Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2023:4639: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution.
  • CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service.
Red Hat Security Data
#vulnerability#linux#red_hat#dos#rce#ibm#sap

Synopsis

Important: .NET 6.0 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

Security Fix(es):

  • dotnet: RCE under dotnet commands (CVE-2023-35390)
  • dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2228621 - CVE-2023-38180 dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack
  • BZ - 2228622 - CVE-2023-35390 dotnet: RCE under dotnet commands

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

dotnet6.0-6.0.121-1.el9_0.src.rpm

SHA-256: 247182955dbfecfb789c3508e2aa53858a3111eefc8ab30eddc2f88c435b5513

x86_64

aspnetcore-runtime-6.0-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 5a81de8461876289d8f128461ecce209e8b993fbb5b397a41449a2ab4cc74def

aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.x86_64.rpm

SHA-256: afcedf209e530ee0a808655fd07a91cb582349538c824f639a0bce74aaf8bdd9

dotnet-apphost-pack-6.0-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 9cb0d499893a2d169b7eb42d8796391b4ac5662d2c2c9e0e4ec03b6b9066c6e1

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 6e1fe1f22e8dbd5ab9a7fdec895b31c43e9c6b1e9f7ce04de8c9f55982ce45e0

dotnet-host-6.0.21-1.el9_0.x86_64.rpm

SHA-256: e6826b98a18bc10a2123ae610b10eaabed1940ecfa88b7b18607624d1b936284

dotnet-host-debuginfo-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 27a91d024e830a20b006d2ba60fc744093f6c9aca22529fc2f9708ba9836a2ee

dotnet-hostfxr-6.0-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 7c8921a0351755c0db152c0a0aecaf07e6983b048e0be8402707be2b14f1b4b1

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 51fd9cb8e0cebe12ed594b21872cc3016eda7a3d1ade308ceba912ce6aef6f1b

dotnet-runtime-6.0-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 4b1008d61db09e81df0233ef76e332f049d1afd6baa39ff1334fc9ad544c5810

dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 07f400a90fbff7c53f3467c474118dd74a1d521bdd627e942f013693e2e54b4c

