Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4448: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-29331: A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates.
  • CVE-2023-29337: A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack.
  • CVE-2023-33128: A vulnerability was found in dotnet. This issue may allow remote code execution via source generators that can lead to a crash due to unmanaged heap corruption.
  • CVE-2023-33170: A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. This flaw allows a remote attacker to bypass security features, causing an impact on confidentiality, integrity, and availability.
Red Hat Security Data
#vulnerability#linux#red_hat#dos#rce#ibm#sap

Synopsis

Important: .NET 6.0 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.120 and .NET Runtime 6.0.20.

Security Fix(es):

  • dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331)
  • dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337)
  • dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128)
  • dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method (CVE-2023-33170)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6 aarch64

Fixes

  • BZ - 2212617 - CVE-2023-29331 dotnet: .NET Kestrel: Denial of Service processing X509 Certificates
  • BZ - 2212618 - CVE-2023-33128 dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption
  • BZ - 2213703 - CVE-2023-29337 dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack
  • BZ - 2221854 - CVE-2023-33170 dotnet: race condition in Core SignInManager<TUser> PasswordSignInAsync method

CVEs

  • CVE-2023-29331
  • CVE-2023-29337
  • CVE-2023-33128
  • CVE-2023-33170

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM

dotnet6.0-6.0.120-1.el8_6.src.rpm

SHA-256: 5f8617a3d482ed3274d59936b2205daf14e3cd84da18666dcd8f9f7b705c13c7

x86_64

aspnetcore-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 81fdede45113aefbb91e2e23a160860141f81a52016eb8500a4b9966c9dcfd3f

aspnetcore-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 296e4c3334b15979058af439818045f72bca09092765c7733a6967a02f36e28d

dotnet-6.0.120-1.el8_6.x86_64.rpm

SHA-256: f1930c383d2613d26467f57145b50faa586aa926cacfb02d3f57fa5755959e7d

dotnet-apphost-pack-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 746b3ba2319529d521541a31cf2e6bc0fa118c6cd8ffa671ceba77d97c41fc64

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: a84bd76f5d6a46dc77dfa5b756fe5ac541bb577761e91228c6581a3ef37bfca6

dotnet-host-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 2f4a3e5be7b3146e4f08130ac4448717584b309e8085be8d71f198aed6aebdd4

dotnet-host-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 9d215b35e36fee2a0ce9b4ecc3de610bbf6ba95692f5cffa176f9b2afb92aad8

dotnet-hostfxr-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: e14200444de1a06ba969eebdb771c90dd10e98b5088e63f86ee8aa994d748ebc

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: d187992a31245d3fb11a27904d792d680e83cf89e3c21ecf3d072986788f5daa

dotnet-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: f2b5dbcce8f4483594e6b096733720133da9b7bd53f420bfe0325d2199013be2

dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 92adc5c5a32dbe1127b83941fdc959d8b8b09680c2fa454997cc8a82a5326d0e

dotnet-sdk-6.0-6.0.120-1.el8_6.x86_64.rpm

SHA-256: 23747fcc8d739321f26c1822109385470ae583f53b3312e28b2bf721e7fac64f

dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm

SHA-256: f710a196e42f4e135e4b4d840163b43375160575bfff2e6c81ab2843a9f8df68

dotnet-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: b3c94438080d39e390942f586c8988c9b717a13cd8d2d3113a2439eaf5fc6ecc

