Headline
RHSA-2023:4639: Red Hat Security Advisory: .NET 6.0 security update
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution.
- CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service.
Synopsis
Important: .NET 6.0 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Security Fix(es):
- dotnet: RCE under dotnet commands (CVE-2023-35390)
- dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2228621 - CVE-2023-38180 dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack
- BZ - 2228622 - CVE-2023-35390 dotnet: RCE under dotnet commands
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
dotnet6.0-6.0.121-1.el9_0.src.rpm
SHA-256: 247182955dbfecfb789c3508e2aa53858a3111eefc8ab30eddc2f88c435b5513
x86_64
aspnetcore-runtime-6.0-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 5a81de8461876289d8f128461ecce209e8b993fbb5b397a41449a2ab4cc74def
aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.x86_64.rpm
SHA-256: afcedf209e530ee0a808655fd07a91cb582349538c824f639a0bce74aaf8bdd9
dotnet-apphost-pack-6.0-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 9cb0d499893a2d169b7eb42d8796391b4ac5662d2c2c9e0e4ec03b6b9066c6e1
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 6e1fe1f22e8dbd5ab9a7fdec895b31c43e9c6b1e9f7ce04de8c9f55982ce45e0
dotnet-host-6.0.21-1.el9_0.x86_64.rpm
SHA-256: e6826b98a18bc10a2123ae610b10eaabed1940ecfa88b7b18607624d1b936284
dotnet-host-debuginfo-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 27a91d024e830a20b006d2ba60fc744093f6c9aca22529fc2f9708ba9836a2ee
dotnet-hostfxr-6.0-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 7c8921a0351755c0db152c0a0aecaf07e6983b048e0be8402707be2b14f1b4b1
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 51fd9cb8e0cebe12ed594b21872cc3016eda7a3d1ade308ceba912ce6aef6f1b
dotnet-runtime-6.0-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 4b1008d61db09e81df0233ef76e332f049d1afd6baa39ff1334fc9ad544c5810
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 07f400a90fbff7c53f3467c474118dd74a1d521bdd627e942f013693e2e54b4c
dotnet-sdk-6.0-6.0.121-1.el9_0.x86_64.rpm
SHA-256: 86acf6f7114ae77b0b8fed6ce799b9eb37171eb660aad7a06da357b3ee234149
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm
SHA-256: a2aebdabc6ff2fa4609be8f9ef227d41406a0ed4b16219faa613f21a74cccf24
dotnet-targeting-pack-6.0-6.0.21-1.el9_0.x86_64.rpm
SHA-256: d7eb48de6487e2b63c3e643ac84996a0d45ed467402dbb268b0aac0dab5e7199
dotnet-templates-6.0-6.0.121-1.el9_0.x86_64.rpm
SHA-256: 1901308229156aea6cc3f602263afe8bfe12c6c23ce40935d86c97c1258ea9de
dotnet6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm
SHA-256: 37c5772f6ae31f93e341a9459caccdd89a829cf0929c48249de65299198ed50f
dotnet6.0-debugsource-6.0.121-1.el9_0.x86_64.rpm
SHA-256: 316cab0898402efd587ad658a3c5d39b6443e90ebabf4b4ccf469a90f94aaf4f
netstandard-targeting-pack-2.1-6.0.121-1.el9_0.x86_64.rpm
SHA-256: 88a876be70f33d36571c10dc6ecbd25335151cae3900567aa9cb95339f66aac1
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
dotnet6.0-6.0.121-1.el9_0.src.rpm
SHA-256: 247182955dbfecfb789c3508e2aa53858a3111eefc8ab30eddc2f88c435b5513
s390x
aspnetcore-runtime-6.0-6.0.21-1.el9_0.s390x.rpm
SHA-256: f87a1e570e4be7992a2882111a124c117b6eb9306194ff1ed832eaea1e2f7d34
aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.s390x.rpm
SHA-256: 8354cc9cddc1ac3eedf3e85bac2090ea473c1acf544f86a72c63b356c8327947
dotnet-apphost-pack-6.0-6.0.21-1.el9_0.s390x.rpm
SHA-256: b83754695ee0fc54fb85ef4a298232a04022521f51d5ae54597fed6172f9bd21
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm
SHA-256: bbea8b730a93eada7fad8ad85366c2beaca4e13f11cd810c2f60ec3916cc9e24