dotnet-sdk-6.0-6.0.121-1.el9_0.x86_64.rpm

SHA-256: 86acf6f7114ae77b0b8fed6ce799b9eb37171eb660aad7a06da357b3ee234149

dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm

SHA-256: a2aebdabc6ff2fa4609be8f9ef227d41406a0ed4b16219faa613f21a74cccf24

dotnet-targeting-pack-6.0-6.0.21-1.el9_0.x86_64.rpm

SHA-256: d7eb48de6487e2b63c3e643ac84996a0d45ed467402dbb268b0aac0dab5e7199

dotnet-templates-6.0-6.0.121-1.el9_0.x86_64.rpm

SHA-256: 1901308229156aea6cc3f602263afe8bfe12c6c23ce40935d86c97c1258ea9de

dotnet6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm

SHA-256: 37c5772f6ae31f93e341a9459caccdd89a829cf0929c48249de65299198ed50f

dotnet6.0-debugsource-6.0.121-1.el9_0.x86_64.rpm

SHA-256: 316cab0898402efd587ad658a3c5d39b6443e90ebabf4b4ccf469a90f94aaf4f

netstandard-targeting-pack-2.1-6.0.121-1.el9_0.x86_64.rpm

SHA-256: 88a876be70f33d36571c10dc6ecbd25335151cae3900567aa9cb95339f66aac1

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM

dotnet6.0-6.0.121-1.el9_0.src.rpm

SHA-256: 247182955dbfecfb789c3508e2aa53858a3111eefc8ab30eddc2f88c435b5513

s390x

aspnetcore-runtime-6.0-6.0.21-1.el9_0.s390x.rpm

SHA-256: f87a1e570e4be7992a2882111a124c117b6eb9306194ff1ed832eaea1e2f7d34

aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.s390x.rpm

SHA-256: 8354cc9cddc1ac3eedf3e85bac2090ea473c1acf544f86a72c63b356c8327947

dotnet-apphost-pack-6.0-6.0.21-1.el9_0.s390x.rpm

SHA-256: b83754695ee0fc54fb85ef4a298232a04022521f51d5ae54597fed6172f9bd21

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm

SHA-256: bbea8b730a93eada7fad8ad85366c2beaca4e13f11cd810c2f60ec3916cc9e24

dotnet-host-6.0.21-1.el9_0.s390x.rpm

SHA-256: fc6e5ac9c36297fe1ec1392f751c1dc5173a91fe162df85950c925382a6ec03b

dotnet-host-debuginfo-6.0.21-1.el9_0.s390x.rpm

SHA-256: 3b6b967108949c0454058ec873e4afb3672ce5d1e5b1848764f42ea656d2947f

dotnet-hostfxr-6.0-6.0.21-1.el9_0.s390x.rpm

SHA-256: a47dc22f0352339729c97246c86c831f8ac9443e86d9db9f7ccd93c48189423e

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm

SHA-256: 55d7d0ee33e531da830689dc595c85e465f9bd7a2daab4e5a1f4712ad246182c

dotnet-runtime-6.0-6.0.21-1.el9_0.s390x.rpm

SHA-256: 1e145e24c991e3c6681e491adbf26f30993129e16706a90a15ae2dbf3ac04f20

dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm

SHA-256: 5f23f2d0cb38c6c0b9f9ac6b38b8027cde10c294562a6f2fc56412ece26c9de6

dotnet-sdk-6.0-6.0.121-1.el9_0.s390x.rpm

SHA-256: 50fda8f5324451f0c8f04f445573d5e32c16ef31217e5c0252b9986a0ba6ad53

dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm

SHA-256: de179a16ba86e0484e7b95f3faea505f4230fe6a3cadac38abec851b789b62eb

dotnet-targeting-pack-6.0-6.0.21-1.el9_0.s390x.rpm

SHA-256: 448dab0288dd5c0007bde4ab992edccac23f585637f27277613582c61a06bbdc

dotnet-templates-6.0-6.0.121-1.el9_0.s390x.rpm

SHA-256: ebb44b67b1c4c3728ea471bb9f391c10e3527a2ab8ce55929299ef9d712d21a4

dotnet6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm

SHA-256: a4d0a1b6adb056ff5bba8621388a041a6e77ab2853371fb2cef6590e6b4ca2bc

dotnet6.0-debugsource-6.0.121-1.el9_0.s390x.rpm

SHA-256: 2ff7f128d55e8c98234167f91e2fa1f26bc3b4964f6ead2f4eb858eb4db0e24b

netstandard-targeting-pack-2.1-6.0.121-1.el9_0.s390x.rpm

SHA-256: b498a427f02befbf1e2144910ebbae98b6052ca2643fed8c0c892761521bae98

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM

dotnet6.0-6.0.121-1.el9_0.src.rpm

SHA-256: 247182955dbfecfb789c3508e2aa53858a3111eefc8ab30eddc2f88c435b5513

aarch64

aspnetcore-runtime-6.0-6.0.21-1.el9_0.aarch64.rpm

SHA-256: 74c4a921d3080b9a1e5b7dd5582548f00c4d856bd49bd15aa2374ceaa08a3510

aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.aarch64.rpm

SHA-256: cceb2e11b07356d718c6139e27643b7bc749f93de735e4458049a2d9084cb83c

dotnet-apphost-pack-6.0-6.0.21-1.el9_0.aarch64.rpm

SHA-256: 7a7fa2e4098a3983e1e41b985785cdce960334dbee32d076cefa7614b2cc6105

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm

SHA-256: b702ac09ede71623ebcb004fc5ffcab82c8f2f757f0dd5488e06418b883069f5

dotnet-host-6.0.21-1.el9_0.aarch64.rpm

SHA-256: 7c7b2b4c3947f87fef129441e528839fabc71b99390976346fe1a50f3827584d

dotnet-host-debuginfo-6.0.21-1.el9_0.aarch64.rpm

SHA-256: ab3a27d359124273175967f0c9da5f28dbf7beef20b91057bc9c2a6e603496f1

dotnet-hostfxr-6.0-6.0.21-1.el9_0.aarch64.rpm

SHA-256: 58326bab9c98d6df722ee1a5eff6783d30f98db74a980fa6f11d9c6b236cde59

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm

SHA-256: 7dcad891015a28e4a39957b914893ae5f3be5f151713634f82abc39d6053b121

dotnet-runtime-6.0-6.0.21-1.el9_0.aarch64.rpm

SHA-256: 1716044daa70f6de140b33fd5b47da782070278e073d0062e044ddd0eb946634

dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm

SHA-256: 9939658a6e80c38aef179d60bb22a1146e150f433c6bcbc67a3ec345a0d87ddb

dotnet-sdk-6.0-6.0.121-1.el9_0.aarch64.rpm

SHA-256: ebd08b241d90ab23c1e160a2888697a4b63333da517300508be336a271ae78c8

dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm

SHA-256: 6c8a273cf25089014207ffb74e2dc433b2f4b630a3cba01a0c020fba8ce13fdb

dotnet-targeting-pack-6.0-6.0.21-1.el9_0.aarch64.rpm

SHA-256: b3a22eb49cec2c0bd3536a610cc614c673b3b0d9650f2c43b3f121d720099115

dotnet-templates-6.0-6.0.121-1.el9_0.aarch64.rpm

SHA-256: 9a61dbb06ac06b9337aa4fc3b88804e7867a1f23a1ae8ad1a84a37dcf7580e3a

dotnet6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm

SHA-256: a65673388b0c400875c8fd118734d1aba34ea356b00910fd65853fcaafb73a40

dotnet6.0-debugsource-6.0.121-1.el9_0.aarch64.rpm

SHA-256: 369806a4a3f148be37eae739b2c01e4ddc161c233e134d6131739b5b3386b638

netstandard-targeting-pack-2.1-6.0.121-1.el9_0.aarch64.rpm

SHA-256: 5902b6c825bb6b8372ed5ea940b2cadc41033649e96ab0941400386e5d8c0c4b

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM

dotnet6.0-6.0.121-1.el9_0.src.rpm

SHA-256: 247182955dbfecfb789c3508e2aa53858a3111eefc8ab30eddc2f88c435b5513

x86_64

aspnetcore-runtime-6.0-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 5a81de8461876289d8f128461ecce209e8b993fbb5b397a41449a2ab4cc74def

aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.x86_64.rpm

SHA-256: afcedf209e530ee0a808655fd07a91cb582349538c824f639a0bce74aaf8bdd9

dotnet-apphost-pack-6.0-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 9cb0d499893a2d169b7eb42d8796391b4ac5662d2c2c9e0e4ec03b6b9066c6e1

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 6e1fe1f22e8dbd5ab9a7fdec895b31c43e9c6b1e9f7ce04de8c9f55982ce45e0

dotnet-host-6.0.21-1.el9_0.x86_64.rpm

SHA-256: e6826b98a18bc10a2123ae610b10eaabed1940ecfa88b7b18607624d1b936284

dotnet-host-debuginfo-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 27a91d024e830a20b006d2ba60fc744093f6c9aca22529fc2f9708ba9836a2ee

dotnet-hostfxr-6.0-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 7c8921a0351755c0db152c0a0aecaf07e6983b048e0be8402707be2b14f1b4b1

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 51fd9cb8e0cebe12ed594b21872cc3016eda7a3d1ade308ceba912ce6aef6f1b

dotnet-runtime-6.0-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 4b1008d61db09e81df0233ef76e332f049d1afd6baa39ff1334fc9ad544c5810

dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 07f400a90fbff7c53f3467c474118dd74a1d521bdd627e942f013693e2e54b4c