dotnet-templates-6.0-6.0.120-1.el8_6.x86_64.rpm

SHA-256: c915dea32744378b5347afe5162d942da8affcd0763d9d3ef4bb30b5909aea3c

dotnet6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm

SHA-256: 583baa8ff1c6bd3f36f4e1106c525fb03fd0715532c9a8a797198ee988ab5130

dotnet6.0-debugsource-6.0.120-1.el8_6.x86_64.rpm

SHA-256: ec59e23f6860c8df08679f5d87c5300ad19c73bf4f63edca13d26d37756a0442

netstandard-targeting-pack-2.1-6.0.120-1.el8_6.x86_64.rpm

SHA-256: 2f2e3bbd5456d352bb4fa53e1443cd67a4cb25279f498e5384471f80469ad2bc

Red Hat Enterprise Linux Server - AUS 8.6

SRPM

dotnet6.0-6.0.120-1.el8_6.src.rpm

SHA-256: 5f8617a3d482ed3274d59936b2205daf14e3cd84da18666dcd8f9f7b705c13c7

x86_64

aspnetcore-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 81fdede45113aefbb91e2e23a160860141f81a52016eb8500a4b9966c9dcfd3f

aspnetcore-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 296e4c3334b15979058af439818045f72bca09092765c7733a6967a02f36e28d

dotnet-6.0.120-1.el8_6.x86_64.rpm

SHA-256: f1930c383d2613d26467f57145b50faa586aa926cacfb02d3f57fa5755959e7d

dotnet-apphost-pack-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 746b3ba2319529d521541a31cf2e6bc0fa118c6cd8ffa671ceba77d97c41fc64

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: a84bd76f5d6a46dc77dfa5b756fe5ac541bb577761e91228c6581a3ef37bfca6

dotnet-host-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 2f4a3e5be7b3146e4f08130ac4448717584b309e8085be8d71f198aed6aebdd4

dotnet-host-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 9d215b35e36fee2a0ce9b4ecc3de610bbf6ba95692f5cffa176f9b2afb92aad8

dotnet-hostfxr-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: e14200444de1a06ba969eebdb771c90dd10e98b5088e63f86ee8aa994d748ebc

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: d187992a31245d3fb11a27904d792d680e83cf89e3c21ecf3d072986788f5daa

dotnet-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: f2b5dbcce8f4483594e6b096733720133da9b7bd53f420bfe0325d2199013be2

dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 92adc5c5a32dbe1127b83941fdc959d8b8b09680c2fa454997cc8a82a5326d0e

dotnet-sdk-6.0-6.0.120-1.el8_6.x86_64.rpm

SHA-256: 23747fcc8d739321f26c1822109385470ae583f53b3312e28b2bf721e7fac64f

dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm

SHA-256: f710a196e42f4e135e4b4d840163b43375160575bfff2e6c81ab2843a9f8df68

dotnet-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: b3c94438080d39e390942f586c8988c9b717a13cd8d2d3113a2439eaf5fc6ecc

