Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4449: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-29331: A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates.
  • CVE-2023-29337: A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack.
  • CVE-2023-33128: A vulnerability was found in dotnet. This issue may allow remote code execution via source generators that can lead to a crash due to unmanaged heap corruption.
  • CVE-2023-33170: A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. This flaw allows a remote attacker to bypass security features, causing an impact on confidentiality, integrity, and availability.
Red Hat Security Data
#vulnerability#linux#red_hat#dos#rce#ibm#sap

Synopsis

Important: .NET 6.0 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.120 and .NET Runtime 6.0.20.

Security Fix(es):

  • dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331)
  • dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337)
  • dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128)
  • dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method (CVE-2023-33170)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2212617 - CVE-2023-29331 dotnet: .NET Kestrel: Denial of Service processing X509 Certificates
  • BZ - 2212618 - CVE-2023-33128 dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption
  • BZ - 2213703 - CVE-2023-29337 dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack
  • BZ - 2221854 - CVE-2023-33170 dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method

CVEs

  • CVE-2023-29331
  • CVE-2023-29337
  • CVE-2023-33128
  • CVE-2023-33170

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

dotnet6.0-6.0.120-1.el9_0.src.rpm

SHA-256: 6327f073903f657cfa78f46c06bf2b9be43ed3c0e77bf61e1971e3875758412e

x86_64

aspnetcore-runtime-6.0-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 7cb0fcdc2844f7f033026b046f8bb7582a976cf75ddf892591e04b391ed65ed3

aspnetcore-targeting-pack-6.0-6.0.20-1.el9_0.x86_64.rpm

SHA-256: e1b5db4d7a4db42313f28e87ea0c545b389fe1c9dcd2ba15e40ba5f53dbc0b9b

dotnet-apphost-pack-6.0-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 05a911c1effc54effe4f37baf13befb34252c0469dd4cb21a5754af35f6ca3cf

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm

SHA-256: d8ba4b524f6f538174d1dabed0a1997ffdb9ef5ff5ecd7d603f5fe171133c233

dotnet-host-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 0f8abd1135edb64d306dfa0318bf96bd1e60a13e089aba8c0092abfc3eb29eab

dotnet-host-debuginfo-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 91d7dbd393d65606309c79ee55101aba6996d5dc8328a6f8f67af5b6d39a7145

dotnet-hostfxr-6.0-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 71497e069621613dc7ef635bb9de45c8ef73d9361a59aef3b058c7a79c104890

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 336beb3ff039aec806b18941130834fa3bbd06c3bcc81761220eb11d54976d2c

dotnet-runtime-6.0-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 68fcd00f1f408da6044ca462bdfd5314ee7174c39ff4458afbfe196355bc16f0

dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 4f3d27f1d99b84d16b0d62cc16e1f1ba8f5a6045692b86b19a22c49fae5ac4ee

