0.21-1.el8_6.aarch64.rpm

SHA-256: e2c51df7d08536918f4567c56ce81534d7ce489e5e2d4942fb6b77bf5e5414aa

dotnet-6.0.121-1.el8_6.aarch64.rpm

SHA-256: af1463488e9cb5f940997604a2e4138bfd469c2d2b242b3be500f7a1a7b37641

dotnet-apphost-pack-6.0-6.0.21-1.el8_6.aarch64.rpm

SHA-256: 4acf4c8a751457f896628fbc7c29d7539b4f56068b5113e5b51eeb6de6150470

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm

SHA-256: 72bcafc6085c0825c33c2d37cfbc6b97a1881bff9d09ad96f9c3a1bbb63a02b2

dotnet-host-6.0.21-1.el8_6.aarch64.rpm

SHA-256: a9660d07a19c7d25ccd25e93bcaa0c07dacb043b82280d7d0873811064dc807b

dotnet-host-debuginfo-6.0.21-1.el8_6.aarch64.rpm

SHA-256: 424e3b6f85f3dc3b76511fac36728554fcb1da750e95b93b6ea1d491cf3d0ab6

dotnet-hostfxr-6.0-6.0.21-1.el8_6.aarch64.rpm

SHA-256: adbcefead1dec7b3d5765ceec6291409b4c8fd11b7bb1e5914577ef5ffdc5c4c

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm

SHA-256: ed9dc8862d6fe8cd23f02a8a59d60536474422ca214c29aa3064be9d0248dc2f

dotnet-runtime-6.0-6.0.21-1.el8_6.aarch64.rpm

SHA-256: 460df4b86f51d483aee2bf5a73e566d2039d542a8641e52cd60bcc326a5ed391

dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm

SHA-256: efdf45c2eef9911583ddd4ada53ee53c3d1e7ffe587f788ef10907a048d6e8d9

dotnet-sdk-6.0-6.0.121-1.el8_6.aarch64.rpm

SHA-256: e0e5c0759ee1c0106405296eba8a5802634e3ff746abede16ac3dbdf51c37c00

dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.aarch64.rpm

SHA-256: 9ab3f230b2a6efa1766d60ee7aaf8cf2622e84c657052df32b544e04cb168901

dotnet-targeting-pack-6.0-6.0.21-1.el8_6.aarch64.rpm

SHA-256: 87adfb2fefbfefc455c332a22942b31988158d0975e53bd94aeed6c333301019

dotnet-templates-6.0-6.0.121-1.el8_6.aarch64.rpm

SHA-256: 5d79ace56de6a7cf80ffbea48441d9a74ce15dea73011fd9860e184ac83375bb

dotnet6.0-debuginfo-6.0.121-1.el8_6.aarch64.rpm

SHA-256: 398d479177e9999baa7cc30c11151f374f651a650e98c383d065f1054c0b808a

dotnet6.0-debugsource-6.0.121-1.el8_6.aarch64.rpm

SHA-256: 31d98555da6cfc19602aacb9fac322f77fd3dcd6200f0bfcca87c73d5beb425c

netstandard-targeting-pack-2.1-6.0.121-1.el8_6.aarch64.rpm

SHA-256: a622e2f074b92f8e5eff7c747ddf93321577aaeeee4031b4ea0d49c7b52d625b

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM

dotnet6.0-6.0.121-1.el8_6.src.rpm

SHA-256: 8e546c68220d358b4c2057eba3dec9668c97e7c5c38e88d2398335c7a3c473de

x86_64

aspnetcore-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 510bb023064d052566590e914421dfddfa6d81f74b7b6070fa147d15c618d901

aspnetcore-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: a6383dbb7d5ee6a3ed3fb446c29d3fc8b6a64dc23e12057a94127f1d65c7a0d3

dotnet-6.0.121-1.el8_6.x86_64.rpm

SHA-256: ac7b7fe4aaba428705e030132ba899dbc923e216ca1c80d0be0f0e337f848a9d

dotnet-apphost-pack-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: a7e478a38e40fe72d2c18a08b7b35172f1f974a73beaee93287df265ebef0a18

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: afa495f2b05d062953c062bf083c186a125e0facf9cf831195d319e296737735

dotnet-host-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 5f2788785c83c7372d92b3c353fc0fd62c201371e1f9585f3d95cb6927480198

dotnet-host-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 0369c2f0242982ee05cc94dd7dd05810e5ab7b056344e7bae6febefe6db9691e

dotnet-hostfxr-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 70e16fbe2f68a9ae16eeb792a895a8661eb7ca13af14387800b583dcef136799