dotnet-sdk-6.0-6.0.121-1.el9_0.x86_64.rpm

SHA-256: 86acf6f7114ae77b0b8fed6ce799b9eb37171eb660aad7a06da357b3ee234149

dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm

SHA-256: a2aebdabc6ff2fa4609be8f9ef227d41406a0ed4b16219faa613f21a74cccf24

dotnet-targeting-pack-6.0-6.0.21-1.el9_0.x86_64.rpm

SHA-256: d7eb48de6487e2b63c3e643ac84996a0d45ed467402dbb268b0aac0dab5e7199

dotnet-templates-6.0-6.0.121-1.el9_0.x86_64.rpm

SHA-256: 1901308229156aea6cc3f602263afe8bfe12c6c23ce40935d86c97c1258ea9de

dotnet6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm

SHA-256: 37c5772f6ae31f93e341a9459caccdd89a829cf0929c48249de65299198ed50f

dotnet6.0-debugsource-6.0.121-1.el9_0.x86_64.rpm

SHA-256: 316cab0898402efd587ad658a3c5d39b6443e90ebabf4b4ccf469a90f94aaf4f

netstandard-targeting-pack-2.1-6.0.121-1.el9_0.x86_64.rpm

SHA-256: 88a876be70f33d36571c10dc6ecbd25335151cae3900567aa9cb95339f66aac1

Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 9.0

SRPM

x86_64

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 6e1fe1f22e8dbd5ab9a7fdec895b31c43e9c6b1e9f7ce04de8c9f55982ce45e0

dotnet-host-debuginfo-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 27a91d024e830a20b006d2ba60fc744093f6c9aca22529fc2f9708ba9836a2ee

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 51fd9cb8e0cebe12ed594b21872cc3016eda7a3d1ade308ceba912ce6aef6f1b

dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm

SHA-256: 07f400a90fbff7c53f3467c474118dd74a1d521bdd627e942f013693e2e54b4c

dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm

SHA-256: a2aebdabc6ff2fa4609be8f9ef227d41406a0ed4b16219faa613f21a74cccf24

dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el9_0.x86_64.rpm

SHA-256: d4296c65c9ef29fd8bb3c4d7b92566b4d9c6b7be01fa58f5f4f24240dec76983

dotnet6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm

SHA-256: 37c5772f6ae31f93e341a9459caccdd89a829cf0929c48249de65299198ed50f

dotnet6.0-debugsource-6.0.121-1.el9_0.x86_64.rpm

SHA-256: 316cab0898402efd587ad658a3c5d39b6443e90ebabf4b4ccf469a90f94aaf4f

Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 9.0

SRPM

s390x

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm

SHA-256: bbea8b730a93eada7fad8ad85366c2beaca4e13f11cd810c2f60ec3916cc9e24

dotnet-host-debuginfo-6.0.21-1.el9_0.s390x.rpm

SHA-256: 3b6b967108949c0454058ec873e4afb3672ce5d1e5b1848764f42ea656d2947f

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm

SHA-256: 55d7d0ee33e531da830689dc595c85e465f9bd7a2daab4e5a1f4712ad246182c

dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm

SHA-256: 5f23f2d0cb38c6c0b9f9ac6b38b8027cde10c294562a6f2fc56412ece26c9de6

dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm

SHA-256: de179a16ba86e0484e7b95f3faea505f4230fe6a3cadac38abec851b789b62eb

dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el9_0.s390x.rpm

SHA-256: 28b8d94520e4f490683f11cec4722891e1952e312f3840017d651ec3505ea452

dotnet6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm

SHA-256: a4d0a1b6adb056ff5bba8621388a041a6e77ab2853371fb2cef6590e6b4ca2bc

dotnet6.0-debugsource-6.0.121-1.el9_0.s390x.rpm

SHA-256: 2ff7f128d55e8c98234167f91e2fa1f26bc3b4964f6ead2f4eb858eb4db0e24b

Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 9.0

SRPM

aarch64

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm

SHA-256: b702ac09ede71623ebcb004fc5ffcab82c8f2f757f0dd5488e06418b883069f5

dotnet-host-debuginfo-6.0.21-1.el9_0.aarch64.rpm

SHA-256: ab3a27d359124273175967f0c9da5f28dbf7beef20b91057bc9c2a6e603496f1

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm

SHA-256: 7dcad891015a28e4a39957b914893ae5f3be5f151713634f82abc39d6053b121

dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm

SHA-256: 9939658a6e80c38aef179d60bb22a1146e150f433c6bcbc67a3ec345a0d87ddb

dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm

SHA-256: 6c8a273cf25089014207ffb74e2dc433b2f4b630a3cba01a0c020fba8ce13fdb

dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el9_0.aarch64.rpm

SHA-256: ce60780c67eb8f65862b999d73eb440a0e36580b90196231b49f1df3cc026025

dotnet6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm

SHA-256: a65673388b0c400875c8fd118734d1aba34ea356b00910fd65853fcaafb73a40

dotnet6.0-debugsource-6.0.121-1.el9_0.aarch64.rpm

SHA-256: 369806a4a3f148be37eae739b2c01e4ddc161c233e134d6131739b5b3386b638

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0

SRPM

dotnet6.0-6.0.121-1.el9_0.src.rpm

SHA-256: 247182955dbfecfb789c3508e2aa53858a3111eefc8ab30eddc2f88c435b5513

aarch64

aspnetcore-runtime-6.0-6.0.21-1.el9_0.aarch64.rpm

SHA-256: 74c4a921d3080b9a1e5b7dd5582548f00c4d856bd49bd15aa2374ceaa08a3510

aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.aarch64.rpm

SHA-256: cceb2e11b07356d718c6139e27643b7bc749f93de735e4458049a2d9084cb83c

dotnet-apphost-pack-6.0-6.0.21-1.el9_0.aarch64.rpm

SHA-256: 7a7fa2e4098a3983e1e41b985785cdce960334dbee32d076cefa7614b2cc6105

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm

SHA-256: b702ac09ede71623ebcb004fc5ffcab82c8f2f757f0dd5488e06418b883069f5

dotnet-host-6.0.21-1.el9_0.aarch64.rpm

SHA-256: 7c7b2b4c3947f87fef129441e528839fabc71b99390976346fe1a50f3827584d

dotnet-host-debuginfo-6.0.21-1.el9_0.aarch64.rpm

SHA-256: ab3a27d359124273175967f0c9da5f28dbf7beef20b91057bc9c2a6e603496f1

dotnet-hostfxr-6.0-6.0.21-1.el9_0.aarch64.rpm

SHA-256: 58326bab9c98d6df722ee1a5eff6783d30f98db74a980fa6f11d9c6b236cde59

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm

SHA-256: 7dcad891015a28e4a39957b914893ae5f3be5f151713634f82abc39d6053b121

dotnet-runtime-6.0-6.0.21-1.el9_0.aarch64.rpm

SHA-256: 1716044daa70f6de140b33fd5b47da782070278e073d0062e044ddd0eb946634

dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm

SHA-256: 9939658a6e80c38aef179d60bb22a1146e150f433c6bcbc67a3ec345a0d87ddb

dotnet-sdk-6.0-6.0.121-1.el9_0.aarch64.rpm

SHA-256: ebd08b241d90ab23c1e160a2888697a4b63333da517300508be336a271ae78c8

dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm

SHA-256: 6c8a273cf25089014207ffb74e2dc433b2f4b630a3cba01a0c020fba8ce13fdb

dotnet-targeting-pack-6.0-6.0.21-1.el9_0.aarch64.rpm

SHA-256: b3a22eb49cec2c0bd3536a610cc614c673b3b0d9650f2c43b3f121d720099115

dotnet-templates-6.0-6.0.121-1.el9_0.aarch64.rpm

SHA-256: 9a61dbb06ac06b9337aa4fc3b88804e7867a1f23a1ae8ad1a84a37dcf7580e3a

dotnet6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm

SHA-256: a65673388b0c400875c8fd118734d1aba34ea356b00910fd65853fcaafb73a40

dotnet6.0-debugsource-6.0.121-1.el9_0.aarch64.rpm

SHA-256: 369806a4a3f148be37eae739b2c01e4ddc161c233e134d6131739b5b3386b638

netstandard-targeting-pack-2.1-6.0.121-1.el9_0.aarch64.rpm

SHA-256: 5902b6c825bb6b8372ed5ea940b2cadc41033649e96ab0941400386e5d8c0c4b

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0

SRPM

dotnet6.0-6.0.121-1.el9_0.src.rpm

SHA-256: 247182955dbfecfb789c3508e2aa53858a3111eefc8ab30eddc2f88c435b5513

s390x

aspnetcore-runtime-6.0-6.0.21-1.el9_0.s390x.rpm

SHA-256: f87a1e570e4be7992a2882111a124c117b6eb9306194ff1ed832eaea1e2f7d34

aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.s390x.rpm

SHA-256: 8354cc9cddc1ac3eedf3e85bac2090ea473c1acf544f86a72c63b356c8327947

dotnet-apphost-pack-6.0-6.0.21-1.el9_0.s390x.rpm

SHA-256: b83754695ee0fc54fb85ef4a298232a04022521f51d5ae54597fed6172f9bd21

dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm

SHA-256: bbea8b730a93eada7fad8ad85366c2beaca4e13f11cd810c2f60ec3916cc9e24

dotnet-host-6.0.21-1.el9_0.s390x.rpm

SHA-256: fc6e5ac9c36297fe1ec1392f751c1dc5173a91fe162df85950c925382a6ec03b

dotnet-host-debuginfo-6.0.21-1.el9_0.s390x.rpm

SHA-256: 3b6b967108949c0454058ec873e4afb3672ce5d1e5b1848764f42ea656d2947f

dotnet-hostfxr-6.0-6.0.21-1.el9_0.s390x.rpm

SHA-256: a47dc22f0352339729c97246c86c831f8ac9443e86d9db9f7ccd93c48189423e

dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm

SHA-256: 55d7d0ee33e531da830689dc595c85e465f9bd7a2daab4e5a1f4712ad246182c

dotnet-runtime-6.0-6.0.21-1.el9_0.s390x.rpm

SHA-256: 1e145e24c991e3c6681e491adbf26f30993129e16706a90a15ae2dbf3ac04f20

dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm

SHA-256: 5f23f2d0cb38c6c0b9f9ac6b38b8027cde10c294562a6f2fc56412ece26c9de6

dotnet-sdk-6.0-6.0.121-1.el9_0.s390x.rpm

SHA-256: 50fda8f5324451f0c8f04f445573d5e32c16ef31217e5c0252b9986a0ba6ad53

dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm

SHA-256: de179a16ba86e0484e7b95f3faea505f4230fe6a3cadac38abec851b789b62eb

dotnet-targeting-pack-6.0-6.0.21-1.el9_0.s390x.rpm

SHA-256: 448dab0288dd5c0007bde4ab992edccac23f585637f27277613582c61a06bbdc

dotnet-templates-6.0-6.0.121-1.el9_0.s390x.rpm

SHA-256: ebb44b67b1c4c3728ea471bb9f391c10e3527a2ab8ce55929299ef9d712d21a4

dotnet6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm

SHA-256: a4d0a1b6adb056ff5bba8621388a041a6e77ab2853371fb2cef6590e6b4ca2bc

dotnet6.0-debugsource-6.0.121-1.el9_0.s390x.rpm

SHA-256: 2ff7f128d55e8c98234167f91e2fa1f26bc3b4964f6ead2f4eb858eb4db0e24b

netstandard-targeting-pack-2.1-6.0.121-1.el9_0.s390x.rpm

SHA-256: b498a427f02befbf1e2144910ebbae98b6052ca2643fed8c0c892761521bae98

Related news

August 2023: GitHub PoCs, Vulristics, Qualys First-Party, Tenable ExposureAI, SC Awards and Rapid7, Anglo-Saxon list, MS Patch Tuesday, WinRAR, Juniper

Hello everyone! This month I decided NOT to make an episode completely dedicated to Microsoft Patch Tuesday. Instead, this episode will be an answer to the question of how my Vulnerability Management month went. A retrospection of some kind. Alternative video link (for Russia): https://vk.com/video-149273431_456239134 GitHub exploits and Vulristics This month I made some improvements […]

Red Hat Security Advisory 2023-4640-01

Red Hat Security Advisory 2023-4640-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4645-01

Red Hat Security Advisory 2023-4645-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4643-01

Red Hat Security Advisory 2023-4643-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4639-01

Red Hat Security Advisory 2023-4639-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Issues addressed include a denial of service vulnerability.

Red Hat Security Advisory 2023-4641-01

Red Hat Security Advisory 2023-4641-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Issues addressed include a denial of service vulnerability.

RHSA-2023:4641: Red Hat Security Advisory: rh-dotnet60-dotnet security, bug fix, and enhancement update

An update for rh-dotnet60-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. * CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially mali...