dotnet-templates-6.0-6.0.120-1.el8_6.x86_64.rpm

SHA-256: c915dea32744378b5347afe5162d942da8affcd0763d9d3ef4bb30b5909aea3c

dotnet6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm

SHA-256: 583baa8ff1c6bd3f36f4e1106c525fb03fd0715532c9a8a797198ee988ab5130

dotnet6.0-debugsource-6.0.120-1.el8_6.x86_64.rpm

SHA-256: ec59e23f6860c8df08679f5d87c5300ad19c73bf4f63edca13d26d37756a0442

netstandard-targeting-pack-2.1-6.0.120-1.el8_6.x86_64.rpm

SHA-256: 2f2e3bbd5456d352bb4fa53e1443cd67a4cb25279f498e5384471f80469ad2bc

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM

dotnet6.0-6.0.120-1.el8_6.src.rpm

SHA-256: 5f8617a3d482ed3274d59936b2205daf14e3cd84da18666dcd8f9f7b705c13c7

s390x

aspnetcore-runtime-6.0-6.0.20-1.el8_6.s390x.rpm

SHA-256: 3f5069f4297f3276870b9ca767112698446bb3448f9a43a53efafd683da1b6c3

aspnetcore-targeting-pack-6.0-6.0.20-1.el8_6.s390x.rpm

SHA-256: aeabf8f8020f8ba3ddbff62defcfb8411ff26a65d2a99ad645231c3fcd424d30

dotnet-6.0.120-1.el8_6.s390x.rpm

SHA-256: 5e890cf586b080c6ef7476752de6ee58adba4f5b022ce8d6e2a5f803d7c652c6

dotnet-apphost-pack-6.0-6.0.20-1.el8_6.s390x.rpm

SHA-256: 953c2121a11db3ae23789c20ab6e9bafa2f6080963ff8608a55d975fcc4fa173

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm

SHA-256: 78a6c21059d136a04cc1d73dc530bb78fde3e8c7d3054259f7a2a4dfa7f09b32

dotnet-host-6.0.20-1.el8_6.s390x.rpm

SHA-256: 4eae15d70df30c1db91b8caafb2079f9e51f4d680d28b08e0cc9596c4e55e32c

dotnet-host-debuginfo-6.0.20-1.el8_6.s390x.rpm

SHA-256: 1e5c56de85c7d6f0d70d156ce2dee559b27ced65ef958a4e5c87a319e4f556ca

dotnet-hostfxr-6.0-6.0.20-1.el8_6.s390x.rpm

SHA-256: d886b5d8980a793e5fd282a657f5167750b18c3d35ce198b3042190e6feebc7b

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm

SHA-256: 46e693c8c191a9bac431951a6dddd3c0ecdf54c856c334170922f7825a629bc5

dotnet-runtime-6.0-6.0.20-1.el8_6.s390x.rpm

SHA-256: 2e955504ff77b4a7ba67921a3c1c12c85dd4adcd88cfe752cd14824641fd4012

dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm

SHA-256: 6a406081dd10bdd22c75705d1bceef11dd7e5e0d012cf6df428ce026765437bc

dotnet-sdk-6.0-6.0.120-1.el8_6.s390x.rpm

SHA-256: 4be1c3518f60c4230a174e0a308cf867e96c4c7b1756af0163fc014fc5d5d699

dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.s390x.rpm

SHA-256: 92390294cf6a10a8751b67aee161d6ebe7d9f496778a0d75f389146071295a46

dotnet-targeting-pack-6.0-6.0.20-1.el8_6.s390x.rpm

SHA-256: 6118cd3dd06e3673d69d515219388648552ea8ca554dc06e00704ffff47117d2

dotnet-templates-6.0-6.0.120-1.el8_6.s390x.rpm

SHA-256: 48a8197e47317a96234c3db9a6b44ce994b3ddf490f4857f3fcc31b62ef3d110

dotnet6.0-debuginfo-6.0.120-1.el8_6.s390x.rpm

SHA-256: 56d0ef756a197a8ab965e80a0e81939a6d9b18421fc44cf8c7b793cfcd12cb3f

dotnet6.0-debugsource-6.0.120-1.el8_6.s390x.rpm

SHA-256: cfdb96547cd334b32484a2db823488afffa8900747384d8b8dbafa1207aec69b

netstandard-targeting-pack-2.1-6.0.120-1.el8_6.s390x.rpm

SHA-256: 1177c880c278058541d83484fac69ca40c5da731c3b0d2e2a192e5941fae5da2

Red Hat Enterprise Linux Server - TUS 8.6

SRPM

dotnet6.0-6.0.120-1.el8_6.src.rpm

SHA-256: 5f8617a3d482ed3274d59936b2205daf14e3cd84da18666dcd8f9f7b705c13c7

x86_64

aspnetcore-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 81fdede45113aefbb91e2e23a160860141f81a52016eb8500a4b9966c9dcfd3f

aspnetcore-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 296e4c3334b15979058af439818045f72bca09092765c7733a6967a02f36e28d

dotnet-6.0.120-1.el8_6.x86_64.rpm

SHA-256: f1930c383d2613d26467f57145b50faa586aa926cacfb02d3f57fa5755959e7d

dotnet-apphost-pack-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 746b3ba2319529d521541a31cf2e6bc0fa118c6cd8ffa671ceba77d97c41fc64