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: c2d4b133d850ed48f05d8bbeb346fc99f542e5eb82d6d6d4ed70c46872a2091c

dotnet-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: dbdbc81028f82fc29d655c03a63699ed96165f35e7c20ec4c5137706e807a7b9

dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 23d16ba6e0d46512ffe169ba4f403f3fd56dbe988bdd114a2af8fe750bc5f5a7

dotnet-sdk-6.0-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 4bb0bbd59809b75566dfbabe785d044f983a76839556d416d1353af1119e2512

dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 0b74d7db786fb6697a191fa2dd7b425e6ab9036aba7cb58c221e245a02344ae1

dotnet-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm

SHA-256: bcdf519359dbcff876199c404c77e9d545a37f33ba1da2b76fad7db5f84ac1ec

dotnet-templates-6.0-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 60da87dddf56e0c8e16ad887667791aa5db4cff85371468e5f0ad3b36fdbed35

dotnet6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 3caf5a8d59c5abdf565c43f27d156166acd43fae289ec2b1656ab59fd9785cd3

dotnet6.0-debugsource-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 4659099826690c9512cccadf383e50662893ef584af1924d82c4da864da0eab7

netstandard-targeting-pack-2.1-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 1ec0e60b1d467964751c24bed9f9d1cd32528929eee5b82451e9383440115f9f

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6

SRPM

x86_64

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: afa495f2b05d062953c062bf083c186a125e0facf9cf831195d319e296737735

dotnet-host-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 0369c2f0242982ee05cc94dd7dd05810e5ab7b056344e7bae6febefe6db9691e

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: c2d4b133d850ed48f05d8bbeb346fc99f542e5eb82d6d6d4ed70c46872a2091c

dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm

SHA-256: 23d16ba6e0d46512ffe169ba4f403f3fd56dbe988bdd114a2af8fe750bc5f5a7

dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 0b74d7db786fb6697a191fa2dd7b425e6ab9036aba7cb58c221e245a02344ae1

dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el8_6.x86_64.rpm

SHA-256: a64ac65f957c84379f6f4f63e842f0bb2240bd22792e212f5f3c78bc59fd639c

dotnet6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 3caf5a8d59c5abdf565c43f27d156166acd43fae289ec2b1656ab59fd9785cd3