RHSA-2023:4641: Red Hat Security Advisory: rh-dotnet60-dotnet security, bug fix, and enhancement update

An update for rh-dotnet60-dotnet is now available for .NET Core on Red Hat Enterprise Linux. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. * CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially mali...

RHSA-2023:4640: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. * CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially...

RHSA-2023:4640: Red Hat Security Advisory: .NET 6.0 security update

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-35390: A vulnerability was found in dotnet. This issue exists when some dotnet commands are used in directories with weaker permissions, which can result in remote code execution. * CVE-2023-38180: An uncontrolled resource consumption vulnerability was found in the Kestrel component of the dotNET. When detecting a potentially...

Ubuntu Security Notice USN-6278-2

Ubuntu Security Notice 6278-2 - USN-6278-1 fixed several vulnerabilities in .NET. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that .NET did properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution.

CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft's .NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-38180 (CVSS score: 7.5), the high-severity flaw relates to a case denial-of-service (DoS) impacting .NET and Visual Studio. It

August Patch Tuesday stops actively exploited attack chain and more

Categories: Exploits and vulnerabilities Categories: News Microsoft has announced patches for 87 vulnerabilities this month, including two that are being actively exploited. (Read more...) The post August Patch Tuesday stops actively exploited attack chain and more appeared first on Malwarebytes Labs.

Ubuntu Security Notice USN-6278-1

Ubuntu Security Notice 6278-1 - It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service.

Ubuntu Security Notice USN-6278-1

Ubuntu Security Notice 6278-1 - It was discovered that .NET did not properly handle the execution of certain commands. An attacker could possibly use this issue to achieve remote code execution. Benoit Foucher discovered that .NET did not properly implement the QUIC stream limit in HTTP/3. An attacker could possibly use this issue to cause a denial of service. It was discovered that .NET did not properly handle the disconnection of potentially malicious clients interfacing with a Kestrel server. An attacker could possibly use this issue to cause a denial of service.

GHSA-p8rx-fwgq-rh2f: .NET Remote Code Execution Vulnerability

# Microsoft Security Advisory CVE-2023-35390: .NET Remote Code Execution Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists when some dotnet commands are used in directories with weaker permissions which can result in remote code execution. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/266 ### <a name="mitigation-factors"></a>Mitigation factors Microsoft has not identified any mitigating factors for this vulnerability. ## <a name="affected-software"></a>Affected software * Any .NET 7.0.1xx SDK 7.0.109 or earlier. * Any .NET 7.0.3xx SDK 7.0.306 or earlier. * Any .NET 6.0.1xx SDK 6.0.120 or earlier. * Any .NET 6.0.3xx SDK 6.0.315 or earlier. * A...

GHSA-vmch-3w2x-vhgq: .NET Denial of Service Vulnerability

# Microsoft Security Advisory CVE-2023-38180: .NET Denial of Service Vulnerability ## <a name="executive-summary"></a>Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1, .NET 6.0, and .NET 7.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in Kestrel where, on detecting a potentially malicious client, Kestrel will sometimes fail to disconnect it, resulting in denial of service. ## Announcement Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/269 ### <a name="mitigation-factors"></a>Mitigation factors If your application is running behind a reverse proxy, or Web Application Firewall, which has its own mitigations against HTTP based attacks this issue may be mitigated by the proxy or WAF ## <a name="affected-software"></a>Affected software * Any .NET 7.0 applicat...

Microsoft Releases Patches for 74 New Vulnerabilities in August Update

Microsoft has patched a total of 74 flaws in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical and 67 Important security vulnerabilities. Also released by the tech giant are two defense-in-depth updates for Microsoft Office (ADV230003) and the Memory Integrity System

Microsoft Patch Tuesday, August 2023 Edition

Microsoft Corp. today issued software updates to plug more than 70 security holes in its Windows operating systems and related products, including a patch that addresses multiple zero-day vulnerabilities currently being exploited in the wild.

Six critical vulnerabilities included in August’s Microsoft security update

The only vulnerability Microsoft states is being exploited in the wild is CVE-2023-38180, a denial-of-service vulnerability in .NET and Microsoft Visual Studio.

CVE-2023-38180

.NET and Visual Studio Denial of Service Vulnerability

CVE-2023-35390

.NET and Visual Studio Remote Code Execution Vulnerability