dotnet-sdk-6.0-6.0.120-1.el9_0.x86_64.rpm

SHA-256: 89c97d648a5a7192aaf3fb952c83278dca08c910470e173c2bba3f9eff3ee5f6

dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.x86_64.rpm

SHA-256: 03af3b0b1b43e24e1f619dcbd9576ad831749067dc36c803a9b5b108635b414b

dotnet-targeting-pack-6.0-6.0.20-1.el9_0.x86_64.rpm

SHA-256: d4197bc1162280b05ea76264925dda3f5a8931d80786616a4e7aa0ffbc615292

dotnet-templates-6.0-6.0.120-1.el9_0.x86_64.rpm

SHA-256: bb4a6aa8ef9ae8026ba9d957a6e30c9b35e1aad043f985a0e0dc28c3e93c44a7

dotnet6.0-debuginfo-6.0.120-1.el9_0.x86_64.rpm

SHA-256: f0d3f512708fcd7d97688b4d9b265b93949019c7a9dde206283ee67c760f20e1

dotnet6.0-debugsource-6.0.120-1.el9_0.x86_64.rpm

SHA-256: c790f59c18098c2d1c62d5edde27d1ca919b393e622cdfb05e5831fa975a3ba5

netstandard-targeting-pack-2.1-6.0.120-1.el9_0.x86_64.rpm

SHA-256: 34e08d3e6a8a749e8ea0081cb7a0a85de10ceb83b4ec557a25b4fff27af91bdd

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM

dotnet6.0-6.0.120-1.el9_0.src.rpm

SHA-256: 6327f073903f657cfa78f46c06bf2b9be43ed3c0e77bf61e1971e3875758412e

s390x

aspnetcore-runtime-6.0-6.0.20-1.el9_0.s390x.rpm

SHA-256: 8fad060e0e98fd483923f59f46e4f1421c3eb1ed5302c0375748858245e5d8b3

aspnetcore-targeting-pack-6.0-6.0.20-1.el9_0.s390x.rpm

SHA-256: 0b4dde6d319688b30c40d37140581005bad5f4ea76a677cf72367cdae269e232

dotnet-apphost-pack-6.0-6.0.20-1.el9_0.s390x.rpm

SHA-256: 3e3989697eee7d6717a71e62f16ed7002ae0a14e6ff1de7c750f042ea77070e7

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm

SHA-256: c1875f7fb8a47100736fc5a5145f6b96cb70f9cc825cec0118b690e9ffe2b846

dotnet-host-6.0.20-1.el9_0.s390x.rpm

SHA-256: 8f26644e1e84e7b42d2d92a0d535a6a75ccfc487c3283fb0a7a5f6b115546b05

dotnet-host-debuginfo-6.0.20-1.el9_0.s390x.rpm

SHA-256: a9c742e2d0cda43f7e2fa1e4e7c8d0f24c4525c20735e69a49613941f1faa100

dotnet-hostfxr-6.0-6.0.20-1.el9_0.s390x.rpm

SHA-256: 3802fbd750738ff69b7e9abc225048e9c4b12510e94f803c44ea66e1e109d3e2

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm

SHA-256: 331d586a4f8eb31d4f24154744def1b7cf42c7eb34676a317ffc6e700a33c387

dotnet-runtime-6.0-6.0.20-1.el9_0.s390x.rpm

SHA-256: 7ae6c325d98a9068a4ad273484ee735fe065b276b2c80002933ad2606a22a585

dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm

SHA-256: 96ae72641d36eaf8b80bbd30fd00ed01711733f63475be560c0eb03a5f2280e3

dotnet-sdk-6.0-6.0.120-1.el9_0.s390x.rpm

SHA-256: 34f2c3fa86840ebc2dcdb61d1b9c38e530a07f6846e9a39b7d80a640acf40e81

dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.s390x.rpm

SHA-256: 440bff9370b2069fe68cb01eacf314e0c75b96a3a39be8e8319f1bd74e27e607

dotnet-targeting-pack-6.0-6.0.20-1.el9_0.s390x.rpm

SHA-256: 61b42acdba7f334df4d5a6d5d5fab1ee1ec6b5d69b81422ec9a7bf6be86e1a3f

dotnet-templates-6.0-6.0.120-1.el9_0.s390x.rpm

SHA-256: 1b199711c677e0b74de172ed19ebcbd66d4b6e4b89a65f6f3c23bf5abf74fdb6

dotnet6.0-debuginfo-6.0.120-1.el9_0.s390x.rpm

SHA-256: 4d8e2da422463e7369ec6c207df95980438cc7e7116965b0c8546d8f9a78eb5a

dotnet6.0-debugsource-6.0.120-1.el9_0.s390x.rpm

SHA-256: e26d20eea85b55245642a379b65ebc3f8d7c691a33169ce27b348703842a9701

netstandard-targeting-pack-2.1-6.0.120-1.el9_0.s390x.rpm

SHA-256: 1d1a544aed6e6f99247dedeba3ccfcd013b7449d3886ac06018b7a35472d90c3

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM

dotnet6.0-6.0.120-1.el9_0.src.rpm

SHA-256: 6327f073903f657cfa78f46c06bf2b9be43ed3c0e77bf61e1971e3875758412e

aarch64

aspnetcore-runtime-6.0-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 3e9fb05d77000a0bcabc306f15d61897a771ee29c82bdb607cdbac2c9214ad4e

aspnetcore-targeting-pack-6.0-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 7ae3b7a42260469a31afaed18519bbf73eb7251c646b804d7db9acf4d8fe65b2

dotnet-apphost-pack-6.0-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 451bafed0b7ed00078c3e5fb5c09ca0f0dd0475b40e21f9f4c82951da94da86c

