Headline
RHSA-2023:4448: Red Hat Security Advisory: .NET 6.0 security update
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-29331: A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates.
- CVE-2023-29337: A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack.
- CVE-2023-33128: A vulnerability was found in dotnet. This issue may allow remote code execution via source generators that can lead to a crash due to unmanaged heap corruption.
- CVE-2023-33170: A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. This flaw allows a remote attacker to bypass security features, causing an impact on confidentiality, integrity, and availability.
Synopsis
Important: .NET 6.0 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.120 and .NET Runtime 6.0.20.
Security Fix(es):
- dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331)
- dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337)
- dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128)
- dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method (CVE-2023-33170)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6 aarch64
Fixes
- BZ - 2212617 - CVE-2023-29331 dotnet: .NET Kestrel: Denial of Service processing X509 Certificates
- BZ - 2212618 - CVE-2023-33128 dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption
- BZ - 2213703 - CVE-2023-29337 dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack
- BZ - 2221854 - CVE-2023-33170 dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method
CVEs
- CVE-2023-29331
- CVE-2023-29337
- CVE-2023-33128
- CVE-2023-33170
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
dotnet6.0-6.0.120-1.el8_6.src.rpm
SHA-256: 5f8617a3d482ed3274d59936b2205daf14e3cd84da18666dcd8f9f7b705c13c7
x86_64
aspnetcore-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 81fdede45113aefbb91e2e23a160860141f81a52016eb8500a4b9966c9dcfd3f
aspnetcore-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 296e4c3334b15979058af439818045f72bca09092765c7733a6967a02f36e28d
dotnet-6.0.120-1.el8_6.x86_64.rpm
SHA-256: f1930c383d2613d26467f57145b50faa586aa926cacfb02d3f57fa5755959e7d
dotnet-apphost-pack-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 746b3ba2319529d521541a31cf2e6bc0fa118c6cd8ffa671ceba77d97c41fc64
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: a84bd76f5d6a46dc77dfa5b756fe5ac541bb577761e91228c6581a3ef37bfca6
dotnet-host-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 2f4a3e5be7b3146e4f08130ac4448717584b309e8085be8d71f198aed6aebdd4
dotnet-host-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 9d215b35e36fee2a0ce9b4ecc3de610bbf6ba95692f5cffa176f9b2afb92aad8
dotnet-hostfxr-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: e14200444de1a06ba969eebdb771c90dd10e98b5088e63f86ee8aa994d748ebc
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: d187992a31245d3fb11a27904d792d680e83cf89e3c21ecf3d072986788f5daa
dotnet-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: f2b5dbcce8f4483594e6b096733720133da9b7bd53f420bfe0325d2199013be2
dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 92adc5c5a32dbe1127b83941fdc959d8b8b09680c2fa454997cc8a82a5326d0e
dotnet-sdk-6.0-6.0.120-1.el8_6.x86_64.rpm
SHA-256: 23747fcc8d739321f26c1822109385470ae583f53b3312e28b2bf721e7fac64f
dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm
SHA-256: f710a196e42f4e135e4b4d840163b43375160575bfff2e6c81ab2843a9f8df68
dotnet-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: b3c94438080d39e390942f586c8988c9b717a13cd8d2d3113a2439eaf5fc6ecc
dotnet-templates-6.0-6.0.120-1.el8_6.x86_64.rpm
SHA-256: c915dea32744378b5347afe5162d942da8affcd0763d9d3ef4bb30b5909aea3c
dotnet6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm
SHA-256: 583baa8ff1c6bd3f36f4e1106c525fb03fd0715532c9a8a797198ee988ab5130
dotnet6.0-debugsource-6.0.120-1.el8_6.x86_64.rpm
SHA-256: ec59e23f6860c8df08679f5d87c5300ad19c73bf4f63edca13d26d37756a0442
netstandard-targeting-pack-2.1-6.0.120-1.el8_6.x86_64.rpm
SHA-256: 2f2e3bbd5456d352bb4fa53e1443cd67a4cb25279f498e5384471f80469ad2bc
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
dotnet6.0-6.0.120-1.el8_6.src.rpm
SHA-256: 5f8617a3d482ed3274d59936b2205daf14e3cd84da18666dcd8f9f7b705c13c7
x86_64
aspnetcore-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 81fdede45113aefbb91e2e23a160860141f81a52016eb8500a4b9966c9dcfd3f
aspnetcore-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 296e4c3334b15979058af439818045f72bca09092765c7733a6967a02f36e28d
dotnet-6.0.120-1.el8_6.x86_64.rpm
SHA-256: f1930c383d2613d26467f57145b50faa586aa926cacfb02d3f57fa5755959e7d
dotnet-apphost-pack-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 746b3ba2319529d521541a31cf2e6bc0fa118c6cd8ffa671ceba77d97c41fc64
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: a84bd76f5d6a46dc77dfa5b756fe5ac541bb577761e91228c6581a3ef37bfca6
dotnet-host-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 2f4a3e5be7b3146e4f08130ac4448717584b309e8085be8d71f198aed6aebdd4
dotnet-host-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 9d215b35e36fee2a0ce9b4ecc3de610bbf6ba95692f5cffa176f9b2afb92aad8
dotnet-hostfxr-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: e14200444de1a06ba969eebdb771c90dd10e98b5088e63f86ee8aa994d748ebc
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: d187992a31245d3fb11a27904d792d680e83cf89e3c21ecf3d072986788f5daa
dotnet-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: f2b5dbcce8f4483594e6b096733720133da9b7bd53f420bfe0325d2199013be2
dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 92adc5c5a32dbe1127b83941fdc959d8b8b09680c2fa454997cc8a82a5326d0e
dotnet-sdk-6.0-6.0.120-1.el8_6.x86_64.rpm
SHA-256: 23747fcc8d739321f26c1822109385470ae583f53b3312e28b2bf721e7fac64f
dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm
SHA-256: f710a196e42f4e135e4b4d840163b43375160575bfff2e6c81ab2843a9f8df68
dotnet-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: b3c94438080d39e390942f586c8988c9b717a13cd8d2d3113a2439eaf5fc6ecc
dotnet-templates-6.0-6.0.120-1.el8_6.x86_64.rpm
SHA-256: c915dea32744378b5347afe5162d942da8affcd0763d9d3ef4bb30b5909aea3c
dotnet6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm
SHA-256: 583baa8ff1c6bd3f36f4e1106c525fb03fd0715532c9a8a797198ee988ab5130
dotnet6.0-debugsource-6.0.120-1.el8_6.x86_64.rpm
SHA-256: ec59e23f6860c8df08679f5d87c5300ad19c73bf4f63edca13d26d37756a0442
netstandard-targeting-pack-2.1-6.0.120-1.el8_6.x86_64.rpm
SHA-256: 2f2e3bbd5456d352bb4fa53e1443cd67a4cb25279f498e5384471f80469ad2bc
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
dotnet6.0-6.0.120-1.el8_6.src.rpm
SHA-256: 5f8617a3d482ed3274d59936b2205daf14e3cd84da18666dcd8f9f7b705c13c7
s390x
aspnetcore-runtime-6.0-6.0.20-1.el8_6.s390x.rpm
SHA-256: 3f5069f4297f3276870b9ca767112698446bb3448f9a43a53efafd683da1b6c3
aspnetcore-targeting-pack-6.0-6.0.20-1.el8_6.s390x.rpm
SHA-256: aeabf8f8020f8ba3ddbff62defcfb8411ff26a65d2a99ad645231c3fcd424d30
dotnet-6.0.120-1.el8_6.s390x.rpm
SHA-256: 5e890cf586b080c6ef7476752de6ee58adba4f5b022ce8d6e2a5f803d7c652c6
dotnet-apphost-pack-6.0-6.0.20-1.el8_6.s390x.rpm
SHA-256: 953c2121a11db3ae23789c20ab6e9bafa2f6080963ff8608a55d975fcc4fa173
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm
SHA-256: 78a6c21059d136a04cc1d73dc530bb78fde3e8c7d3054259f7a2a4dfa7f09b32
dotnet-host-6.0.20-1.el8_6.s390x.rpm
SHA-256: 4eae15d70df30c1db91b8caafb2079f9e51f4d680d28b08e0cc9596c4e55e32c
dotnet-host-debuginfo-6.0.20-1.el8_6.s390x.rpm
SHA-256: 1e5c56de85c7d6f0d70d156ce2dee559b27ced65ef958a4e5c87a319e4f556ca
dotnet-hostfxr-6.0-6.0.20-1.el8_6.s390x.rpm
SHA-256: d886b5d8980a793e5fd282a657f5167750b18c3d35ce198b3042190e6feebc7b
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm
SHA-256: 46e693c8c191a9bac431951a6dddd3c0ecdf54c856c334170922f7825a629bc5
dotnet-runtime-6.0-6.0.20-1.el8_6.s390x.rpm
SHA-256: 2e955504ff77b4a7ba67921a3c1c12c85dd4adcd88cfe752cd14824641fd4012
dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm
SHA-256: 6a406081dd10bdd22c75705d1bceef11dd7e5e0d012cf6df428ce026765437bc
dotnet-sdk-6.0-6.0.120-1.el8_6.s390x.rpm
SHA-256: 4be1c3518f60c4230a174e0a308cf867e96c4c7b1756af0163fc014fc5d5d699
dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.s390x.rpm
SHA-256: 92390294cf6a10a8751b67aee161d6ebe7d9f496778a0d75f389146071295a46
dotnet-targeting-pack-6.0-6.0.20-1.el8_6.s390x.rpm
SHA-256: 6118cd3dd06e3673d69d515219388648552ea8ca554dc06e00704ffff47117d2
dotnet-templates-6.0-6.0.120-1.el8_6.s390x.rpm
SHA-256: 48a8197e47317a96234c3db9a6b44ce994b3ddf490f4857f3fcc31b62ef3d110
dotnet6.0-debuginfo-6.0.120-1.el8_6.s390x.rpm
SHA-256: 56d0ef756a197a8ab965e80a0e81939a6d9b18421fc44cf8c7b793cfcd12cb3f
dotnet6.0-debugsource-6.0.120-1.el8_6.s390x.rpm
SHA-256: cfdb96547cd334b32484a2db823488afffa8900747384d8b8dbafa1207aec69b
netstandard-targeting-pack-2.1-6.0.120-1.el8_6.s390x.rpm
SHA-256: 1177c880c278058541d83484fac69ca40c5da731c3b0d2e2a192e5941fae5da2
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
dotnet6.0-6.0.120-1.el8_6.src.rpm
SHA-256: 5f8617a3d482ed3274d59936b2205daf14e3cd84da18666dcd8f9f7b705c13c7
x86_64
aspnetcore-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 81fdede45113aefbb91e2e23a160860141f81a52016eb8500a4b9966c9dcfd3f
aspnetcore-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 296e4c3334b15979058af439818045f72bca09092765c7733a6967a02f36e28d
dotnet-6.0.120-1.el8_6.x86_64.rpm
SHA-256: f1930c383d2613d26467f57145b50faa586aa926cacfb02d3f57fa5755959e7d
dotnet-apphost-pack-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 746b3ba2319529d521541a31cf2e6bc0fa118c6cd8ffa671ceba77d97c41fc64
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: a84bd76f5d6a46dc77dfa5b756fe5ac541bb577761e91228c6581a3ef37bfca6
dotnet-host-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 2f4a3e5be7b3146e4f08130ac4448717584b309e8085be8d71f198aed6aebdd4
dotnet-host-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 9d215b35e36fee2a0ce9b4ecc3de610bbf6ba95692f5cffa176f9b2afb92aad8