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: a84bd76f5d6a46dc77dfa5b756fe5ac541bb577761e91228c6581a3ef37bfca6

dotnet-host-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 2f4a3e5be7b3146e4f08130ac4448717584b309e8085be8d71f198aed6aebdd4

dotnet-host-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 9d215b35e36fee2a0ce9b4ecc3de610bbf6ba95692f5cffa176f9b2afb92aad8

dotnet-hostfxr-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: e14200444de1a06ba969eebdb771c90dd10e98b5088e63f86ee8aa994d748ebc

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: d187992a31245d3fb11a27904d792d680e83cf89e3c21ecf3d072986788f5daa

dotnet-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: f2b5dbcce8f4483594e6b096733720133da9b7bd53f420bfe0325d2199013be2

dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 92adc5c5a32dbe1127b83941fdc959d8b8b09680c2fa454997cc8a82a5326d0e

dotnet-sdk-6.0-6.0.120-1.el8_6.x86_64.rpm

SHA-256: 23747fcc8d739321f26c1822109385470ae583f53b3312e28b2bf721e7fac64f

dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm

SHA-256: f710a196e42f4e135e4b4d840163b43375160575bfff2e6c81ab2843a9f8df68

dotnet-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: b3c94438080d39e390942f586c8988c9b717a13cd8d2d3113a2439eaf5fc6ecc