dotnet6.0-debugsource-6.0.121-1.el8_6.x86_64.rpm

SHA-256: 4659099826690c9512cccadf383e50662893ef584af1924d82c4da864da0eab7

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6

SRPM

s390x

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm

SHA-256: 17027c5b457d513eb0095dd4124b14931b103bf20d40d1ab2f504814577609e6

dotnet-host-debuginfo-6.0.21-1.el8_6.s390x.rpm

SHA-256: bc802d0fcecaffb355e2b272f857433c8278b99c51647e6d63811ca53815e8b3

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm

SHA-256: f4af8d8f4f67ef8512950d610698d4b730b576cebc1f61f4abe1e4a917c6f459

dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm

SHA-256: 0a8411a568f5c74cb6cbe412f47868f61d546d5a5590f81d32e096cfa077bb47

dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.s390x.rpm

SHA-256: 3bdb928e9616dfb979185fa1b490fdfd89757fa16a5108a51f0ef4114305f9b1

dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el8_6.s390x.rpm

SHA-256: 30e1963b851247d98b5abf15cf3f98e22e8bdef0e53996e699882b87b7d24e5c

dotnet6.0-debuginfo-6.0.121-1.el8_6.s390x.rpm

SHA-256: ca7f4c07d098e81e1298dd679ec5d9c85e3ec959adcc54c28e95ece8be750d35

dotnet6.0-debugsource-6.0.121-1.el8_6.s390x.rpm

SHA-256: 43133019ea5053043d9d28b389244a61c4f5c6e3cd793832d0425fb92075db74

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6

SRPM

aarch64

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm

SHA-256: 72bcafc6085c0825c33c2d37cfbc6b97a1881bff9d09ad96f9c3a1bbb63a02b2

dotnet-host-debuginfo-6.0.21-1.el8_6.aarch64.rpm

SHA-256: 424e3b6f85f3dc3b76511fac36728554fcb1da750e95b93b6ea1d491cf3d0ab6

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm

SHA-256: ed9dc8862d6fe8cd23f02a8a59d60536474422ca214c29aa3064be9d0248dc2f

dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm

SHA-256: efdf45c2eef9911583ddd4ada53ee53c3d1e7ffe587f788ef10907a048d6e8d9

dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.aarch64.rpm

SHA-256: 9ab3f230b2a6efa1766d60ee7aaf8cf2622e84c657052df32b544e04cb168901

dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el8_6.aarch64.rpm

SHA-256: 0eaf6372d66a2be7c4b7811e531f8a09ba37a9832901464c95ed0721cc418afe

dotnet6.0-debuginfo-6.0.121-1.el8_6.aarch64.rpm

SHA-256: 398d479177e9999baa7cc30c11151f374f651a650e98c383d065f1054c0b808a

dotnet6.0-debugsource-6.0.121-1.el8_6.aarch64.rpm

SHA-256: 31d98555da6cfc19602aacb9fac322f77fd3dcd6200f0bfcca87c73d5beb425c

Related news

August 2023: GitHub PoCs, Vulristics, Qualys First-Party, Tenable ExposureAI, SC Awards and Rapid7, Anglo-Saxon list, MS Patch Tuesday, WinRAR, Juniper

Hello everyone! This month I decided NOT to make an episode completely dedicated to Microsoft Patch Tuesday. Instead, this episode will be an answer to the question of how my Vulnerability Management month went. A retrospection of some kind. Alternative video link (for Russia): https://vk.com/video-149273431_456239134 GitHub exploits and Vulristics This month I made some improvements […]

Red Hat Security Advisory 2023-4640-01

Red Hat Security Advisory 2023-4640-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4645-01

Red Hat Security Advisory 2023-4645-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4643-01

Red Hat Security Advisory 2023-4643-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4639-01

Red Hat Security Advisory 2023-4639-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4642-01

Red Hat Security Advisory 2023-4642-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4644-01

Red Hat Security Advisory 2023-4644-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4641-01

Red Hat Security Advisory 2023-4641-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Issues addressed include a denial of service vulnerability.

RHSA-2023:4639: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. * CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially...

Ubuntu Security Notice USN-6278-2

Ubuntu Security Notice 6278-2 - USN-6278-1 fixed several vulnerabilities in .NET. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that .NET did properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution.

Ubuntu Security Notice USN-6278-2

Ubuntu Security Notice 6278-2 - USN-6278-1 fixed several vulnerabilities in .NET. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that .NET did properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution.

CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft's .NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-38180 (CVSS score: 7.5), the high-severity flaw relates to a case denial-of-service (DoS) impacting .NET and Visual Studio. It

August Patch Tuesday stops actively exploited attack chain and more

Categories: Exploits and vulnerabilities Categories: News Microsoft has announced patches for 87 vulnerabilities this month, including two that are being actively exploited. (Read more...) The post August Patch Tuesday stops actively exploited attack chain and more appeared first on Malwarebytes Labs.

Ubuntu Security Notice USN-6278-1

Ubuntu Security Notice 6278-1 - It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6278-1

Ubuntu Security Notice 6278-1 - It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service.

GHSA-p8rx-fwgq-rh2f: .NET Remote Code Execution Vulnerability

# Microsoft Security Advisory CVE-2023-35390: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists when some dotnet commands are used in directories with weaker permissions which can result in remote code execution. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/266 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0.1xx SDK 7.0.109 or earlier. * Any .NET 7.0.3xx SDK 7.0.306 or earlier. * Any .NET 6.0.1xx SDK 6.0.120 or earlier. * Any .NET 6.0.3xx SDK 6.0.315 or earlier. * A...

GHSA-vmch-3w2x-vhgq: .NET Denial of Service Vulnerability

# Microsoft Security Advisory CVE-2023-38180: .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1, .NET 6.0, and .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in Kestrel where, on detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/269 ### <a name="mitigation-factors"></a>Mitigation factors If your application is running behind a reverse proxy, or Web Application Firewall, which has its own mitigations against HTTP based attacks this issue may be mitigated by the proxy or WAF ## <a name="affected-software"></a>Affected software * Any .NET 7.0 applicat...

Microsoft Releases Patches for 74 New Vulnerabilities in August Update

Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System

Microsoft Patch Tuesday, August 2023 Edition

Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including a patch that addresses multiple zero-day vulnerabilities currently being exploited in the wild.

Six critical vulnerabilities included in August’s Microsoft security update

The only vulnerability Microsoft states is being exploited in the wild is CVE-2023-38180, a denial-of-service vulnerability in .NET and Microsoft Visual Studio.

CVE-2023-38180

.NET and Visual Studio Denial of Service Vulnerability

CVE-2023-35390

.NET and Visual Studio Remote Code Execution Vulnerability

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data