dotnet-hostfxr-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: e14200444de1a06ba969eebdb771c90dd10e98b5088e63f86ee8aa994d748ebc
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: d187992a31245d3fb11a27904d792d680e83cf89e3c21ecf3d072986788f5daa
dotnet-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: f2b5dbcce8f4483594e6b096733720133da9b7bd53f420bfe0325d2199013be2
dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 92adc5c5a32dbe1127b83941fdc959d8b8b09680c2fa454997cc8a82a5326d0e
dotnet-sdk-6.0-6.0.120-1.el8_6.x86_64.rpm
SHA-256: 23747fcc8d739321f26c1822109385470ae583f53b3312e28b2bf721e7fac64f
dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm
SHA-256: f710a196e42f4e135e4b4d840163b43375160575bfff2e6c81ab2843a9f8df68
dotnet-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: b3c94438080d39e390942f586c8988c9b717a13cd8d2d3113a2439eaf5fc6ecc
dotnet-templates-6.0-6.0.120-1.el8_6.x86_64.rpm
SHA-256: c915dea32744378b5347afe5162d942da8affcd0763d9d3ef4bb30b5909aea3c
dotnet6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm
SHA-256: 583baa8ff1c6bd3f36f4e1106c525fb03fd0715532c9a8a797198ee988ab5130
dotnet6.0-debugsource-6.0.120-1.el8_6.x86_64.rpm
SHA-256: ec59e23f6860c8df08679f5d87c5300ad19c73bf4f63edca13d26d37756a0442
netstandard-targeting-pack-2.1-6.0.120-1.el8_6.x86_64.rpm
SHA-256: 2f2e3bbd5456d352bb4fa53e1443cd67a4cb25279f498e5384471f80469ad2bc
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
dotnet6.0-6.0.120-1.el8_6.src.rpm
SHA-256: 5f8617a3d482ed3274d59936b2205daf14e3cd84da18666dcd8f9f7b705c13c7
aarch64
aspnetcore-runtime-6.0-6.0.20-1.el8_6.aarch64.rpm
SHA-256: fa4db6dcea733aaba260ce34eedfc88cf32f805704aa0634cebb87e24a3ad73f
aspnetcore-targeting-pack-6.0-6.0.20-1.el8_6.aarch64.rpm
SHA-256: 18f722ff3df399e1051e2206d2d3105c0550b994bf6e68ffe01a5ad1872cfaed
dotnet-6.0.120-1.el8_6.aarch64.rpm
SHA-256: 315fa576be70f1e756ce6b1c155531a37528ff52ce2a34044b1bb9ab892e2292
dotnet-apphost-pack-6.0-6.0.20-1.el8_6.aarch64.rpm
SHA-256: 7e98204689af63ba7a2ed43f5f5f6dcf63e64caec1290e31cb99723934c26f8c
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm
SHA-256: 150ec8821da7ca89d3fb9ef1db361f685bf06f61648130577fbd9b5608f44fbd
dotnet-host-6.0.20-1.el8_6.aarch64.rpm
SHA-256: 85db0cad610a63d3eae1fae33454a059c4bb36a52413affb36c793cecc0c516e
dotnet-host-debuginfo-6.0.20-1.el8_6.aarch64.rpm
SHA-256: 28429013fd1583d9af23ca8ee2e2b11df9e0f925ef8970d2cee85538e13d0c7c
dotnet-hostfxr-6.0-6.0.20-1.el8_6.aarch64.rpm
SHA-256: e941b0488412ea185244074196f9ff7877f1dd3e7cc0548fd9c094855ebb9c55
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm
SHA-256: 7a96efb2c8e8df09c005d18ed0a5f05246d83b82ee63f7b4a6ee958e14421cf4
dotnet-runtime-6.0-6.0.20-1.el8_6.aarch64.rpm
SHA-256: 51dcce5630d8bb1e344a437c8f768d2064d4ab51a78d1f5d051854eaca476abb
dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm
SHA-256: 8d7686ec2d8e11205f3827747369e823208eaab7fac7ffe5d8e5b4f15390b196
dotnet-sdk-6.0-6.0.120-1.el8_6.aarch64.rpm
SHA-256: bb640f6e2236c2171d9101463ae4eac670fde18213831e37a3a919a83fc66650
dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.aarch64.rpm
SHA-256: c7f665dfad3db1859d840a58a38109a809306c7df46475c12356ba51641e2569
dotnet-targeting-pack-6.0-6.0.20-1.el8_6.aarch64.rpm
