A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of an utf-8 string to a local string that leads to a segmentation fault. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

Comment 1 Sandipan Roy 2022-02-07 08:00:26 UTC

Created unzip tracking bugs for this issue:

Affects: fedora-all \[bug 2051397\]

Comment 6 Salvatore Bonaccorso 2022-02-12 10:10:22 UTC

Hi,

The referenced bug is not accessible, can you share details on this CVE?

Regards,
Salvatore

Comment 7 Sandipan Roy 2022-02-14 09:54:43 UTC

Hey Nils,

Can you add your flaw and POC files to this bug as public?

Thanks.

Comment 8 Nils Bars 2022-02-14 09:59:12 UTC

Created attachment 1860944 \[details\]
Reproduction scripts and bug triggering input.

SIGSEGV during the conversion of an utf-8 string to a local string

# Description
During extraction of the attached zip archive via
\`\`\`
unzip $PWD/testcase
\`\`\`
a nullpointer dereference is triggered and causes a segmentation fault (SIGSEGV).
The bug appears to be located in the code responsible for handling the conversion
of an utf-8 string to a local string.
A possible fix would be to check in the function \`utf8\_to\_local\_string\` whether the
call to \`utf8\_to\_wide\_string\` returns NULL and to handle the situation accordingly.

This bug allows an attacker to perform a denial of service and possibly opens up
other attack vectors.

To reproduce the crash, we provide scripts alongside the crashing input:
- ./reproduce-fedora.sh: Reproduce crash via a Fedora 35 docker container
- ./reproduce-ubuntu.sh: Reproduce crash via a Ubuntu 20.04 docker container

If you need further details, we are happy to assist where possible.

# yum info unzip
Last metadata expiration check: 0:04:07 ago on Mon Jan 31 12:39:57 2022.
Installed Packages
Name         : unzip
Version      : 6.0
Release      : 53.fc35
Architecture : x86\_64
Size         : 385 k
Source       : unzip-6.0-53.fc35.src.rpm
Repository   : @System
From repo    : fedora
Summary      : A utility for unpacking zip files
URL          : http://www.info-zip.org/UnZip.html
License      : BSD
Description  : The unzip utility is used to list, test, or extract files from a zip
             : archive.  Zip archives are commonly found on MS-DOS systems.  The zip
             : utility, included in the zip package, creates zip archives.  Zip and
             : unzip are both compatible with archives created by PKWARE(R)'s PKZIP
             : for MS-DOS, but the programs' options and default behaviors do differ
             : in some respects.
             : 
             : Install the unzip package if you need to list, test or extract files from
             : a zip archive.

# valgrind fedora
\[+\] Running unzip /testcase
==1== Memcheck, a memory error detector
==1== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1== Using Valgrind-3.18.1 and LibVEX; rerun with -h for copyright info
==1== Command: unzip /testcase
==1== 
Archive:  /testcase
warning \[/testcase\]:  16 extra bytes at beginning or within zipfile
  (attempting to process anyway)
error \[/testcase\]:  reported length of central directory is
  -16 bytes too long (Atari STZip zipfile?  J.H.Holm ZIPSPLIT 1.1
  zipfile?).  Compensating...
==1== Invalid read of size 8
==1==    at 0x10CB55: UnknownInlinedFun (process.c:2503)
==1==    by 0x10CB55: UnknownInlinedFun (process.c:2600)
==1==    by 0x10CB55: do\_string.part.0.cold (fileio.c:2361)
==1==    by 0x118650: UnknownInlinedFun (fileio.c:2041)
==1==    by 0x118650: extract\_or\_test\_entrylist (extract.c:1377)
==1==    by 0x11A1F1: extract\_or\_test\_files (extract.c:742)
==1==    by 0x1253D6: do\_seekable.lto\_priv.0 (process.c:994)
==1==    by 0x10E51E: UnknownInlinedFun (process.c:401)
==1==    by 0x10E51E: UnknownInlinedFun (unzip.c:1279)
==1==    by 0x10E51E: main (unzip.c:742)
==1==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==1== 
error:  zipfile probably corrupt (segmentation violation)
==1== 
==1== HEAP SUMMARY:
==1==     in use at exit: 80,290 bytes in 8 blocks
==1==   total heap usage: 22 allocs, 14 frees, 86,257 bytes allocated
==1== 
==1== LEAK SUMMARY:
==1==    definitely lost: 0 bytes in 0 blocks
==1==    indirectly lost: 0 bytes in 0 blocks
==1==      possibly lost: 0 bytes in 0 blocks
==1==    still reachable: 80,290 bytes in 8 blocks
==1==         suppressed: 0 bytes in 0 blocks
==1== Rerun with --leak-check=full to see details of leaked memory
==1== 
==1== For lists of detected and suppressed errors, rerun with: -s
==1== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
\[+\] Dropping into shell. Malformed input is located at /testcase


# apt-show unzip
Package: unzip
Version: 6.0-25ubuntu1
Priority: optional
Section: utils
Origin: Ubuntu
Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com\>
Original-Maintainer: Santiago Vila <sanvila@debian.org\>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 593 kB
Depends: libbz2-1.0, libc6 (>= 2.14)
Suggests: zip
Homepage: http://www.info-zip.org/UnZip.html
Task: ubuntu-desktop-minimal, ubuntu-desktop, kubuntu-desktop, xubuntu-core, xubuntu-desktop, lubuntu-desktop, ubuntustudio-desktop-core, ubuntustudio-desktop, ubuntukylin-desktop, ubuntu-mate-core, ubuntu-mate-desktop, ubuntu-budgie-desktop
Download-Size: 169 kB
APT-Manual-Installed: yes
APT-Sources: http://archive.ubuntu.com/ubuntu focal/main amd64 Packages
Description: De-archiver for .zip files

# valgrind ubuntu
==1== Memcheck, a memory error detector
==1== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
==1== Using Valgrind-3.15.0 and LibVEX; rerun with -h for copyright info
==1== Command: unzip /testcase
==1== 
Archive:  /testcase
warning \[/testcase\]:  16 extra bytes at beginning or within zipfile
  (attempting to process anyway)
error \[/testcase\]:  reported length of central directory is
  -16 bytes too long (Atari STZip zipfile?  J.H.Holm ZIPSPLIT 1.1
  zipfile?).  Compensating...
==1== Invalid read of size 8
==1==    at 0x11E5CD: wide\_to\_local\_string (process.c:2511)
==1==    by 0x11E800: utf8\_to\_local\_string (process.c:2608)
==1==    by 0x117D50: do\_string (fileio.c:2362)
==1==    by 0x111EE8: extract\_or\_test\_entrylist (extract.c:1376)
==1==    by 0x114E16: extract\_or\_test\_files (extract.c:741)
==1==    by 0x11C830: do\_seekable (process.c:994)
==1==    by 0x11D796: process\_zipfiles (process.c:401)
==1==    by 0x10EB36: unzip (unzip.c:1278)
==1==    by 0x48890B2: (below main) (libc-start.c:308)
==1==  Address 0x0 is not stack'd, malloc'd or (recently) free'd
==1== 
error:  zipfile probably corrupt (segmentation violation)
==1== 
==1== HEAP SUMMARY:
==1==     in use at exit: 80,290 bytes in 8 blocks
==1==   total heap usage: 22 allocs, 14 frees, 86,257 bytes allocated
==1== 
==1== LEAK SUMMARY:
==1==    definitely lost: 0 bytes in 0 blocks
==1==    indirectly lost: 0 bytes in 0 blocks
==1==      possibly lost: 0 bytes in 0 blocks
==1==    still reachable: 80,290 bytes in 8 blocks
==1==         suppressed: 0 bytes in 0 blocks
==1== Rerun with --leak-check=full to see details of leaked memory
==1== 
==1== For lists of detected and suppressed errors, rerun with: -s
==1== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
\[+\] Dropping into shell. Malformed input is located at /testcase

CVE-2022-0530: SIGSEGV during the conversion of an utf-8 string to a local string

A flaw was found in unzip 6.0. The vulnerability occurs during the conversion of wide string to local string that leads to a heap of out-of-bound writes. This flaw allows an attacker to input a specially crafted zip file, leading to a crash or code execution.

CVE-2022-0529: Heap out-of-bound writes and reads during conversion of wide string to local string

Windows Hyper-V Denial of Service Vulnerability.

CVE-2022-22712

Windows Common Log File System Driver Denial of Service Vulnerability.

CVE-2022-22710

Microsoft Teams Denial of Service Vulnerability.

CVE-2022-21965

Windows User Account Profile Picture Denial of Service Vulnerability.

CVE-2022-22002

CVE-2022-21986

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.4), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (All versions >= V4.5.0 < V4.5.2), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions >= V2.9.2 < V2.9.4), SIMATIC S7-1500 Software Controller (All versions), SIMATIC S7-PLCSIM Advanced (All versions), TIM 1531 IRC (incl. SIPLUS NET variants) (All versions >= V2.2). An unauthenticated attacker could cause a denial-of-service condition in a PLC when sending specially prepared packets over port 102/tcp. A restart of the affected device is needed to restore normal operations.

CVE-2021-37185

Jenkins 2.333 and earlier, LTS 2.319.2 and earlier defines custom XStream converters that have not been updated to apply the protections for the vulnerability CVE-2021-43859 and allow unconstrained resource usage.

This advisory announces vulnerabilities in the following Jenkins deliverables:

*   Jenkins (core)

**Descriptions****DoS vulnerability in bundled XStream library**

**SECURITY-2602 / CVE-2021-43859 (upstream issue), CVE-2022-0538 (Jenkins-specific converters)**

Jenkins 2.333 and earlier, LTS 2.319.2 and earlier is affected by the XStream library’s vulnerability CVE-2021-43859. This library is used by Jenkins to serialize and deserialize various XML files, like global and job `config.xml`, `build.xml`, and numerous others.

This allows attackers able to submit crafted XML files to Jenkins to be parsed as configuration, e.g. through the `POST config.xml` API, to cause a denial of service (DoS).

Jenkins 2.334, LTS 2.319.3 updates the version of the XStream library used.

Additionally, custom collection converters defined in Jenkins have been updated to apply the same DoS detection as those defined in XStream.

Important

While the XStream dependency has been updated previously in the 2.333 weekly release, the Jenkins-specific changes in 2.334 are necessary for Jenkins to be protected.

Note

Denial of service is detected via unexpectedly long-running collection-related operations. In case of very complex configurations, it is possible that there are false positive detections. Set the Java system property `hudson.util.XStream2.collectionUpdateLimit` to a number of seconds that a given XML file can take to load collections. Use `-1` to disable this protection entirely.

**Severity**

*   SECURITY-2602: Medium

**Affected Versions**

*   Jenkins weekly up to and including 2.333
*   Jenkins LTS up to and including 2.319.2

**Fix**

*   Jenkins weekly should be updated to version 2.334
*   Jenkins LTS should be updated to version 2.319.3

These versions include fixes to the vulnerabilities described above. All prior versions are considered to be affected by these vulnerabilities unless otherwise indicated.

CVE-2022-0538: Jenkins Security Advisory 2022-02-09

An update for .NET 5.0 is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2022-219862: dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

![Red Hat Customer Portal](https://access.redhat.com/chrome_themes/nimbus/img/red-hat-customer-portal.svg)

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Virtualization
*   Red Hat Identity Management
*   Red Hat Directory Server
*   Red Hat Certificate System
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Update Infrastructure
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat CloudForms
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Online
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Thorntail
*   Red Hat build of Eclipse Vert.x
*   Red Hat build of OpenJDK
*   Red Hat build of Quarkus
*   Red Hat CodeReady Studio

**Integration and Automation**

*   Red Hat Process Automation
*   Red Hat Process Automation Manager
*   Red Hat Decision Manager

All Products

Issued:

2022-02-09

Updated:

2022-02-09

**RHSA-2022:0499 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Important: .NET 5.0 on RHEL 7 security and bugfix update

**Type/Severity**

Security Advisory: Important

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

An update for .NET 5.0 is now available for Red Hat Enterprise Linux 7.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.  

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 5.0.211 and .NET Runtime 5.0.14.  

Security Fix(es):  

*   dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service (CVE-2022-219862)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Affected Products**

*   dotNET on RHEL (for RHEL Server) 1 x86\_64
*   dotNET on RHEL (for RHEL Workstation) 1 x86\_64
*   dotNET on RHEL (for RHEL Compute Node) 1 x86\_64

**Fixes**

*   BZ - 2051490 - CVE-2022-219862 dotnet: ASP.NET Core Krestel HTTP headers pooling denial of service

**dotNET on RHEL (for RHEL Server) 1**

SRPM

rh-dotnet50-dotnet-5.0.211-1.el7\_9.src.rpm

SHA-256: 5dc1b6f309e7fecaf278f334f77c6a691e77ec599866b10803e2bc6c4e71ecf4

x86\_64

rh-dotnet50-aspnetcore-runtime-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 84f6b9ccc728074cb7aedefa57a3e7b1596a4224a3c23e2c7b7dc2241d0f0a4f

rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 906323c1ad953c4b5461b8bca0843041d80f01537348729f4b3cc05d94f908bb

rh-dotnet50-dotnet-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: 5cd916c78976568f79dd89d81c09d428e854ee3d9d3aebb4317420491016df45

rh-dotnet50-dotnet-apphost-pack-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 914074e56e142c51ceb7718a176ebd9f5e327bcd03fa2eac329609c6d5ed2c8d

rh-dotnet50-dotnet-debuginfo-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: c898257eab322cb78833c75ba3f2c6abd6a233cc42b76e91cfaf862752657404

rh-dotnet50-dotnet-host-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 90a69ddb5827b495395f47564ddb38bf673b95b59cca709dee6f69743f289b91

rh-dotnet50-dotnet-hostfxr-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 46307d8147d6d953e4f3b6420089eaccf0e9d281c2d4d2682735443a4bf9739c

rh-dotnet50-dotnet-runtime-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 5a82322fa136705729a1a9ccb85ff6d32653db69c0e15a6876f918aa79dacf69

rh-dotnet50-dotnet-sdk-5.0-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: a1063f962e227e94a743e8738cb8d3e4908646902789f48d7e426466a5e51b60

rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: f5a28a06231fd632c5f304a639594ba30750c2747d8821197c45bb68aa95eccb

rh-dotnet50-dotnet-targeting-pack-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: a7b4faa596016651efe22c52bc0a9570b1df39565454845544b074e16e450820

rh-dotnet50-dotnet-templates-5.0-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: a79cde7ccc6bb46248da6bdb4f665b1a027840eb91e49bbf548e7624785d6e4a

rh-dotnet50-netstandard-targeting-pack-2.1-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: 6f7e1d9f888c454fddf373fecf8380d1f25c24d6dfa42c786246099aee2459da

**dotNET on RHEL (for RHEL Workstation) 1**

SRPM

rh-dotnet50-dotnet-5.0.211-1.el7\_9.src.rpm

SHA-256: 5dc1b6f309e7fecaf278f334f77c6a691e77ec599866b10803e2bc6c4e71ecf4

x86\_64

rh-dotnet50-aspnetcore-runtime-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 84f6b9ccc728074cb7aedefa57a3e7b1596a4224a3c23e2c7b7dc2241d0f0a4f

rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 906323c1ad953c4b5461b8bca0843041d80f01537348729f4b3cc05d94f908bb

rh-dotnet50-dotnet-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: 5cd916c78976568f79dd89d81c09d428e854ee3d9d3aebb4317420491016df45

rh-dotnet50-dotnet-apphost-pack-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 914074e56e142c51ceb7718a176ebd9f5e327bcd03fa2eac329609c6d5ed2c8d

rh-dotnet50-dotnet-debuginfo-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: c898257eab322cb78833c75ba3f2c6abd6a233cc42b76e91cfaf862752657404

rh-dotnet50-dotnet-host-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 90a69ddb5827b495395f47564ddb38bf673b95b59cca709dee6f69743f289b91

rh-dotnet50-dotnet-hostfxr-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 46307d8147d6d953e4f3b6420089eaccf0e9d281c2d4d2682735443a4bf9739c

rh-dotnet50-dotnet-runtime-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 5a82322fa136705729a1a9ccb85ff6d32653db69c0e15a6876f918aa79dacf69

rh-dotnet50-dotnet-sdk-5.0-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: a1063f962e227e94a743e8738cb8d3e4908646902789f48d7e426466a5e51b60

rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: f5a28a06231fd632c5f304a639594ba30750c2747d8821197c45bb68aa95eccb

rh-dotnet50-dotnet-targeting-pack-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: a7b4faa596016651efe22c52bc0a9570b1df39565454845544b074e16e450820

rh-dotnet50-dotnet-templates-5.0-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: a79cde7ccc6bb46248da6bdb4f665b1a027840eb91e49bbf548e7624785d6e4a

rh-dotnet50-netstandard-targeting-pack-2.1-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: 6f7e1d9f888c454fddf373fecf8380d1f25c24d6dfa42c786246099aee2459da

**dotNET on RHEL (for RHEL Compute Node) 1**

SRPM

rh-dotnet50-dotnet-5.0.211-1.el7\_9.src.rpm

SHA-256: 5dc1b6f309e7fecaf278f334f77c6a691e77ec599866b10803e2bc6c4e71ecf4

x86\_64

rh-dotnet50-aspnetcore-runtime-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 84f6b9ccc728074cb7aedefa57a3e7b1596a4224a3c23e2c7b7dc2241d0f0a4f

rh-dotnet50-aspnetcore-targeting-pack-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 906323c1ad953c4b5461b8bca0843041d80f01537348729f4b3cc05d94f908bb

rh-dotnet50-dotnet-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: 5cd916c78976568f79dd89d81c09d428e854ee3d9d3aebb4317420491016df45

rh-dotnet50-dotnet-apphost-pack-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 914074e56e142c51ceb7718a176ebd9f5e327bcd03fa2eac329609c6d5ed2c8d

rh-dotnet50-dotnet-debuginfo-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: c898257eab322cb78833c75ba3f2c6abd6a233cc42b76e91cfaf862752657404

rh-dotnet50-dotnet-host-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 90a69ddb5827b495395f47564ddb38bf673b95b59cca709dee6f69743f289b91

rh-dotnet50-dotnet-hostfxr-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 46307d8147d6d953e4f3b6420089eaccf0e9d281c2d4d2682735443a4bf9739c

rh-dotnet50-dotnet-runtime-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: 5a82322fa136705729a1a9ccb85ff6d32653db69c0e15a6876f918aa79dacf69

rh-dotnet50-dotnet-sdk-5.0-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: a1063f962e227e94a743e8738cb8d3e4908646902789f48d7e426466a5e51b60

rh-dotnet50-dotnet-sdk-5.0-source-built-artifacts-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: f5a28a06231fd632c5f304a639594ba30750c2747d8821197c45bb68aa95eccb

rh-dotnet50-dotnet-targeting-pack-5.0-5.0.14-1.el7\_9.x86\_64.rpm

SHA-256: a7b4faa596016651efe22c52bc0a9570b1df39565454845544b074e16e450820

rh-dotnet50-dotnet-templates-5.0-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: a79cde7ccc6bb46248da6bdb4f665b1a027840eb91e49bbf548e7624785d6e4a

rh-dotnet50-netstandard-targeting-pack-2.1-5.0.211-1.el7\_9.x86\_64.rpm

SHA-256: 6f7e1d9f888c454fddf373fecf8380d1f25c24d6dfa42c786246099aee2459da

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Tag

#dos