RHSA-2021:3147: Red Hat Security Advisory: .NET 5.0 on RHEL 7 security and bugfix update

An update for rh-dotnet50-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section…NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 5.0.206 and .NET Runtime 5.0.9. Security Fix(es):

• dotnet: ASP.NET Core WebSocket frame processing DoS (CVE-2021-26423)
• dotnet: Dump file created world-readable (CVE-2021-34485)
• dotnet: ASP.NET Core JWT token logging (CVE-2021-34532) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Related CVEs:
• CVE-2021-26423: dotnet: ASP.NET Core WebSocket frame processing DoS
• CVE-2021-34485: dotnet: Dump file created world-readable
• CVE-2021-34532: dotnet: ASP.NET Core JWT token logging