Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:0827: Red Hat Security Advisory: .NET Core 3.1 security and bugfix update

An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2020-8927: brotli: buffer overflow when input chunk is larger than 2GiB
  • CVE-2022-24464: dotnet: ASP.NET Denial of Service via FormPipeReader
  • CVE-2022-24512: dotnet: double parser stack buffer overrun
Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#dos#nodejs#js#java#kubernetes

Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases

Red Hat Customer Portal

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Virtualization
  • Red Hat Identity Management
  • Red Hat Directory Server
  • Red Hat Certificate System
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Update Infrastructure
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat CloudForms
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Online
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat CodeReady Workspaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Thorntail
  • Red Hat build of Eclipse Vert.x
  • Red Hat build of OpenJDK
  • Red Hat build of Quarkus
  • Red Hat CodeReady Studio

Integration and Automation

  • Red Hat Process Automation
  • Red Hat Process Automation Manager
  • Red Hat Decision Manager

All Products

Issued:

2022-03-10

Updated:

2022-03-10

RHSA-2022:0827 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: .NET Core 3.1 security and bugfix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.

Security Fix(es):

  • dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
  • dotnet: double parser stack buffer overrun (CVE-2022-24512)
  • brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 8 x86_64

Fixes

  • BZ - 1879225 - CVE-2020-8927 brotli: buffer overflow when input chunk is larger than 2GiB
  • BZ - 2061847 - CVE-2022-24464 dotnet: ASP.NET Denial of Service via FormPipeReader
  • BZ - 2061854 - CVE-2022-24512 dotnet: double parser stack buffer overrun

Red Hat Enterprise Linux for x86_64 8

SRPM

dotnet3.1-3.1.417-1.el8_5.src.rpm

SHA-256: 598bd0445659343e5d9e8be56db955871dc08e8a415df7662b412f76a43b93a1

x86_64

aspnetcore-runtime-3.1-3.1.23-1.el8_5.x86_64.rpm

SHA-256: ae108f57427c7fefa45c64923875bf42867f244b314a31bbef0ad67ce33689f2

aspnetcore-targeting-pack-3.1-3.1.23-1.el8_5.x86_64.rpm

SHA-256: 0047fb78f9b8b4cc1594c4b0dc6fb2c0e35c4eb0d1c23a68d037a27659c6814e

dotnet-apphost-pack-3.1-3.1.23-1.el8_5.x86_64.rpm

SHA-256: 78a663dd7a6963bf556f0fc196534f79fcf84a57fb274540773899a4954c6c37

dotnet-apphost-pack-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm

SHA-256: ae4e1b3d829898dde3b0ec717b96cc32ff4ccb826426226ab6ce880525d63a76

dotnet-hostfxr-3.1-3.1.23-1.el8_5.x86_64.rpm

SHA-256: 17a7c13737bc1751e0458de5f3e968a565c12a2d1f2540721776a6be99745881

dotnet-hostfxr-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm

SHA-256: b49e07e6f27861b8dbedcf85e961c9f819ef8289583b7f4d5652fe723a329fd1

dotnet-runtime-3.1-3.1.23-1.el8_5.x86_64.rpm

SHA-256: efc17358ec3e58bb37f1abc338aa0af4464c7ceb5f5b805002063813a9f3acf7

dotnet-runtime-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm

SHA-256: 7eb96e1c128fd92e236c6a6a8c5474df3de38673163e9aa091d81fd7ecbed0da

dotnet-sdk-3.1-3.1.417-1.el8_5.x86_64.rpm

SHA-256: 60508bf4b192e31760d95c30e570480420f13314d7edf02533a42bbb1e2461a6

dotnet-sdk-3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm

SHA-256: 87529e211fbdaa1cb94129e7cbece73b03fd7a6aa9ef1958463e6a2c06983893

dotnet-targeting-pack-3.1-3.1.23-1.el8_5.x86_64.rpm

SHA-256: d2a3f370d642d92c1cb28cc9fd100e02fdad304d043fca73b4ff0ae99f73fcf6

dotnet-templates-3.1-3.1.417-1.el8_5.x86_64.rpm

SHA-256: 50ad0cf588208b39e5e0adeb0b23ed107925656bad110f87bd43899891201b17

dotnet3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm

SHA-256: bed0660026d8cd77f69361e52787aeea5f88470cf2d23ff665b914dbf1aafe08

dotnet3.1-debugsource-3.1.417-1.el8_5.x86_64.rpm

SHA-256: 52de706640fbe6f09742c1364f4c95ced0b674c1866d542b12c04d5e02b1149e

Red Hat CodeReady Linux Builder for x86_64 8

SRPM

x86_64

dotnet-apphost-pack-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm

SHA-256: ae4e1b3d829898dde3b0ec717b96cc32ff4ccb826426226ab6ce880525d63a76

dotnet-hostfxr-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm

SHA-256: b49e07e6f27861b8dbedcf85e961c9f819ef8289583b7f4d5652fe723a329fd1

dotnet-runtime-3.1-debuginfo-3.1.23-1.el8_5.x86_64.rpm

SHA-256: 7eb96e1c128fd92e236c6a6a8c5474df3de38673163e9aa091d81fd7ecbed0da

dotnet-sdk-3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm

SHA-256: 87529e211fbdaa1cb94129e7cbece73b03fd7a6aa9ef1958463e6a2c06983893

dotnet-sdk-3.1-source-built-artifacts-3.1.417-1.el8_5.x86_64.rpm

SHA-256: 3376f63cc82663f18345d1e0463ba4d0ac0eda50de118cbcd1f5a53919873232

dotnet3.1-debuginfo-3.1.417-1.el8_5.x86_64.rpm

SHA-256: bed0660026d8cd77f69361e52787aeea5f88470cf2d23ff665b914dbf1aafe08

dotnet3.1-debugsource-3.1.417-1.el8_5.x86_64.rpm

SHA-256: 52de706640fbe6f09742c1364f4c95ced0b674c1866d542b12c04d5e02b1149e

The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data