SHA-256: 753c34772fdc71d2ab14f007dbec675c6c7078a6516beca2d7ac117688612239
dotnet-templates-6.0-6.0.120-1.el8_6.aarch64.rpm
SHA-256: 7c7674049ef13ec10fe9ba615b9119c3e18831269cec3e0788e20b20533e5efa
dotnet6.0-debuginfo-6.0.120-1.el8_6.aarch64.rpm
SHA-256: e5eb0ed42f65922d5442d3208cb0313aef174591004daf8f3e5df92aa0c9c462
dotnet6.0-debugsource-6.0.120-1.el8_6.aarch64.rpm
SHA-256: 6c82a0b29b37a8cc672762b06f33d0812d19f1afa1989f1fc0eb1c35d329070b
netstandard-targeting-pack-2.1-6.0.120-1.el8_6.aarch64.rpm
SHA-256: 0fb7f583386db34e4612eed80557a2b6d8b7452250883cb3096a792353e79f17
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
dotnet6.0-6.0.120-1.el8_6.src.rpm
SHA-256: 5f8617a3d482ed3274d59936b2205daf14e3cd84da18666dcd8f9f7b705c13c7
x86_64
aspnetcore-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 81fdede45113aefbb91e2e23a160860141f81a52016eb8500a4b9966c9dcfd3f
aspnetcore-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 296e4c3334b15979058af439818045f72bca09092765c7733a6967a02f36e28d
dotnet-6.0.120-1.el8_6.x86_64.rpm
SHA-256: f1930c383d2613d26467f57145b50faa586aa926cacfb02d3f57fa5755959e7d
dotnet-apphost-pack-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 746b3ba2319529d521541a31cf2e6bc0fa118c6cd8ffa671ceba77d97c41fc64
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: a84bd76f5d6a46dc77dfa5b756fe5ac541bb577761e91228c6581a3ef37bfca6
dotnet-host-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 2f4a3e5be7b3146e4f08130ac4448717584b309e8085be8d71f198aed6aebdd4
dotnet-host-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 9d215b35e36fee2a0ce9b4ecc3de610bbf6ba95692f5cffa176f9b2afb92aad8
dotnet-hostfxr-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: e14200444de1a06ba969eebdb771c90dd10e98b5088e63f86ee8aa994d748ebc
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: d187992a31245d3fb11a27904d792d680e83cf89e3c21ecf3d072986788f5daa
dotnet-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: f2b5dbcce8f4483594e6b096733720133da9b7bd53f420bfe0325d2199013be2
dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 92adc5c5a32dbe1127b83941fdc959d8b8b09680c2fa454997cc8a82a5326d0e
dotnet-sdk-6.0-6.0.120-1.el8_6.x86_64.rpm
SHA-256: 23747fcc8d739321f26c1822109385470ae583f53b3312e28b2bf721e7fac64f
dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm
SHA-256: f710a196e42f4e135e4b4d840163b43375160575bfff2e6c81ab2843a9f8df68
dotnet-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm
SHA-256: b3c94438080d39e390942f586c8988c9b717a13cd8d2d3113a2439eaf5fc6ecc
dotnet-templates-6.0-6.0.120-1.el8_6.x86_64.rpm
SHA-256: c915dea32744378b5347afe5162d942da8affcd0763d9d3ef4bb30b5909aea3c
dotnet6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm
SHA-256: 583baa8ff1c6bd3f36f4e1106c525fb03fd0715532c9a8a797198ee988ab5130
dotnet6.0-debugsource-6.0.120-1.el8_6.x86_64.rpm
SHA-256: ec59e23f6860c8df08679f5d87c5300ad19c73bf4f63edca13d26d37756a0442
netstandard-targeting-pack-2.1-6.0.120-1.el8_6.x86_64.rpm
SHA-256: 2f2e3bbd5456d352bb4fa53e1443cd67a4cb25279f498e5384471f80469ad2bc
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6
SRPM
x86_64
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: a84bd76f5d6a46dc77dfa5b756fe5ac541bb577761e91228c6581a3ef37bfca6
dotnet-host-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 9d215b35e36fee2a0ce9b4ecc3de610bbf6ba95692f5cffa176f9b2afb92aad8