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 51bb2426b4104885143bb41a0eb6ce82c2e93971d29b62125d57aed940127015

dotnet-host-6.0.20-1.el9_0.aarch64.rpm

SHA-256: a78a9ce90e15673b262b17e699c86e82f6652e01c4b43474eb80fcdef9249bed

dotnet-host-debuginfo-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 385d8f02929b7ec34fedb03bc1ddcfbec29e655060ca18adee30126898e59a5a

dotnet-hostfxr-6.0-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 8b2003447efb842e9a47aeb96d4a737474f045f5413486326ff8b316e0d2f86c

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm

SHA-256: ae98c1b0339624bbda5fea60d2d6607a83dd2fa3674cacac54670829ca7c2fd7

dotnet-runtime-6.0-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 69df296b56487fe09a1527b4993de7fe7d884bbdc62d5629c1126fff55f46255

dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 73cd56e6efae51cd288bfe39ac68ead31a37edc4dd06475e05822842067937de

dotnet-sdk-6.0-6.0.120-1.el9_0.aarch64.rpm

SHA-256: 689dec03399b85e53ec313471306385ace155ddee8ee23878da2227f5e019302

dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.aarch64.rpm

SHA-256: c1409f242b91c23bfabd9dc8c3e7a2b6102664ebb56921d379198ba12d11cd83

dotnet-targeting-pack-6.0-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 2be3aafcefa6cbe54565a83d2bc91ae0a1a35c19a358bbf6a898f261f0c6644b

dotnet-templates-6.0-6.0.120-1.el9_0.aarch64.rpm

SHA-256: 365f391ad96e3cfb62b9023c3f416a96e82b818677136ebf19f3329a2174e0c9

dotnet6.0-debuginfo-6.0.120-1.el9_0.aarch64.rpm

SHA-256: 5a8b87c55f4c48fcb638e137e2fc26bb854c5fb884a32843989c8df432c82de2

dotnet6.0-debugsource-6.0.120-1.el9_0.aarch64.rpm

SHA-256: e7e617b41b278648f7038b7d47dc433dffc82d47245bc6741406bb05e36017b2

netstandard-targeting-pack-2.1-6.0.120-1.el9_0.aarch64.rpm

SHA-256: 49dd1626ae2fa83fcb599c57c63ae21572bed7405d46f3becb38f9e6d8673b2c

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM

dotnet6.0-6.0.120-1.el9_0.src.rpm

SHA-256: 6327f073903f657cfa78f46c06bf2b9be43ed3c0e77bf61e1971e3875758412e

x86_64

aspnetcore-runtime-6.0-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 7cb0fcdc2844f7f033026b046f8bb7582a976cf75ddf892591e04b391ed65ed3

aspnetcore-targeting-pack-6.0-6.0.20-1.el9_0.x86_64.rpm

SHA-256: e1b5db4d7a4db42313f28e87ea0c545b389fe1c9dcd2ba15e40ba5f53dbc0b9b

dotnet-apphost-pack-6.0-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 05a911c1effc54effe4f37baf13befb34252c0469dd4cb21a5754af35f6ca3cf

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm

SHA-256: d8ba4b524f6f538174d1dabed0a1997ffdb9ef5ff5ecd7d603f5fe171133c233

dotnet-host-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 0f8abd1135edb64d306dfa0318bf96bd1e60a13e089aba8c0092abfc3eb29eab

dotnet-host-debuginfo-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 91d7dbd393d65606309c79ee55101aba6996d5dc8328a6f8f67af5b6d39a7145

dotnet-hostfxr-6.0-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 71497e069621613dc7ef635bb9de45c8ef73d9361a59aef3b058c7a79c104890