dotnet-host-6.0.21-1.el9_0.s390x.rpm
SHA-256: fc6e5ac9c36297fe1ec1392f751c1dc5173a91fe162df85950c925382a6ec03b
dotnet-host-debuginfo-6.0.21-1.el9_0.s390x.rpm
SHA-256: 3b6b967108949c0454058ec873e4afb3672ce5d1e5b1848764f42ea656d2947f
dotnet-hostfxr-6.0-6.0.21-1.el9_0.s390x.rpm
SHA-256: a47dc22f0352339729c97246c86c831f8ac9443e86d9db9f7ccd93c48189423e
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm
SHA-256: 55d7d0ee33e531da830689dc595c85e465f9bd7a2daab4e5a1f4712ad246182c
dotnet-runtime-6.0-6.0.21-1.el9_0.s390x.rpm
SHA-256: 1e145e24c991e3c6681e491adbf26f30993129e16706a90a15ae2dbf3ac04f20
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm
SHA-256: 5f23f2d0cb38c6c0b9f9ac6b38b8027cde10c294562a6f2fc56412ece26c9de6
dotnet-sdk-6.0-6.0.121-1.el9_0.s390x.rpm
SHA-256: 50fda8f5324451f0c8f04f445573d5e32c16ef31217e5c0252b9986a0ba6ad53
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm
SHA-256: de179a16ba86e0484e7b95f3faea505f4230fe6a3cadac38abec851b789b62eb
dotnet-targeting-pack-6.0-6.0.21-1.el9_0.s390x.rpm
SHA-256: 448dab0288dd5c0007bde4ab992edccac23f585637f27277613582c61a06bbdc
dotnet-templates-6.0-6.0.121-1.el9_0.s390x.rpm
SHA-256: ebb44b67b1c4c3728ea471bb9f391c10e3527a2ab8ce55929299ef9d712d21a4
dotnet6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm
SHA-256: a4d0a1b6adb056ff5bba8621388a041a6e77ab2853371fb2cef6590e6b4ca2bc
dotnet6.0-debugsource-6.0.121-1.el9_0.s390x.rpm
SHA-256: 2ff7f128d55e8c98234167f91e2fa1f26bc3b4964f6ead2f4eb858eb4db0e24b
netstandard-targeting-pack-2.1-6.0.121-1.el9_0.s390x.rpm
SHA-256: b498a427f02befbf1e2144910ebbae98b6052ca2643fed8c0c892761521bae98
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
dotnet6.0-6.0.121-1.el9_0.src.rpm
SHA-256: 247182955dbfecfb789c3508e2aa53858a3111eefc8ab30eddc2f88c435b5513
aarch64
aspnetcore-runtime-6.0-6.0.21-1.el9_0.aarch64.rpm
SHA-256: 74c4a921d3080b9a1e5b7dd5582548f00c4d856bd49bd15aa2374ceaa08a3510
aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.aarch64.rpm
SHA-256: cceb2e11b07356d718c6139e27643b7bc749f93de735e4458049a2d9084cb83c
dotnet-apphost-pack-6.0-6.0.21-1.el9_0.aarch64.rpm
SHA-256: 7a7fa2e4098a3983e1e41b985785cdce960334dbee32d076cefa7614b2cc6105
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm
SHA-256: b702ac09ede71623ebcb004fc5ffcab82c8f2f757f0dd5488e06418b883069f5
dotnet-host-6.0.21-1.el9_0.aarch64.rpm
SHA-256: 7c7b2b4c3947f87fef129441e528839fabc71b99390976346fe1a50f3827584d
dotnet-host-debuginfo-6.0.21-1.el9_0.aarch64.rpm
SHA-256: ab3a27d359124273175967f0c9da5f28dbf7beef20b91057bc9c2a6e603496f1
dotnet-hostfxr-6.0-6.0.21-1.el9_0.aarch64.rpm
SHA-256: 58326bab9c98d6df722ee1a5eff6783d30f98db74a980fa6f11d9c6b236cde59
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm
SHA-256: 7dcad891015a28e4a39957b914893ae5f3be5f151713634f82abc39d6053b121
dotnet-runtime-6.0-6.0.21-1.el9_0.aarch64.rpm
SHA-256: 1716044daa70f6de140b33fd5b47da782070278e073d0062e044ddd0eb946634
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm
SHA-256: 9939658a6e80c38aef179d60bb22a1146e150f433c6bcbc67a3ec345a0d87ddb
dotnet-sdk-6.0-6.0.121-1.el9_0.aarch64.rpm
SHA-256: ebd08b241d90ab23c1e160a2888697a4b63333da517300508be336a271ae78c8
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm
SHA-256: 6c8a273cf25089014207ffb74e2dc433b2f4b630a3cba01a0c020fba8ce13fdb
dotnet-targeting-pack-6.0-6.0.21-1.el9_0.aarch64.rpm
SHA-256: b3a22eb49cec2c0bd3536a610cc614c673b3b0d9650f2c43b3f121d720099115
dotnet-templates-6.0-6.0.121-1.el9_0.aarch64.rpm
SHA-256: 9a61dbb06ac06b9337aa4fc3b88804e7867a1f23a1ae8ad1a84a37dcf7580e3a
dotnet6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm
SHA-256: a65673388b0c400875c8fd118734d1aba34ea356b00910fd65853fcaafb73a40
dotnet6.0-debugsource-6.0.121-1.el9_0.aarch64.rpm
SHA-256: 369806a4a3f148be37eae739b2c01e4ddc161c233e134d6131739b5b3386b638
netstandard-targeting-pack-2.1-6.0.121-1.el9_0.aarch64.rpm
SHA-256: 5902b6c825bb6b8372ed5ea940b2cadc41033649e96ab0941400386e5d8c0c4b
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
dotnet6.0-6.0.121-1.el9_0.src.rpm
SHA-256: 247182955dbfecfb789c3508e2aa53858a3111eefc8ab30eddc2f88c435b5513
x86_64
aspnetcore-runtime-6.0-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 5a81de8461876289d8f128461ecce209e8b993fbb5b397a41449a2ab4cc74def
aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.x86_64.rpm
SHA-256: afcedf209e530ee0a808655fd07a91cb582349538c824f639a0bce74aaf8bdd9
dotnet-apphost-pack-6.0-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 9cb0d499893a2d169b7eb42d8796391b4ac5662d2c2c9e0e4ec03b6b9066c6e1
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 6e1fe1f22e8dbd5ab9a7fdec895b31c43e9c6b1e9f7ce04de8c9f55982ce45e0
dotnet-host-6.0.21-1.el9_0.x86_64.rpm
SHA-256: e6826b98a18bc10a2123ae610b10eaabed1940ecfa88b7b18607624d1b936284
dotnet-host-debuginfo-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 27a91d024e830a20b006d2ba60fc744093f6c9aca22529fc2f9708ba9836a2ee
dotnet-hostfxr-6.0-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 7c8921a0351755c0db152c0a0aecaf07e6983b048e0be8402707be2b14f1b4b1
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 51fd9cb8e0cebe12ed594b21872cc3016eda7a3d1ade308ceba912ce6aef6f1b
dotnet-runtime-6.0-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 4b1008d61db09e81df0233ef76e332f049d1afd6baa39ff1334fc9ad544c5810
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 07f400a90fbff7c53f3467c474118dd74a1d521bdd627e942f013693e2e54b4c
dotnet-sdk-6.0-6.0.121-1.el9_0.x86_64.rpm
SHA-256: 86acf6f7114ae77b0b8fed6ce799b9eb37171eb660aad7a06da357b3ee234149
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm
SHA-256: a2aebdabc6ff2fa4609be8f9ef227d41406a0ed4b16219faa613f21a74cccf24
dotnet-targeting-pack-6.0-6.0.21-1.el9_0.x86_64.rpm
SHA-256: d7eb48de6487e2b63c3e643ac84996a0d45ed467402dbb268b0aac0dab5e7199
dotnet-templates-6.0-6.0.121-1.el9_0.x86_64.rpm
SHA-256: 1901308229156aea6cc3f602263afe8bfe12c6c23ce40935d86c97c1258ea9de
dotnet6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm
SHA-256: 37c5772f6ae31f93e341a9459caccdd89a829cf0929c48249de65299198ed50f
dotnet6.0-debugsource-6.0.121-1.el9_0.x86_64.rpm
SHA-256: 316cab0898402efd587ad658a3c5d39b6443e90ebabf4b4ccf469a90f94aaf4f
netstandard-targeting-pack-2.1-6.0.121-1.el9_0.x86_64.rpm
SHA-256: 88a876be70f33d36571c10dc6ecbd25335151cae3900567aa9cb95339f66aac1
Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0
SRPM
x86_64
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 6e1fe1f22e8dbd5ab9a7fdec895b31c43e9c6b1e9f7ce04de8c9f55982ce45e0
dotnet-host-debuginfo-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 27a91d024e830a20b006d2ba60fc744093f6c9aca22529fc2f9708ba9836a2ee
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 51fd9cb8e0cebe12ed594b21872cc3016eda7a3d1ade308ceba912ce6aef6f1b
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm
SHA-256: 07f400a90fbff7c53f3467c474118dd74a1d521bdd627e942f013693e2e54b4c
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm
SHA-256: a2aebdabc6ff2fa4609be8f9ef227d41406a0ed4b16219faa613f21a74cccf24
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el9_0.x86_64.rpm
SHA-256: d4296c65c9ef29fd8bb3c4d7b92566b4d9c6b7be01fa58f5f4f24240dec76983
