Headline
RHSA-2022:6038: Red Hat Security Advisory: .NET 6.0 security, bug fix, and enhancement update
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-34716: dotnet: External Entity Injection during XML signature verification
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-08-10
Updated:
2022-08-10
RHSA-2022:6038 - Security Advisory
- Overview
- Updated Packages
Synopsis
Moderate: .NET 6.0 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
The following packages have been upgraded to a later upstream version: rh-dotnet60-dotnet (6.0.108). (BZ#2112407)
Security Fix(es):
- dotnet: External Entity Injection during XML signature verification (CVE-2022-34716)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- dotNET on RHEL (for RHEL Server) 1 x86_64
- dotNET on RHEL (for RHEL Workstation) 1 x86_64
- dotNET on RHEL (for RHEL Compute Node) 1 x86_64
Fixes
- BZ - 2115183 - CVE-2022-34716 dotnet: External Entity Injection during XML signature verification
dotNET on RHEL (for RHEL Server) 1
SRPM
rh-dotnet60-dotnet-6.0.108-1.el7_9.src.rpm
SHA-256: bc09398136dd93e2bd254669a5d0cc603938a2268f87713433b694cf92af8ecb
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: 92dbb12fd2a449747062e4b7143c82d9ea511be0fda887d0f10f19027ccacb34
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: cf444f9cc3eb2c9c9a351c21102d597721c6e55e0958b3e16fa10c4ef4ccdad8
rh-dotnet60-dotnet-6.0.108-1.el7_9.x86_64.rpm
SHA-256: a758646188fed4e481d0cfb8a236fb8400ab41242079893bdc536781ec49a8e0
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: 9c9ac10f4b38421755b9b3dd8d001b76d8130e90e9d18434ef50fef01dce1515
rh-dotnet60-dotnet-debuginfo-6.0.108-1.el7_9.x86_64.rpm
SHA-256: 490e8ebc109e5f5caf83fc5ccde6cfbcfe311bcdc82a0f724f1bf9593eb4dd17
rh-dotnet60-dotnet-host-6.0.8-1.el7_9.x86_64.rpm
SHA-256: a2f072582d9392380a2157210f6c9daf43cdb6fd39d4b12153a3ec7bfeee05f7
rh-dotnet60-dotnet-hostfxr-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: c6492460068104d889bcb84ad9322201fe0405f36bcd4e9fb8a6fccf04d67d1d
rh-dotnet60-dotnet-runtime-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: 7fbd95a00c1d80a154388732b05fd3db7ec474ce029900558d2febd0bbc0c145
rh-dotnet60-dotnet-sdk-6.0-6.0.108-1.el7_9.x86_64.rpm
SHA-256: 8c9f059beb1e31ba377389265b79accbf179143cbf718f069b52260018a24cef
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.108-1.el7_9.x86_64.rpm
SHA-256: 9ec364f90904cee5cd78ce11f08ebf911f3c4329e47dc387db20f7c0da9c1e3e
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: 670e4aad2504ea12515e0fdf3cb70354da7658171db9c564e6851b45f7b970cd
rh-dotnet60-dotnet-templates-6.0-6.0.108-1.el7_9.x86_64.rpm
SHA-256: 4f8949ea35b50ca07d40cab1b77a275152cad80372b60d526988ea521b8d1ff0
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.108-1.el7_9.x86_64.rpm
SHA-256: 23460cd27a96f738ada78ca5327ac5b60f8f02147f90027f5c30af70c581b467
dotNET on RHEL (for RHEL Workstation) 1
SRPM
rh-dotnet60-dotnet-6.0.108-1.el7_9.src.rpm
SHA-256: bc09398136dd93e2bd254669a5d0cc603938a2268f87713433b694cf92af8ecb
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: 92dbb12fd2a449747062e4b7143c82d9ea511be0fda887d0f10f19027ccacb34
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: cf444f9cc3eb2c9c9a351c21102d597721c6e55e0958b3e16fa10c4ef4ccdad8
rh-dotnet60-dotnet-6.0.108-1.el7_9.x86_64.rpm
SHA-256: a758646188fed4e481d0cfb8a236fb8400ab41242079893bdc536781ec49a8e0
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: 9c9ac10f4b38421755b9b3dd8d001b76d8130e90e9d18434ef50fef01dce1515
rh-dotnet60-dotnet-debuginfo-6.0.108-1.el7_9.x86_64.rpm
SHA-256: 490e8ebc109e5f5caf83fc5ccde6cfbcfe311bcdc82a0f724f1bf9593eb4dd17
rh-dotnet60-dotnet-host-6.0.8-1.el7_9.x86_64.rpm
SHA-256: a2f072582d9392380a2157210f6c9daf43cdb6fd39d4b12153a3ec7bfeee05f7
rh-dotnet60-dotnet-hostfxr-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: c6492460068104d889bcb84ad9322201fe0405f36bcd4e9fb8a6fccf04d67d1d
rh-dotnet60-dotnet-runtime-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: 7fbd95a00c1d80a154388732b05fd3db7ec474ce029900558d2febd0bbc0c145
rh-dotnet60-dotnet-sdk-6.0-6.0.108-1.el7_9.x86_64.rpm
SHA-256: 8c9f059beb1e31ba377389265b79accbf179143cbf718f069b52260018a24cef
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.108-1.el7_9.x86_64.rpm
SHA-256: 9ec364f90904cee5cd78ce11f08ebf911f3c4329e47dc387db20f7c0da9c1e3e
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: 670e4aad2504ea12515e0fdf3cb70354da7658171db9c564e6851b45f7b970cd
rh-dotnet60-dotnet-templates-6.0-6.0.108-1.el7_9.x86_64.rpm
SHA-256: 4f8949ea35b50ca07d40cab1b77a275152cad80372b60d526988ea521b8d1ff0
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.108-1.el7_9.x86_64.rpm
SHA-256: 23460cd27a96f738ada78ca5327ac5b60f8f02147f90027f5c30af70c581b467
dotNET on RHEL (for RHEL Compute Node) 1
SRPM
rh-dotnet60-dotnet-6.0.108-1.el7_9.src.rpm
SHA-256: bc09398136dd93e2bd254669a5d0cc603938a2268f87713433b694cf92af8ecb
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: 92dbb12fd2a449747062e4b7143c82d9ea511be0fda887d0f10f19027ccacb34
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: cf444f9cc3eb2c9c9a351c21102d597721c6e55e0958b3e16fa10c4ef4ccdad8
rh-dotnet60-dotnet-6.0.108-1.el7_9.x86_64.rpm
SHA-256: a758646188fed4e481d0cfb8a236fb8400ab41242079893bdc536781ec49a8e0
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: 9c9ac10f4b38421755b9b3dd8d001b76d8130e90e9d18434ef50fef01dce1515
rh-dotnet60-dotnet-debuginfo-6.0.108-1.el7_9.x86_64.rpm
SHA-256: 490e8ebc109e5f5caf83fc5ccde6cfbcfe311bcdc82a0f724f1bf9593eb4dd17
rh-dotnet60-dotnet-host-6.0.8-1.el7_9.x86_64.rpm
SHA-256: a2f072582d9392380a2157210f6c9daf43cdb6fd39d4b12153a3ec7bfeee05f7
rh-dotnet60-dotnet-hostfxr-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: c6492460068104d889bcb84ad9322201fe0405f36bcd4e9fb8a6fccf04d67d1d
rh-dotnet60-dotnet-runtime-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: 7fbd95a00c1d80a154388732b05fd3db7ec474ce029900558d2febd0bbc0c145
rh-dotnet60-dotnet-sdk-6.0-6.0.108-1.el7_9.x86_64.rpm
SHA-256: 8c9f059beb1e31ba377389265b79accbf179143cbf718f069b52260018a24cef
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.108-1.el7_9.x86_64.rpm
SHA-256: 9ec364f90904cee5cd78ce11f08ebf911f3c4329e47dc387db20f7c0da9c1e3e
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.8-1.el7_9.x86_64.rpm
SHA-256: 670e4aad2504ea12515e0fdf3cb70354da7658171db9c564e6851b45f7b970cd
rh-dotnet60-dotnet-templates-6.0-6.0.108-1.el7_9.x86_64.rpm
SHA-256: 4f8949ea35b50ca07d40cab1b77a275152cad80372b60d526988ea521b8d1ff0
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.108-1.el7_9.x86_64.rpm
SHA-256: 23460cd27a96f738ada78ca5327ac5b60f8f02147f90027f5c30af70c581b467
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Red Hat Security Advisory 2022-6057-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.
Red Hat Security Advisory 2022-6058-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.108 and .NET Runtime 6.0.8.
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-34716: dotnet: External Entity Injection during XML signature verification
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-34716: dotnet: External Entity Injection during XML signature verification
Red Hat Security Advisory 2022-6043-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.108 and .NET Runtime 6.0.8.
Red Hat Security Advisory 2022-6038-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
Red Hat Security Advisory 2022-6037-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 3.1.422 and .NET Runtime 3.1.28.
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-34716: dotnet: External Entity Injection during XML signature verification
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET Core 3.1 and .NET 6.0. An information disclosure vulnerability exists in .NET Core 3.1 and .NET 6.0 that could lead to unauthorized access of privileged information. ## Affected software * Any .NET 6.0 application running on .NET 6.0.7 or earlier. * Any .NET Core 3.1 applicaiton running on .NET Core 3.1.27 or earlier. ## Patches * If you're using .NET 6.0, you should download and install Runtime 6.0.8 or SDK 6.0.108 (for Visual Studio 2022 v17.1) from https://dotnet.microsoft.com/download/dotnet-core/6.0. * If you're using .NET Core 3.1, you should download and install Runtime 3.1.28 (for Visual Studio 2019 v16.9) from https://dotnet.microsoft.com/download/dotnet-core/3.1.