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 336beb3ff039aec806b18941130834fa3bbd06c3bcc81761220eb11d54976d2c

dotnet-runtime-6.0-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 68fcd00f1f408da6044ca462bdfd5314ee7174c39ff4458afbfe196355bc16f0

dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 4f3d27f1d99b84d16b0d62cc16e1f1ba8f5a6045692b86b19a22c49fae5ac4ee

dotnet-sdk-6.0-6.0.120-1.el9_0.x86_64.rpm

SHA-256: 89c97d648a5a7192aaf3fb952c83278dca08c910470e173c2bba3f9eff3ee5f6

dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.x86_64.rpm

SHA-256: 03af3b0b1b43e24e1f619dcbd9576ad831749067dc36c803a9b5b108635b414b

dotnet-targeting-pack-6.0-6.0.20-1.el9_0.x86_64.rpm

SHA-256: d4197bc1162280b05ea76264925dda3f5a8931d80786616a4e7aa0ffbc615292

dotnet-templates-6.0-6.0.120-1.el9_0.x86_64.rpm

SHA-256: bb4a6aa8ef9ae8026ba9d957a6e30c9b35e1aad043f985a0e0dc28c3e93c44a7

dotnet6.0-debuginfo-6.0.120-1.el9_0.x86_64.rpm

SHA-256: f0d3f512708fcd7d97688b4d9b265b93949019c7a9dde206283ee67c760f20e1

dotnet6.0-debugsource-6.0.120-1.el9_0.x86_64.rpm

SHA-256: c790f59c18098c2d1c62d5edde27d1ca919b393e622cdfb05e5831fa975a3ba5

netstandard-targeting-pack-2.1-6.0.120-1.el9_0.x86_64.rpm

SHA-256: 34e08d3e6a8a749e8ea0081cb7a0a85de10ceb83b4ec557a25b4fff27af91bdd

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0

SRPM

x86_64

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm

SHA-256: d8ba4b524f6f538174d1dabed0a1997ffdb9ef5ff5ecd7d603f5fe171133c233

dotnet-host-debuginfo-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 91d7dbd393d65606309c79ee55101aba6996d5dc8328a6f8f67af5b6d39a7145

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 336beb3ff039aec806b18941130834fa3bbd06c3bcc81761220eb11d54976d2c

dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.x86_64.rpm

SHA-256: 4f3d27f1d99b84d16b0d62cc16e1f1ba8f5a6045692b86b19a22c49fae5ac4ee

dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.x86_64.rpm

SHA-256: 03af3b0b1b43e24e1f619dcbd9576ad831749067dc36c803a9b5b108635b414b

dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el9_0.x86_64.rpm

SHA-256: cbe107e22ed98aba90aa602c3bdf9d299be6dfc5d9795dc16dbfdc66ba2d6d72

dotnet6.0-debuginfo-6.0.120-1.el9_0.x86_64.rpm

SHA-256: f0d3f512708fcd7d97688b4d9b265b93949019c7a9dde206283ee67c760f20e1

dotnet6.0-debugsource-6.0.120-1.el9_0.x86_64.rpm

SHA-256: c790f59c18098c2d1c62d5edde27d1ca919b393e622cdfb05e5831fa975a3ba5

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0

SRPM

s390x

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm

SHA-256: c1875f7fb8a47100736fc5a5145f6b96cb70f9cc825cec0118b690e9ffe2b846

dotnet-host-debuginfo-6.0.20-1.el9_0.s390x.rpm

SHA-256: a9c742e2d0cda43f7e2fa1e4e7c8d0f24c4525c20735e69a49613941f1faa100

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm

SHA-256: 331d586a4f8eb31d4f24154744def1b7cf42c7eb34676a317ffc6e700a33c387

dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm

SHA-256: 96ae72641d36eaf8b80bbd30fd00ed01711733f63475be560c0eb03a5f2280e3

dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.s390x.rpm

SHA-256: 440bff9370b2069fe68cb01eacf314e0c75b96a3a39be8e8319f1bd74e27e607

dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el9_0.s390x.rpm

SHA-256: 7895e4a4f647e66b6656806eb8b671ce5b5bcf085ef081ae358ffedd50a1eab8

dotnet6.0-debuginfo-6.0.120-1.el9_0.s390x.rpm

SHA-256: 4d8e2da422463e7369ec6c207df95980438cc7e7116965b0c8546d8f9a78eb5a

dotnet6.0-debugsource-6.0.120-1.el9_0.s390x.rpm

SHA-256: e26d20eea85b55245642a379b65ebc3f8d7c691a33169ce27b348703842a9701

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0

SRPM

aarch64

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 51bb2426b4104885143bb41a0eb6ce82c2e93971d29b62125d57aed940127015

dotnet-host-debuginfo-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 385d8f02929b7ec34fedb03bc1ddcfbec29e655060ca18adee30126898e59a5a

