Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET that address security vulnerabilities are now available. The updated versions are .NET SDK 3.1.417 and .NET Runtime 3.1.23.
Security Fix(es):
* dotnet: ASP.NET Denial of Service via FormPipeReader (CVE-2022-24464)
* dotnet: double parser stack buffer overrun (CVE-2022-24512)
* brotli: buffer overflow when input chunk is larger than 2GiB (CVE-2020-8927)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| x86_64 |
dotnet-runtime-3.1-3.1.23-1.el8_5.x86_64.rpm |
41cf32a1cae49cf1e1c0cdaadb886b6e1e98f8d0619285db1ffba1e273c2bb2d |
| x86_64 |
dotnet-targeting-pack-3.1-3.1.23-1.el8_5.x86_64.rpm |
925f88e534440ef2ae24e7df7c915a55df920315a3666af364c280ead5840caf |
| x86_64 |
dotnet-templates-3.1-3.1.417-1.el8_5.x86_64.rpm |
afb9d7861abf70cbd642794af18656f94c1a5aa28f9ecd24a2da19d885f29543 |
| x86_64 |
dotnet-sdk-3.1-3.1.417-1.el8_5.x86_64.rpm |
bd08fd2f9b9be302349b87863dacc1aab69b6d36b5f2013460457d99851f9c63 |
| x86_64 |
dotnet-apphost-pack-3.1-3.1.23-1.el8_5.x86_64.rpm |
c222169f7324f6ed791d86a5c475d0b7b282b3f53e9fa379b5da2db20ff8fb37 |
| x86_64 |
dotnet-hostfxr-3.1-3.1.23-1.el8_5.x86_64.rpm |
d72bcd09f2c69c49cab0e8d5cc8136a56cc9758937b690149e97443158a47c0a |
| x86_64 |
dotnet-sdk-3.1-source-built-artifacts-3.1.417-1.el8_5.x86_64.rpm |
da392c6a1ed41d041d64a909d5d9df96ac816e4b2b04b2fb4928d8611d6bd01a |
| x86_64 |
aspnetcore-targeting-pack-3.1-3.1.23-1.el8_5.x86_64.rpm |
e6c3078de910303cf39e4d9f3689a7da695ca544047bd7e73f465ebeb5a2d912 |
| x86_64 |
aspnetcore-runtime-3.1-3.1.23-1.el8_5.x86_64.rpm |
fa41170608d474727258cce959e8e0b5f11eb908a39461af3c85cda756c7deff |