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: d187992a31245d3fb11a27904d792d680e83cf89e3c21ecf3d072986788f5daa
dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm
SHA-256: 92adc5c5a32dbe1127b83941fdc959d8b8b09680c2fa454997cc8a82a5326d0e
dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm
SHA-256: f710a196e42f4e135e4b4d840163b43375160575bfff2e6c81ab2843a9f8df68
dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el8_6.x86_64.rpm
SHA-256: 6ba49f646a04a3e7c0c620c50c46cf8421a14594e899921baafb8c92322189ce
dotnet6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm
SHA-256: 583baa8ff1c6bd3f36f4e1106c525fb03fd0715532c9a8a797198ee988ab5130
dotnet6.0-debugsource-6.0.120-1.el8_6.x86_64.rpm
SHA-256: ec59e23f6860c8df08679f5d87c5300ad19c73bf4f63edca13d26d37756a0442
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6
SRPM
s390x
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm
SHA-256: 78a6c21059d136a04cc1d73dc530bb78fde3e8c7d3054259f7a2a4dfa7f09b32
dotnet-host-debuginfo-6.0.20-1.el8_6.s390x.rpm
SHA-256: 1e5c56de85c7d6f0d70d156ce2dee559b27ced65ef958a4e5c87a319e4f556ca
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm
SHA-256: 46e693c8c191a9bac431951a6dddd3c0ecdf54c856c334170922f7825a629bc5
dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm
SHA-256: 6a406081dd10bdd22c75705d1bceef11dd7e5e0d012cf6df428ce026765437bc
dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.s390x.rpm
SHA-256: 92390294cf6a10a8751b67aee161d6ebe7d9f496778a0d75f389146071295a46
dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el8_6.s390x.rpm
SHA-256: 4b844042d0c04f6756198b7311fa605218a6a91109c5416e550f3cbf07a51165
dotnet6.0-debuginfo-6.0.120-1.el8_6.s390x.rpm
SHA-256: 56d0ef756a197a8ab965e80a0e81939a6d9b18421fc44cf8c7b793cfcd12cb3f
dotnet6.0-debugsource-6.0.120-1.el8_6.s390x.rpm
SHA-256: cfdb96547cd334b32484a2db823488afffa8900747384d8b8dbafa1207aec69b
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6
SRPM
aarch64
dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm
SHA-256: 150ec8821da7ca89d3fb9ef1db361f685bf06f61648130577fbd9b5608f44fbd
dotnet-host-debuginfo-6.0.20-1.el8_6.aarch64.rpm
SHA-256: 28429013fd1583d9af23ca8ee2e2b11df9e0f925ef8970d2cee85538e13d0c7c
dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm
SHA-256: 7a96efb2c8e8df09c005d18ed0a5f05246d83b82ee63f7b4a6ee958e14421cf4
dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm
SHA-256: 8d7686ec2d8e11205f3827747369e823208eaab7fac7ffe5d8e5b4f15390b196
dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.aarch64.rpm
SHA-256: c7f665dfad3db1859d840a58a38109a809306c7df46475c12356ba51641e2569
dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el8_6.aarch64.rpm
SHA-256: 4b5d374fd49bbda560739c6dbd64bcfb2e829709b1d4325a524894bc2241befe
dotnet6.0-debuginfo-6.0.120-1.el8_6.aarch64.rpm
SHA-256: e5eb0ed42f65922d5442d3208cb0313aef174591004daf8f3e5df92aa0c9c462
dotnet6.0-debugsource-6.0.120-1.el8_6.aarch64.rpm
SHA-256: 6c82a0b29b37a8cc672762b06f33d0812d19f1afa1989f1fc0eb1c35d329070b
Related news
Red Hat Security Advisory 2023-4449-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.120 and .NET Runtime 6.0.20. Issues addressed include code execution, denial of service, and heap corruption vulnerabilities.
Red Hat Security Advisory 2023-4448-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.120 and .NET Runtime 6.0.20. Issues addressed include code execution, denial of service, and heap corruption vulnerabilities.
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29331: A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates. * CVE-2023-29337: A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack. * CVE-2023-33128: A vulnerability was found in dotnet. This...
Red Hat Security Advisory 2023-4058-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-33170: A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. This flaw allows a remote attacker to bypass security features, causing an impact on confidentiality, integrity, and availability.
Ubuntu Security Notice 6217-1 - McKee-Harris, Matt Cotterell, and Jack Moran discovered that .NET did not properly update account lockout maximum failed attempts. An attacker could possibly use this issue to bypass the security feature and attempt to guess more passwords for an account.
# Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exist in ASP.NET Core applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords. ## Discussion Discussion for this issue can be found at https://github.com/dotnet/aspnetcore/issues/49334 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any ASP.NET 7.0 application running on .NET 7.0.8 or earlier. * Any ASP.NET 6.0 application running on .NET 6.0.19 or earlier. * Any ASP.N...
ASP.NET and Visual Studio Security Feature Bypass Vulnerability
**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.
Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]
Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]
Ubuntu Security Notice 6161-2 - USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges.
Ubuntu Security Notice 6161-2 - USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges.
Ubuntu Security Notice 6161-2 - USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges.
# Microsoft Security Advisory CVE-2023-33128: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET source generator for P/Invokes that can lead to generated code freeing uninitialized memory and crashing. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/253 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0.1xx SDK 7.0.106 or earlier. * Any .NET 7.0.3xx SDK 7.0.303 or earlier. If your application uses the following package versions, ensure you update to the latest version of .NET....
# Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET when processing X.509 certificates that may result in Denial of Service. Details: [KB5025823 ](https://support.microsoft.com/kb/5025823) ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/257 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0 application running on .NET 7.0.5 or earlier. * Any .NET 6.0 application running on .NET 6.0.16 or earlier. If your application uses ...
### Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET and NuGet on Linux. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 7.0 and NuGet(nuget.exe, NuGet.Protocol, NuGet.Common, NuGet.CommandLine, NuGet.Commands, Microsoft.Build.NuGetSdkResolver, NuGet.PackageManagement) where a potential race condition that can lead to a symlink attack on Linux. Non-Linux platforms are not affected. ### Affected software This issue only affects Linux systems. #### NuGet & NuGet Packages - Any NuGet.exe, NuGet.Protocol, NuGet.Common, NuGet.CommandLine, NuGet.Commands, Microsoft.Build.NuGetSdkResolver, NuGet.PackageManagement 6.6.0 version or earlier. - Any NuGet.exe, NuGet.Protocol, NuGet.Common, NuGet.CommandLine, NuGet.Commands, Microsoft.Build.NuGetSdkResolver, NuGet.PackageManagement 6.5.0 version or earlier. - Any NuGet.e...
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability
Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.
.NET and Visual Studio Remote Code Execution Vulnerability