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm

SHA-256: ae98c1b0339624bbda5fea60d2d6607a83dd2fa3674cacac54670829ca7c2fd7

dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 73cd56e6efae51cd288bfe39ac68ead31a37edc4dd06475e05822842067937de

dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.aarch64.rpm

SHA-256: c1409f242b91c23bfabd9dc8c3e7a2b6102664ebb56921d379198ba12d11cd83

dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el9_0.aarch64.rpm

SHA-256: f80c43030ad16dcb2255f5e93f76f19f3eb367d96ae26f1ef526df767cfc2d7d

dotnet6.0-debuginfo-6.0.120-1.el9_0.aarch64.rpm

SHA-256: 5a8b87c55f4c48fcb638e137e2fc26bb854c5fb884a32843989c8df432c82de2

dotnet6.0-debugsource-6.0.120-1.el9_0.aarch64.rpm

SHA-256: e7e617b41b278648f7038b7d47dc433dffc82d47245bc6741406bb05e36017b2

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0

SRPM

dotnet6.0-6.0.120-1.el9_0.src.rpm

SHA-256: 6327f073903f657cfa78f46c06bf2b9be43ed3c0e77bf61e1971e3875758412e

aarch64

aspnetcore-runtime-6.0-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 3e9fb05d77000a0bcabc306f15d61897a771ee29c82bdb607cdbac2c9214ad4e

aspnetcore-targeting-pack-6.0-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 7ae3b7a42260469a31afaed18519bbf73eb7251c646b804d7db9acf4d8fe65b2

dotnet-apphost-pack-6.0-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 451bafed0b7ed00078c3e5fb5c09ca0f0dd0475b40e21f9f4c82951da94da86c

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 51bb2426b4104885143bb41a0eb6ce82c2e93971d29b62125d57aed940127015

dotnet-host-6.0.20-1.el9_0.aarch64.rpm

SHA-256: a78a9ce90e15673b262b17e699c86e82f6652e01c4b43474eb80fcdef9249bed

dotnet-host-debuginfo-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 385d8f02929b7ec34fedb03bc1ddcfbec29e655060ca18adee30126898e59a5a

dotnet-hostfxr-6.0-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 8b2003447efb842e9a47aeb96d4a737474f045f5413486326ff8b316e0d2f86c

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm

SHA-256: ae98c1b0339624bbda5fea60d2d6607a83dd2fa3674cacac54670829ca7c2fd7

dotnet-runtime-6.0-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 69df296b56487fe09a1527b4993de7fe7d884bbdc62d5629c1126fff55f46255

dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 73cd56e6efae51cd288bfe39ac68ead31a37edc4dd06475e05822842067937de