dotnet6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm
SHA-256: 37c5772f6ae31f93e341a9459caccdd89a829cf0929c48249de65299198ed50f
dotnet6.0-debugsource-6.0.121-1.el9_0.x86_64.rpm
SHA-256: 316cab0898402efd587ad658a3c5d39b6443e90ebabf4b4ccf469a90f94aaf4f
Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0
SRPM
s390x
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm
SHA-256: bbea8b730a93eada7fad8ad85366c2beaca4e13f11cd810c2f60ec3916cc9e24
dotnet-host-debuginfo-6.0.21-1.el9_0.s390x.rpm
SHA-256: 3b6b967108949c0454058ec873e4afb3672ce5d1e5b1848764f42ea656d2947f
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm
SHA-256: 55d7d0ee33e531da830689dc595c85e465f9bd7a2daab4e5a1f4712ad246182c
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm
SHA-256: 5f23f2d0cb38c6c0b9f9ac6b38b8027cde10c294562a6f2fc56412ece26c9de6
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm
SHA-256: de179a16ba86e0484e7b95f3faea505f4230fe6a3cadac38abec851b789b62eb
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el9_0.s390x.rpm
SHA-256: 28b8d94520e4f490683f11cec4722891e1952e312f3840017d651ec3505ea452
dotnet6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm
SHA-256: a4d0a1b6adb056ff5bba8621388a041a6e77ab2853371fb2cef6590e6b4ca2bc
dotnet6.0-debugsource-6.0.121-1.el9_0.s390x.rpm
SHA-256: 2ff7f128d55e8c98234167f91e2fa1f26bc3b4964f6ead2f4eb858eb4db0e24b
Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0
SRPM
aarch64
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm
SHA-256: b702ac09ede71623ebcb004fc5ffcab82c8f2f757f0dd5488e06418b883069f5
dotnet-host-debuginfo-6.0.21-1.el9_0.aarch64.rpm
SHA-256: ab3a27d359124273175967f0c9da5f28dbf7beef20b91057bc9c2a6e603496f1
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm
SHA-256: 7dcad891015a28e4a39957b914893ae5f3be5f151713634f82abc39d6053b121
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm
SHA-256: 9939658a6e80c38aef179d60bb22a1146e150f433c6bcbc67a3ec345a0d87ddb
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm
SHA-256: 6c8a273cf25089014207ffb74e2dc433b2f4b630a3cba01a0c020fba8ce13fdb
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el9_0.aarch64.rpm
SHA-256: ce60780c67eb8f65862b999d73eb440a0e36580b90196231b49f1df3cc026025
dotnet6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm
SHA-256: a65673388b0c400875c8fd118734d1aba34ea356b00910fd65853fcaafb73a40
dotnet6.0-debugsource-6.0.121-1.el9_0.aarch64.rpm
SHA-256: 369806a4a3f148be37eae739b2c01e4ddc161c233e134d6131739b5b3386b638
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
dotnet6.0-6.0.121-1.el9_0.src.rpm
SHA-256: 247182955dbfecfb789c3508e2aa53858a3111eefc8ab30eddc2f88c435b5513
aarch64
aspnetcore-runtime-6.0-6.0.21-1.el9_0.aarch64.rpm
SHA-256: 74c4a921d3080b9a1e5b7dd5582548f00c4d856bd49bd15aa2374ceaa08a3510
aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.aarch64.rpm
SHA-256: cceb2e11b07356d718c6139e27643b7bc749f93de735e4458049a2d9084cb83c
dotnet-apphost-pack-6.0-6.0.21-1.el9_0.aarch64.rpm
SHA-256: 7a7fa2e4098a3983e1e41b985785cdce960334dbee32d076cefa7614b2cc6105
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm
SHA-256: b702ac09ede71623ebcb004fc5ffcab82c8f2f757f0dd5488e06418b883069f5
dotnet-host-6.0.21-1.el9_0.aarch64.rpm
SHA-256: 7c7b2b4c3947f87fef129441e528839fabc71b99390976346fe1a50f3827584d
dotnet-host-debuginfo-6.0.21-1.el9_0.aarch64.rpm
SHA-256: ab3a27d359124273175967f0c9da5f28dbf7beef20b91057bc9c2a6e603496f1
dotnet-hostfxr-6.0-6.0.21-1.el9_0.aarch64.rpm
SHA-256: 58326bab9c98d6df722ee1a5eff6783d30f98db74a980fa6f11d9c6b236cde59
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm
SHA-256: 7dcad891015a28e4a39957b914893ae5f3be5f151713634f82abc39d6053b121
dotnet-runtime-6.0-6.0.21-1.el9_0.aarch64.rpm
SHA-256: 1716044daa70f6de140b33fd5b47da782070278e073d0062e044ddd0eb946634
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm
SHA-256: 9939658a6e80c38aef179d60bb22a1146e150f433c6bcbc67a3ec345a0d87ddb
dotnet-sdk-6.0-6.0.121-1.el9_0.aarch64.rpm
SHA-256: ebd08b241d90ab23c1e160a2888697a4b63333da517300508be336a271ae78c8
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm
SHA-256: 6c8a273cf25089014207ffb74e2dc433b2f4b630a3cba01a0c020fba8ce13fdb
dotnet-targeting-pack-6.0-6.0.21-1.el9_0.aarch64.rpm
SHA-256: b3a22eb49cec2c0bd3536a610cc614c673b3b0d9650f2c43b3f121d720099115
dotnet-templates-6.0-6.0.121-1.el9_0.aarch64.rpm
SHA-256: 9a61dbb06ac06b9337aa4fc3b88804e7867a1f23a1ae8ad1a84a37dcf7580e3a
dotnet6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm
SHA-256: a65673388b0c400875c8fd118734d1aba34ea356b00910fd65853fcaafb73a40
dotnet6.0-debugsource-6.0.121-1.el9_0.aarch64.rpm
SHA-256: 369806a4a3f148be37eae739b2c01e4ddc161c233e134d6131739b5b3386b638
netstandard-targeting-pack-2.1-6.0.121-1.el9_0.aarch64.rpm
SHA-256: 5902b6c825bb6b8372ed5ea940b2cadc41033649e96ab0941400386e5d8c0c4b
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
dotnet6.0-6.0.121-1.el9_0.src.rpm
SHA-256: 247182955dbfecfb789c3508e2aa53858a3111eefc8ab30eddc2f88c435b5513
s390x
aspnetcore-runtime-6.0-6.0.21-1.el9_0.s390x.rpm
SHA-256: f87a1e570e4be7992a2882111a124c117b6eb9306194ff1ed832eaea1e2f7d34
aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.s390x.rpm
SHA-256: 8354cc9cddc1ac3eedf3e85bac2090ea473c1acf544f86a72c63b356c8327947
dotnet-apphost-pack-6.0-6.0.21-1.el9_0.s390x.rpm
SHA-256: b83754695ee0fc54fb85ef4a298232a04022521f51d5ae54597fed6172f9bd21
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm
SHA-256: bbea8b730a93eada7fad8ad85366c2beaca4e13f11cd810c2f60ec3916cc9e24
dotnet-host-6.0.21-1.el9_0.s390x.rpm
SHA-256: fc6e5ac9c36297fe1ec1392f751c1dc5173a91fe162df85950c925382a6ec03b
dotnet-host-debuginfo-6.0.21-1.el9_0.s390x.rpm
SHA-256: 3b6b967108949c0454058ec873e4afb3672ce5d1e5b1848764f42ea656d2947f
dotnet-hostfxr-6.0-6.0.21-1.el9_0.s390x.rpm
SHA-256: a47dc22f0352339729c97246c86c831f8ac9443e86d9db9f7ccd93c48189423e
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm
SHA-256: 55d7d0ee33e531da830689dc595c85e465f9bd7a2daab4e5a1f4712ad246182c
dotnet-runtime-6.0-6.0.21-1.el9_0.s390x.rpm
SHA-256: 1e145e24c991e3c6681e491adbf26f30993129e16706a90a15ae2dbf3ac04f20
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm
SHA-256: 5f23f2d0cb38c6c0b9f9ac6b38b8027cde10c294562a6f2fc56412ece26c9de6
dotnet-sdk-6.0-6.0.121-1.el9_0.s390x.rpm
SHA-256: 50fda8f5324451f0c8f04f445573d5e32c16ef31217e5c0252b9986a0ba6ad53
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm
SHA-256: de179a16ba86e0484e7b95f3faea505f4230fe6a3cadac38abec851b789b62eb
dotnet-targeting-pack-6.0-6.0.21-1.el9_0.s390x.rpm
SHA-256: 448dab0288dd5c0007bde4ab992edccac23f585637f27277613582c61a06bbdc
dotnet-templates-6.0-6.0.121-1.el9_0.s390x.rpm
SHA-256: ebb44b67b1c4c3728ea471bb9f391c10e3527a2ab8ce55929299ef9d712d21a4
dotnet6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm
SHA-256: a4d0a1b6adb056ff5bba8621388a041a6e77ab2853371fb2cef6590e6b4ca2bc
dotnet6.0-debugsource-6.0.121-1.el9_0.s390x.rpm
SHA-256: 2ff7f128d55e8c98234167f91e2fa1f26bc3b4964f6ead2f4eb858eb4db0e24b
netstandard-targeting-pack-2.1-6.0.121-1.el9_0.s390x.rpm
SHA-256: b498a427f02befbf1e2144910ebbae98b6052ca2643fed8c0c892761521bae98
Related news