dotnet-templates-6.0-6.0.120-1.el8_6.x86_64.rpm

SHA-256: c915dea32744378b5347afe5162d942da8affcd0763d9d3ef4bb30b5909aea3c

dotnet6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm

SHA-256: 583baa8ff1c6bd3f36f4e1106c525fb03fd0715532c9a8a797198ee988ab5130

dotnet6.0-debugsource-6.0.120-1.el8_6.x86_64.rpm

SHA-256: ec59e23f6860c8df08679f5d87c5300ad19c73bf4f63edca13d26d37756a0442

netstandard-targeting-pack-2.1-6.0.120-1.el8_6.x86_64.rpm

SHA-256: 2f2e3bbd5456d352bb4fa53e1443cd67a4cb25279f498e5384471f80469ad2bc

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM

dotnet6.0-6.0.120-1.el8_6.src.rpm

SHA-256: 5f8617a3d482ed3274d59936b2205daf14e3cd84da18666dcd8f9f7b705c13c7

aarch64

aspnetcore-runtime-6.0-6.0.20-1.el8_6.aarch64.rpm

SHA-256: fa4db6dcea733aaba260ce34eedfc88cf32f805704aa0634cebb87e24a3ad73f

aspnetcore-targeting-pack-6.0-6.0.20-1.el8_6.aarch64.rpm

SHA-256: 18f722ff3df399e1051e2206d2d3105c0550b994bf6e68ffe01a5ad1872cfaed

dotnet-6.0.120-1.el8_6.aarch64.rpm

SHA-256: 315fa576be70f1e756ce6b1c155531a37528ff52ce2a34044b1bb9ab892e2292

dotnet-apphost-pack-6.0-6.0.20-1.el8_6.aarch64.rpm

SHA-256: 7e98204689af63ba7a2ed43f5f5f6dcf63e64caec1290e31cb99723934c26f8c

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm

SHA-256: 150ec8821da7ca89d3fb9ef1db361f685bf06f61648130577fbd9b5608f44fbd

dotnet-host-6.0.20-1.el8_6.aarch64.rpm

SHA-256: 85db0cad610a63d3eae1fae33454a059c4bb36a52413affb36c793cecc0c516e

dotnet-host-debuginfo-6.0.20-1.el8_6.aarch64.rpm

SHA-256: 28429013fd1583d9af23ca8ee2e2b11df9e0f925ef8970d2cee85538e13d0c7c

dotnet-hostfxr-6.0-6.0.20-1.el8_6.aarch64.rpm

SHA-256: e941b0488412ea185244074196f9ff7877f1dd3e7cc0548fd9c094855ebb9c55

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm

SHA-256: 7a96efb2c8e8df09c005d18ed0a5f05246d83b82ee63f7b4a6ee958e14421cf4

dotnet-runtime-6.0-6.0.20-1.el8_6.aarch64.rpm

SHA-256: 51dcce5630d8bb1e344a437c8f768d2064d4ab51a78d1f5d051854eaca476abb

dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm

SHA-256: 8d7686ec2d8e11205f3827747369e823208eaab7fac7ffe5d8e5b4f15390b196

dotnet-sdk-6.0-6.0.120-1.el8_6.aarch64.rpm

SHA-256: bb640f6e2236c2171d9101463ae4eac670fde18213831e37a3a919a83fc66650

dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.aarch64.rpm

SHA-256: c7f665dfad3db1859d840a58a38109a809306c7df46475c12356ba51641e2569

dotnet-targeting-pack-6.0-6.0.20-1.el8_6.aarch64.rpm

SHA-256: 753c34772fdc71d2ab14f007dbec675c6c7078a6516beca2d7ac117688612239

dotnet-templates-6.0-6.0.120-1.el8_6.aarch64.rpm

SHA-256: 7c7674049ef13ec10fe9ba615b9119c3e18831269cec3e0788e20b20533e5efa

dotnet6.0-debuginfo-6.0.120-1.el8_6.aarch64.rpm

SHA-256: e5eb0ed42f65922d5442d3208cb0313aef174591004daf8f3e5df92aa0c9c462

dotnet6.0-debugsource-6.0.120-1.el8_6.aarch64.rpm

SHA-256: 6c82a0b29b37a8cc672762b06f33d0812d19f1afa1989f1fc0eb1c35d329070b

netstandard-targeting-pack-2.1-6.0.120-1.el8_6.aarch64.rpm

SHA-256: 0fb7f583386db34e4612eed80557a2b6d8b7452250883cb3096a792353e79f17

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM

dotnet6.0-6.0.120-1.el8_6.src.rpm

SHA-256: 5f8617a3d482ed3274d59936b2205daf14e3cd84da18666dcd8f9f7b705c13c7

x86_64

aspnetcore-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 81fdede45113aefbb91e2e23a160860141f81a52016eb8500a4b9966c9dcfd3f

aspnetcore-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 296e4c3334b15979058af439818045f72bca09092765c7733a6967a02f36e28d

dotnet-6.0.120-1.el8_6.x86_64.rpm

SHA-256: f1930c383d2613d26467f57145b50faa586aa926cacfb02d3f57fa5755959e7d

dotnet-apphost-pack-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 746b3ba2319529d521541a31cf2e6bc0fa118c6cd8ffa671ceba77d97c41fc64

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: a84bd76f5d6a46dc77dfa5b756fe5ac541bb577761e91228c6581a3ef37bfca6

dotnet-host-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 2f4a3e5be7b3146e4f08130ac4448717584b309e8085be8d71f198aed6aebdd4

dotnet-host-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 9d215b35e36fee2a0ce9b4ecc3de610bbf6ba95692f5cffa176f9b2afb92aad8

dotnet-hostfxr-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: e14200444de1a06ba969eebdb771c90dd10e98b5088e63f86ee8aa994d748ebc

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: d187992a31245d3fb11a27904d792d680e83cf89e3c21ecf3d072986788f5daa

dotnet-runtime-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: f2b5dbcce8f4483594e6b096733720133da9b7bd53f420bfe0325d2199013be2

dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 92adc5c5a32dbe1127b83941fdc959d8b8b09680c2fa454997cc8a82a5326d0e