dotnet-sdk-6.0-6.0.120-1.el9_0.aarch64.rpm

SHA-256: 689dec03399b85e53ec313471306385ace155ddee8ee23878da2227f5e019302

dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.aarch64.rpm

SHA-256: c1409f242b91c23bfabd9dc8c3e7a2b6102664ebb56921d379198ba12d11cd83

dotnet-targeting-pack-6.0-6.0.20-1.el9_0.aarch64.rpm

SHA-256: 2be3aafcefa6cbe54565a83d2bc91ae0a1a35c19a358bbf6a898f261f0c6644b

dotnet-templates-6.0-6.0.120-1.el9_0.aarch64.rpm

SHA-256: 365f391ad96e3cfb62b9023c3f416a96e82b818677136ebf19f3329a2174e0c9

dotnet6.0-debuginfo-6.0.120-1.el9_0.aarch64.rpm

SHA-256: 5a8b87c55f4c48fcb638e137e2fc26bb854c5fb884a32843989c8df432c82de2

dotnet6.0-debugsource-6.0.120-1.el9_0.aarch64.rpm

SHA-256: e7e617b41b278648f7038b7d47dc433dffc82d47245bc6741406bb05e36017b2

netstandard-targeting-pack-2.1-6.0.120-1.el9_0.aarch64.rpm

SHA-256: 49dd1626ae2fa83fcb599c57c63ae21572bed7405d46f3becb38f9e6d8673b2c

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0

SRPM

dotnet6.0-6.0.120-1.el9_0.src.rpm

SHA-256: 6327f073903f657cfa78f46c06bf2b9be43ed3c0e77bf61e1971e3875758412e

s390x

aspnetcore-runtime-6.0-6.0.20-1.el9_0.s390x.rpm

SHA-256: 8fad060e0e98fd483923f59f46e4f1421c3eb1ed5302c0375748858245e5d8b3

aspnetcore-targeting-pack-6.0-6.0.20-1.el9_0.s390x.rpm

SHA-256: 0b4dde6d319688b30c40d37140581005bad5f4ea76a677cf72367cdae269e232

dotnet-apphost-pack-6.0-6.0.20-1.el9_0.s390x.rpm

SHA-256: 3e3989697eee7d6717a71e62f16ed7002ae0a14e6ff1de7c750f042ea77070e7

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm

SHA-256: c1875f7fb8a47100736fc5a5145f6b96cb70f9cc825cec0118b690e9ffe2b846

dotnet-host-6.0.20-1.el9_0.s390x.rpm

SHA-256: 8f26644e1e84e7b42d2d92a0d535a6a75ccfc487c3283fb0a7a5f6b115546b05

dotnet-host-debuginfo-6.0.20-1.el9_0.s390x.rpm

SHA-256: a9c742e2d0cda43f7e2fa1e4e7c8d0f24c4525c20735e69a49613941f1faa100

dotnet-hostfxr-6.0-6.0.20-1.el9_0.s390x.rpm

SHA-256: 3802fbd750738ff69b7e9abc225048e9c4b12510e94f803c44ea66e1e109d3e2

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm

SHA-256: 331d586a4f8eb31d4f24154744def1b7cf42c7eb34676a317ffc6e700a33c387

dotnet-runtime-6.0-6.0.20-1.el9_0.s390x.rpm

SHA-256: 7ae6c325d98a9068a4ad273484ee735fe065b276b2c80002933ad2606a22a585

dotnet-runtime-6.0-debuginfo-6.0.20-1.el9_0.s390x.rpm

SHA-256: 96ae72641d36eaf8b80bbd30fd00ed01711733f63475be560c0eb03a5f2280e3

dotnet-sdk-6.0-6.0.120-1.el9_0.s390x.rpm

SHA-256: 34f2c3fa86840ebc2dcdb61d1b9c38e530a07f6846e9a39b7d80a640acf40e81

dotnet-sdk-6.0-debuginfo-6.0.120-1.el9_0.s390x.rpm

SHA-256: 440bff9370b2069fe68cb01eacf314e0c75b96a3a39be8e8319f1bd74e27e607

dotnet-targeting-pack-6.0-6.0.20-1.el9_0.s390x.rpm

SHA-256: 61b42acdba7f334df4d5a6d5d5fab1ee1ec6b5d69b81422ec9a7bf6be86e1a3f

dotnet-templates-6.0-6.0.120-1.el9_0.s390x.rpm

SHA-256: 1b199711c677e0b74de172ed19ebcbd66d4b6e4b89a65f6f3c23bf5abf74fdb6

dotnet6.0-debuginfo-6.0.120-1.el9_0.s390x.rpm

SHA-256: 4d8e2da422463e7369ec6c207df95980438cc7e7116965b0c8546d8f9a78eb5a

dotnet6.0-debugsource-6.0.120-1.el9_0.s390x.rpm

SHA-256: e26d20eea85b55245642a379b65ebc3f8d7c691a33169ce27b348703842a9701

netstandard-targeting-pack-2.1-6.0.120-1.el9_0.s390x.rpm

SHA-256: 1d1a544aed6e6f99247dedeba3ccfcd013b7449d3886ac06018b7a35472d90c3

Related news

Red Hat Security Advisory 2023-4449-01

Red Hat Security Advisory 2023-4449-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.120 and .NET Runtime 6.0.20. Issues addressed include code execution, denial of service, and heap corruption vulnerabilities.

Red Hat Security Advisory 2023-4448-01

Red Hat Security Advisory 2023-4448-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.120 and .NET Runtime 6.0.20. Issues addressed include code execution, denial of service, and heap corruption vulnerabilities.

RHSA-2023:4448: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29331: A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates. * CVE-2023-29337: A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack. * CVE-2023-33128: A vulnerability was found in dotnet. This...