Hello everyone! This month I decided NOT to make an episode completely dedicated to Microsoft Patch Tuesday. Instead, this episode will be an answer to the question of how my Vulnerability Management month went. A retrospection of some kind. Alternative video link (for Russia): https://vk.com/video-149273431_456239134 GitHub exploits and Vulristics This month I made some improvements […]
Red Hat Security Advisory 2023-4640-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4645-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4643-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4639-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4641-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Issues addressed include a denial of service vulnerability.
An update for rh-dotnet60-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. * CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially mali...
An update for rh-dotnet60-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. * CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially mali...
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. * CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially...
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. * CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially...
Ubuntu Security Notice 6278-2 - USN-6278-1 fixed several vulnerabilities in .NET. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that .NET did properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft's .NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-38180 (CVSS score: 7.5), the high-severity flaw relates to a case denial-of-service (DoS) impacting .NET and Visual Studio. It
Categories: Exploits and vulnerabilities Categories: News Microsoft has announced patches for 87 vulnerabilities this month, including two that are being actively exploited. (Read more...) The post August Patch Tuesday stops actively exploited attack chain and more appeared first on Malwarebytes Labs.
Ubuntu Security Notice 6278-1 - It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6278-1 - It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service.
# Microsoft Security Advisory CVE-2023-35390: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists when some dotnet commands are used in directories with weaker permissions which can result in remote code execution. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/266 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0.1xx SDK 7.0.109 or earlier. * Any .NET 7.0.3xx SDK 7.0.306 or earlier. * Any .NET 6.0.1xx SDK 6.0.120 or earlier. * Any .NET 6.0.3xx SDK 6.0.315 or earlier. * A...
# Microsoft Security Advisory CVE-2023-38180: .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1, .NET 6.0, and .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in Kestrel where, on detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/269 ### <a name="mitigation-factors"></a>Mitigation factors If your application is running behind a reverse proxy, or Web Application Firewall, which has its own mitigations against HTTP based attacks this issue may be mitigated by the proxy or WAF ## <a name="affected-software"></a>Affected software * Any .NET 7.0 applicat...
Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System
Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including a patch that addresses multiple zero-day vulnerabilities currently being exploited in the wild.
The only vulnerability Microsoft states is being exploited in the wild is CVE-2023-38180, a denial-of-service vulnerability in .NET and Microsoft Visual Studio.
.NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability