Headline
RHSA-2022:2195: Red Hat Security Advisory: .NET 6.0 on RHEL 7 security and bugfix update
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS
- CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage
- CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
Skip to navigation Skip to main content
Utilities
- Subscriptions
- Downloads
- Containers
- Support Cases
Infrastructure and Management
- Red Hat Enterprise Linux
- Red Hat Virtualization
- Red Hat Identity Management
- Red Hat Directory Server
- Red Hat Certificate System
- Red Hat Satellite
- Red Hat Subscription Management
- Red Hat Update Infrastructure
- Red Hat Insights
- Red Hat Ansible Automation Platform
Cloud Computing
- Red Hat OpenShift
- Red Hat CloudForms
- Red Hat OpenStack Platform
- Red Hat OpenShift Container Platform
- Red Hat OpenShift Data Science
- Red Hat OpenShift Online
- Red Hat OpenShift Dedicated
- Red Hat Advanced Cluster Security for Kubernetes
- Red Hat Advanced Cluster Management for Kubernetes
- Red Hat Quay
- Red Hat CodeReady Workspaces
- Red Hat OpenShift Service on AWS
Storage
- Red Hat Gluster Storage
- Red Hat Hyperconverged Infrastructure
- Red Hat Ceph Storage
- Red Hat OpenShift Data Foundation
Runtimes
- Red Hat Runtimes
- Red Hat JBoss Enterprise Application Platform
- Red Hat Data Grid
- Red Hat JBoss Web Server
- Red Hat Single Sign On
- Red Hat support for Spring Boot
- Red Hat build of Node.js
- Red Hat build of Thorntail
- Red Hat build of Eclipse Vert.x
- Red Hat build of OpenJDK
- Red Hat build of Quarkus
Integration and Automation
- Red Hat Process Automation
- Red Hat Process Automation Manager
- Red Hat Decision Manager
All Products
Issued:
2022-05-11
Updated:
2022-05-11
RHSA-2022:2195 - Security Advisory
- Overview
- Updated Packages
Synopsis
Important: .NET 6.0 on RHEL 7 security and bugfix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
.NET Core is a managed-software framework. It implements a subset of the .NET
framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5.
Security Fix(es):
- dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267)
- dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117)
- dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- dotNET on RHEL (for RHEL Server) 1 x86_64
- dotNET on RHEL (for RHEL Workstation) 1 x86_64
- dotNET on RHEL (for RHEL Compute Node) 1 x86_64
Fixes
- BZ - 2083647 - CVE-2022-29117 dotnet: malicious content causes high CPU and memory usage
- BZ - 2083649 - CVE-2022-29145 dotnet: parsing HTML causes Denial of Service
- BZ - 2083650 - CVE-2022-23267 dotnet: excess memory allocation via HttpClient causes DoS
dotNET on RHEL (for RHEL Server) 1
SRPM
rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
SHA-256: 794431ac93aea0c847979de17ec334ecfefc4dca25b8f59b0b4d006f9c59f452
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: 96c129bb7af1b037c22a84a9412b5e6e258ed7e5aabfa582c582ab9bfa6d2365
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: 4daeabd401f073c1de02ff10f9d27eda4b5526f2b4a3ef8b3c9b24f7b4f5b491
rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm
SHA-256: a17949f47784ab62823e1bbef9b45f7f50b762f8600da24bc139a9df24401eac
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: 6efed4ffa4be6001eb7d30685d2aa3f2186e631ec48e2a855776fda54fa2ef05
rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm
SHA-256: 439aa1120bd5a1eb4bcca80845822078ce2b5ebbba953a7dbc2ed17906502984
rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm
SHA-256: ec65a38b66073bf1bc758f1c6dbdc0e807b4735bdc600f50ee3f8cb3f2f22cb1
rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: a636901471028f3abd38d0c7f18a574306f984e51aa1fb74f193bdfb71b60948
rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: 2d8da8567a8fd36068f47ef01abe6fc85f0f98e1097ae86d85b5d122b751ba07
rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm
SHA-256: 5e7132a7028c76897238c4a209e6f91d18f16caf4dcc7310254b6e01315e5b77
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm
SHA-256: 466f254070192516093c5a05c2309cff5b8a5603657ab1372b657f86d748917b
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: fa9ef86232dfb008408927bd97a6e5c6896892892bf4a46476f5839779f4c8a4
rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm
SHA-256: 98eb0027c1b912e20097f212e12cf26c3ec6879b10de71606438c699063feff0
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
SHA-256: 7dafe12a0d21addcab7166a59dfad4d092157672c509937e6fd7f1f114fcfedf
dotNET on RHEL (for RHEL Workstation) 1
SRPM
rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
SHA-256: 794431ac93aea0c847979de17ec334ecfefc4dca25b8f59b0b4d006f9c59f452
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: 96c129bb7af1b037c22a84a9412b5e6e258ed7e5aabfa582c582ab9bfa6d2365
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: 4daeabd401f073c1de02ff10f9d27eda4b5526f2b4a3ef8b3c9b24f7b4f5b491
rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm
SHA-256: a17949f47784ab62823e1bbef9b45f7f50b762f8600da24bc139a9df24401eac
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: 6efed4ffa4be6001eb7d30685d2aa3f2186e631ec48e2a855776fda54fa2ef05
rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm
SHA-256: 439aa1120bd5a1eb4bcca80845822078ce2b5ebbba953a7dbc2ed17906502984
rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm
SHA-256: ec65a38b66073bf1bc758f1c6dbdc0e807b4735bdc600f50ee3f8cb3f2f22cb1
rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: a636901471028f3abd38d0c7f18a574306f984e51aa1fb74f193bdfb71b60948
rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: 2d8da8567a8fd36068f47ef01abe6fc85f0f98e1097ae86d85b5d122b751ba07
rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm
SHA-256: 5e7132a7028c76897238c4a209e6f91d18f16caf4dcc7310254b6e01315e5b77
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm
SHA-256: 466f254070192516093c5a05c2309cff5b8a5603657ab1372b657f86d748917b
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: fa9ef86232dfb008408927bd97a6e5c6896892892bf4a46476f5839779f4c8a4
rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm
SHA-256: 98eb0027c1b912e20097f212e12cf26c3ec6879b10de71606438c699063feff0
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
SHA-256: 7dafe12a0d21addcab7166a59dfad4d092157672c509937e6fd7f1f114fcfedf
dotNET on RHEL (for RHEL Compute Node) 1
SRPM
rh-dotnet60-dotnet-6.0.105-1.el7_9.src.rpm
SHA-256: 794431ac93aea0c847979de17ec334ecfefc4dca25b8f59b0b4d006f9c59f452
x86_64
rh-dotnet60-aspnetcore-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: 96c129bb7af1b037c22a84a9412b5e6e258ed7e5aabfa582c582ab9bfa6d2365
rh-dotnet60-aspnetcore-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: 4daeabd401f073c1de02ff10f9d27eda4b5526f2b4a3ef8b3c9b24f7b4f5b491
rh-dotnet60-dotnet-6.0.105-1.el7_9.x86_64.rpm
SHA-256: a17949f47784ab62823e1bbef9b45f7f50b762f8600da24bc139a9df24401eac
rh-dotnet60-dotnet-apphost-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: 6efed4ffa4be6001eb7d30685d2aa3f2186e631ec48e2a855776fda54fa2ef05
rh-dotnet60-dotnet-debuginfo-6.0.105-1.el7_9.x86_64.rpm
SHA-256: 439aa1120bd5a1eb4bcca80845822078ce2b5ebbba953a7dbc2ed17906502984
rh-dotnet60-dotnet-host-6.0.5-1.el7_9.x86_64.rpm
SHA-256: ec65a38b66073bf1bc758f1c6dbdc0e807b4735bdc600f50ee3f8cb3f2f22cb1
rh-dotnet60-dotnet-hostfxr-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: a636901471028f3abd38d0c7f18a574306f984e51aa1fb74f193bdfb71b60948
rh-dotnet60-dotnet-runtime-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: 2d8da8567a8fd36068f47ef01abe6fc85f0f98e1097ae86d85b5d122b751ba07
rh-dotnet60-dotnet-sdk-6.0-6.0.105-1.el7_9.x86_64.rpm
SHA-256: 5e7132a7028c76897238c4a209e6f91d18f16caf4dcc7310254b6e01315e5b77
rh-dotnet60-dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el7_9.x86_64.rpm
SHA-256: 466f254070192516093c5a05c2309cff5b8a5603657ab1372b657f86d748917b
rh-dotnet60-dotnet-targeting-pack-6.0-6.0.5-1.el7_9.x86_64.rpm
SHA-256: fa9ef86232dfb008408927bd97a6e5c6896892892bf4a46476f5839779f4c8a4
rh-dotnet60-dotnet-templates-6.0-6.0.105-1.el7_9.x86_64.rpm
SHA-256: 98eb0027c1b912e20097f212e12cf26c3ec6879b10de71606438c699063feff0
rh-dotnet60-netstandard-targeting-pack-2.1-6.0.105-1.el7_9.x86_64.rpm
SHA-256: 7dafe12a0d21addcab7166a59dfad4d092157672c509937e6fd7f1f114fcfedf
The Red Hat security contact is [email protected]. More contact details at https://access.redhat.com/security/team/contact/.
Related news
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5.0 and .NET core 3.1 where a malicious client can can cause a denial of service when HTML forms are parsed. ### Affected software * Any .NET 6.0 application running on .NET 6.0.4 or earlier. * Any .NET 5.0 application running .NET 5.0.16 or earlier. * Any .NET Core 3.1 application running on .NET Core 3.1.24 or earlier. #### Affected packages **.NET Core 3.1** | Package name | Affected version | Patched version | |---------------------------------------------------|---------------------|---------------| | Microsoft.AspNetCore.App.Runtime.win-x64 | >=3.0.0,3.1.24 | 3.1.25 | | Microsoft.AspNetCore.App.Runtime.linux-x64 | >=3.0.0,3....
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 6.0, .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in .NET 6.0, .NET 5.0 and .NET core 3.1 where a malicious client can manipulate cookies and cause a Denial of Service. ### Affected software * Any .NET 6.0 application running on .NET 6.0.4 or earlier. * Any .NET 5.0 application running .NET 5.0.16 or earlier. * Any .NET Core 3.1 application running on .NET Core 3.1.24 or earlier. #### Affected packages **.NET Core 3.1** | Package name | Affected versions | Patched versions | |---------------------------------------------------|-------------------|------------------| | Microsoft.Owin.Security.Cookies | <=4.21 | 4.22 | | Microsoft.Owin.Security | <=4.21 ...
Red Hat Security Advisory 2022-4588-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5. Issues addressed include a denial of service vulnerability.
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
Red Hat Security Advisory 2022-2200-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core Runtime 5.0.17. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-2200-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core Runtime 5.0.17. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-2200-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core Runtime 5.0.17. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-2199-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-2199-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-2199-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-2202-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.419 and .NET Core Runtime 3.1.25. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-2202-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.419 and .NET Core Runtime 3.1.25. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2022-2202-01 - .NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.419 and .NET Core Runtime 3.1.25. Issues addressed include a denial of service vulnerability.
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
An update for .NET Core 3.1 is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
An update for .NET 5.0 is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-23267: dotnet: excess memory allocation via HttpClient causes DoS * CVE-2022-29117: dotnet: malicious content causes high CPU and memory usage * CVE-2022-29145: dotnet: parsing HTML causes Denial of Service
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-29117, CVE-2022-29145.
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29117.
.NET and Visual Studio Denial of Service Vulnerability. This CVE ID is unique from CVE-2022-23267, CVE-2022-29145.