dotnet-sdk-6.0-6.0.120-1.el8_6.x86_64.rpm

SHA-256: 23747fcc8d739321f26c1822109385470ae583f53b3312e28b2bf721e7fac64f

dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm

SHA-256: f710a196e42f4e135e4b4d840163b43375160575bfff2e6c81ab2843a9f8df68

dotnet-targeting-pack-6.0-6.0.20-1.el8_6.x86_64.rpm

SHA-256: b3c94438080d39e390942f586c8988c9b717a13cd8d2d3113a2439eaf5fc6ecc

dotnet-templates-6.0-6.0.120-1.el8_6.x86_64.rpm

SHA-256: c915dea32744378b5347afe5162d942da8affcd0763d9d3ef4bb30b5909aea3c

dotnet6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm

SHA-256: 583baa8ff1c6bd3f36f4e1106c525fb03fd0715532c9a8a797198ee988ab5130

dotnet6.0-debugsource-6.0.120-1.el8_6.x86_64.rpm

SHA-256: ec59e23f6860c8df08679f5d87c5300ad19c73bf4f63edca13d26d37756a0442

netstandard-targeting-pack-2.1-6.0.120-1.el8_6.x86_64.rpm

SHA-256: 2f2e3bbd5456d352bb4fa53e1443cd67a4cb25279f498e5384471f80469ad2bc

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 8.6

SRPM

x86_64

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: a84bd76f5d6a46dc77dfa5b756fe5ac541bb577761e91228c6581a3ef37bfca6

dotnet-host-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 9d215b35e36fee2a0ce9b4ecc3de610bbf6ba95692f5cffa176f9b2afb92aad8

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: d187992a31245d3fb11a27904d792d680e83cf89e3c21ecf3d072986788f5daa

dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.x86_64.rpm

SHA-256: 92adc5c5a32dbe1127b83941fdc959d8b8b09680c2fa454997cc8a82a5326d0e

dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm

SHA-256: f710a196e42f4e135e4b4d840163b43375160575bfff2e6c81ab2843a9f8df68

dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el8_6.x86_64.rpm

SHA-256: 6ba49f646a04a3e7c0c620c50c46cf8421a14594e899921baafb8c92322189ce

dotnet6.0-debuginfo-6.0.120-1.el8_6.x86_64.rpm

SHA-256: 583baa8ff1c6bd3f36f4e1106c525fb03fd0715532c9a8a797198ee988ab5130

dotnet6.0-debugsource-6.0.120-1.el8_6.x86_64.rpm

SHA-256: ec59e23f6860c8df08679f5d87c5300ad19c73bf4f63edca13d26d37756a0442

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 8.6

SRPM

s390x

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm

SHA-256: 78a6c21059d136a04cc1d73dc530bb78fde3e8c7d3054259f7a2a4dfa7f09b32

dotnet-host-debuginfo-6.0.20-1.el8_6.s390x.rpm

SHA-256: 1e5c56de85c7d6f0d70d156ce2dee559b27ced65ef958a4e5c87a319e4f556ca

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm

SHA-256: 46e693c8c191a9bac431951a6dddd3c0ecdf54c856c334170922f7825a629bc5

dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.s390x.rpm

SHA-256: 6a406081dd10bdd22c75705d1bceef11dd7e5e0d012cf6df428ce026765437bc

dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.s390x.rpm

SHA-256: 92390294cf6a10a8751b67aee161d6ebe7d9f496778a0d75f389146071295a46

dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el8_6.s390x.rpm

SHA-256: 4b844042d0c04f6756198b7311fa605218a6a91109c5416e550f3cbf07a51165

dotnet6.0-debuginfo-6.0.120-1.el8_6.s390x.rpm

SHA-256: 56d0ef756a197a8ab965e80a0e81939a6d9b18421fc44cf8c7b793cfcd12cb3f

dotnet6.0-debugsource-6.0.120-1.el8_6.s390x.rpm

SHA-256: cfdb96547cd334b32484a2db823488afffa8900747384d8b8dbafa1207aec69b

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 8.6

SRPM

aarch64

dotnet-apphost-pack-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm

SHA-256: 150ec8821da7ca89d3fb9ef1db361f685bf06f61648130577fbd9b5608f44fbd

dotnet-host-debuginfo-6.0.20-1.el8_6.aarch64.rpm

SHA-256: 28429013fd1583d9af23ca8ee2e2b11df9e0f925ef8970d2cee85538e13d0c7c

dotnet-hostfxr-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm

SHA-256: 7a96efb2c8e8df09c005d18ed0a5f05246d83b82ee63f7b4a6ee958e14421cf4

dotnet-runtime-6.0-debuginfo-6.0.20-1.el8_6.aarch64.rpm

SHA-256: 8d7686ec2d8e11205f3827747369e823208eaab7fac7ffe5d8e5b4f15390b196

dotnet-sdk-6.0-debuginfo-6.0.120-1.el8_6.aarch64.rpm

SHA-256: c7f665dfad3db1859d840a58a38109a809306c7df46475c12356ba51641e2569

dotnet-sdk-6.0-source-built-artifacts-6.0.120-1.el8_6.aarch64.rpm

SHA-256: 4b5d374fd49bbda560739c6dbd64bcfb2e829709b1d4325a524894bc2241befe

dotnet6.0-debuginfo-6.0.120-1.el8_6.aarch64.rpm

SHA-256: e5eb0ed42f65922d5442d3208cb0313aef174591004daf8f3e5df92aa0c9c462

dotnet6.0-debugsource-6.0.120-1.el8_6.aarch64.rpm

SHA-256: 6c82a0b29b37a8cc672762b06f33d0812d19f1afa1989f1fc0eb1c35d329070b

Related news

Red Hat Security Advisory 2023-4449-01

Red Hat Security Advisory 2023-4449-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.120 and .NET Runtime 6.0.20. Issues addressed include code execution, denial of service, and heap corruption vulnerabilities.

Red Hat Security Advisory 2023-4448-01

Red Hat Security Advisory 2023-4448-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.120 and .NET Runtime 6.0.20. Issues addressed include code execution, denial of service, and heap corruption vulnerabilities.

RHSA-2023:4449: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-29331: A vulnerability was found in dotnet. This issue can lead to a denial of service while processing X509 Certificates. * CVE-2023-29337: A vulnerability was found in dotnet. This issue exists in NuGet where a potential race condition can lead to a symlink attack. * CVE-2023-33128: A vulnerability was found in dotnet. This...

Red Hat Security Advisory 2023-4058-01

Red Hat Security Advisory 2023-4058-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

RHSA-2023:4061: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-33170: A vulnerability was found in dotNET applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords and bypass security restrictions. This flaw allows a remote attacker to bypass security features, causing an impact on confidentiality, integrity, and availability.

Ubuntu Security Notice USN-6217-1

Ubuntu Security Notice 6217-1 - McKee-Harris, Matt Cotterell, and Jack Moran discovered that .NET did not properly update account lockout maximum failed attempts. An attacker could possibly use this issue to bypass the security feature and attempt to guess more passwords for an account.

GHSA-25c8-p796-jg6r: Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability

# Microsoft Security Advisory CVE-2023-33170: .NET Security Feature Bypass Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exist in ASP.NET Core applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords. ## Discussion Discussion for this issue can be found at https://github.com/dotnet/aspnetcore/issues/49334 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any ASP.NET 7.0 application running on .NET 7.0.8 or earlier. * Any ASP.NET 6.0 application running on .NET 6.0.19 or earlier. * Any ASP.N...

CVE-2023-33170

ASP.NET and Visual Studio Security Feature Bypass Vulnerability

CVE-2023-33170: ASP.NET and Visual Studio Security Feature Bypass Vulnerability

**According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability?** Successful exploitation of this vulnerability requires an attacker to win a race condition and also to take additional actions prior to exploitation to prepare the target environment.

Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP

Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]

Microsoft Patch Tuesday June 2023: Edge type confusion, Git RCE, OneNote Spoofing, PGM RCE, Exchange RCE, SharePoint EoP

Hello everyone! This episode will be about Microsoft Patch Tuesday for June 2023, including vulnerabilities that were added between May and June Patch Tuesdays. As usual, I use my open source Vulristics project to analyse and prioritize vulnerabilities. I took the comments about the vulnerabilities from the Qualys, Tenable, Rapid7, ZDI Patch Tuesday reviews. This time there […]

Ubuntu Security Notice USN-6161-2

Ubuntu Security Notice 6161-2 - USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges.

Ubuntu Security Notice USN-6161-2

Ubuntu Security Notice 6161-2 - USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges.

Ubuntu Security Notice USN-6161-2

Ubuntu Security Notice 6161-2 - USN-6161-1 fixed vulnerabilities in .NET. The update introduced a regression with regards to how the runtime imported X.509 certificates. This update fixes the problem. It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges.

GHSA-x469-cv7m-77r9: .NET Remote Code Execution Vulnerability

# Microsoft Security Advisory CVE-2023-33128: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET source generator for P/Invokes that can lead to generated code freeing uninitialized memory and crashing. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/253 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0.1xx SDK 7.0.106 or earlier. * Any .NET 7.0.3xx SDK 7.0.303 or earlier. If your application uses the following package versions, ensure you update to the latest version of .NET....

GHSA-555c-2p6r-68mm: .NET Denial of Service vulnerability

# Microsoft Security Advisory CVE-2023-29331: .NET Denial of Service vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET when processing X.509 certificates that may result in Denial of Service. Details: [KB5025823 ](https://support.microsoft.com/kb/5025823) ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/257 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0 application running on .NET 7.0.5 or earlier. * Any .NET 6.0 application running on .NET 6.0.16 or earlier. If your application uses ...

GHSA-6qmf-mmc7-6c2p: NuGet Client Remote Code Execution Vulnerability

### Description Microsoft is releasing this security advisory to provide information about a vulnerability in .NET and NuGet on Linux. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 7.0 and NuGet(nuget.exe, NuGet.Protocol, NuGet.Common, NuGet.CommandLine, NuGet.Commands, Microsoft.Build.NuGetSdkResolver, NuGet.PackageManagement) where a potential race condition that can lead to a symlink attack on Linux. Non-Linux platforms are not affected. ### Affected software This issue only affects Linux systems. #### NuGet & NuGet Packages - Any NuGet.exe, NuGet.Protocol, NuGet.Common, NuGet.CommandLine, NuGet.Commands, Microsoft.Build.NuGetSdkResolver, NuGet.PackageManagement 6.6.0 version or earlier. - Any NuGet.exe, NuGet.Protocol, NuGet.Common, NuGet.CommandLine, NuGet.Commands, Microsoft.Build.NuGetSdkResolver, NuGet.PackageManagement 6.5.0 version or earlier. - Any NuGet.e...

CVE-2023-29337

NuGet Client Remote Code Execution Vulnerability

CVE-2023-29331

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

RHSA-2023:3580: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability

RHSA-2023:3580: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability

RHSA-2023:3580: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability

RHSA-2023:3582: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability

RHSA-2023:3582: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability

RHSA-2023:3582: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-24936: No description is available for this CVE. * CVE-2023-29331: No description is available for this CVE. * CVE-2023-29337: No description is available for this CVE. * CVE-2023-33128: .NET and Visual Studio Remote Code Execution Vulnerability

Ubuntu Security Notice USN-6161-1

Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6161-1

Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6161-1

Ubuntu Security Notice 6161-1 - It was discovered that .NET did not properly enforce certain restrictions when deserializing a DataSet or DataTable from XML. An attacker could possibly use this issue to elevate their privileges. Kevin Jones discovered that .NET did not properly handle the AIA fetching process for X.509 client certificates. An attacker could possibly use this issue to cause a denial of service.

CVE-2023-33128

.NET and Visual Studio Remote Code Execution Vulnerability