RHSA-2023:4448: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29331: A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates. * CVE-2023-29337: A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack. * CVE-2023-33128: A vulnerability was found in dotnet. This...

RHSA-2023:4448: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29331: A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates. * CVE-2023-29337: A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack. * CVE-2023-33128: A vulnerability was found in dotnet. This...

RHSA-2023:4448: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29331: A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates. * CVE-2023-29337: A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack. * CVE-2023-33128: A vulnerability was found in dotnet. This...

Red Hat Security Advisory 2023-4058-01

Red Hat Security Advisory 2023-4058-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

RHSA-2023:4061: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-33170: A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. This flaw allows a remote attacker to bypass security features, causing an impact on confidentiality, integrity, and availability.

Ubuntu Security Notice USN-6217-1

Ubuntu Security Notice 6217-1 - McKee-Harris, Matt Cotterell, and Jack Moran discovered that .NET did not properly update account lockout maximum failed attempts. An attacker could possibly use this issue to bypass the security feature and attempt to guess more passwords for an account.

GHSA-25c8-p796-jg6r: Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability

# Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exist in ASP.NET Core applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords. ## Discussion Discussion for this issue can be found at https://github.com/dotnet/aspnetcore/issues/49334 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any ASP.NET 7.0 application running on .NET 7.0.8 or earlier. * Any ASP.NET 6.0 application running on .NET 6.0.19 or earlier. * Any ASP.N...

CVE-2023-33170

ASP.NET and Visual Studio Security Feature Bypass Vulnerability

CVE-2023-33170: ASP.NET and Visual Studio Security Feature Bypass Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.

Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP

Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]

Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP

Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]

Ubuntu Security Notice USN-6161-2

Ubuntu Security Notice 6161-2 - USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges.

Ubuntu Security Notice USN-6161-2

Ubuntu Security Notice 6161-2 - USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges.

Ubuntu Security Notice USN-6161-2

Ubuntu Security Notice 6161-2 - USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges.

GHSA-x469-cv7m-77r9: .NET Remote Code Execution Vulnerability

# Microsoft Security Advisory CVE-2023-33128: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET source generator for P/Invokes that can lead to generated code freeing uninitialized memory and crashing. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/253 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0.1xx SDK 7.0.106 or earlier. * Any .NET 7.0.3xx SDK 7.0.303 or earlier. If your application uses the following package versions, ensure you update to the latest version of .NET....

GHSA-555c-2p6r-68mm: .NET Denial of Service vulnerability

# Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET when processing X.509 certificates that may result in Denial of Service. Details: [KB5025823 ](https://support.microsoft.com/kb/5025823) ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/257 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0 application running on .NET 7.0.5 or earlier. * Any .NET 6.0 application running on .NET 6.0.16 or earlier. If your application uses ...

GHSA-6qmf-mmc7-6c2p: NuGet Client Remote Code Execution Vulnerability

### Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET and NuGet on Linux. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 7.0 and NuGet(nuget.exe, NuGet.Protocol, NuGet.Common, NuGet.CommandLine, NuGet.Commands, Microsoft.Build.NuGetSdkResolver, NuGet.PackageManagement) where a potential race condition that can lead to a symlink attack on Linux. Non-Linux platforms are not affected. ### Affected software This issue only affects Linux systems. #### NuGet & NuGet Packages - Any NuGet.exe, NuGet.Protocol, NuGet.Common, NuGet.CommandLine, NuGet.Commands, Microsoft.Build.NuGetSdkResolver, NuGet.PackageManagement 6.6.0 version or earlier. - Any NuGet.exe, NuGet.Protocol, NuGet.Common, NuGet.CommandLine, NuGet.Commands, Microsoft.Build.NuGetSdkResolver, NuGet.PackageManagement 6.5.0 version or earlier. - Any NuGet.e...

CVE-2023-29337

NuGet Client Remote Code Execution Vulnerability

CVE-2023-29331

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

RHSA-2023:3580: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability

RHSA-2023:3580: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability

RHSA-2023:3580: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability

RHSA-2023:3582: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability

RHSA-2023:3582: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability

RHSA-2023:3582: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability

Ubuntu Security Notice USN-6161-1

Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6161-1

Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6161-1

Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.

CVE-2023-33128

.NET and Visual Studio Remote Code Execution Vulnerability