[ALSA-2022:2199] Important: .NET 6.0 security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2022-05-11
Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 6.0.105 and .NET Core Runtime 6.0.5. Security Fix(es): * dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267) * dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117) * dotnet: parsing HTML causes Denial of Service (CVE-2022-29145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el8_6.aarch64.rpm 0017e5739878e39cd0cdbd9896fb397913c65f783ca869da69a0cb91f0db0b9d
aarch64 dotnet-hostfxr-6.0-6.0.5-1.el8_6.aarch64.rpm 0111b386f460f1d76a7be594e54ce6eb354668c8fdfd6d292c618ddf8c1625cf
aarch64 aspnetcore-targeting-pack-6.0-6.0.5-1.el8_6.aarch64.rpm 215f63fd3f59adf21d782282a2479c2eb39eb04a93f6749b26eb944bf2d17589
aarch64 dotnet-runtime-6.0-6.0.5-1.el8_6.aarch64.rpm 3b60dc55105d45c2e27f4321f56e545ee38d29e4680dd2bfe31c085463a6d07e
aarch64 netstandard-targeting-pack-2.1-6.0.105-1.el8_6.aarch64.rpm 5af9b540bacfbb0b02c6dc48036acceb24e8168b42128850c1e461eab8050dc2
aarch64 dotnet-targeting-pack-6.0-6.0.5-1.el8_6.aarch64.rpm 624a1db802ff500eb4dc388293859f8ab30e554df659d132d00bdc9230f6d51e
aarch64 dotnet-6.0.105-1.el8_6.aarch64.rpm 667ed3f1d681e0816961e115dcb74e1c5d9afb6a138c603084ca05e797ac1ca8
aarch64 dotnet-apphost-pack-6.0-6.0.5-1.el8_6.aarch64.rpm 9ea9ab88ba830fbbf4bcee6bff81bdd8593661ba628f2fbe0b4a7bde40d2078e
aarch64 dotnet-sdk-6.0-6.0.105-1.el8_6.aarch64.rpm b2d8b987c9bc130cbc8a84c31474e7d0570cf92cee48eeb0f9f654d50c6354f5
aarch64 dotnet-host-6.0.5-1.el8_6.aarch64.rpm c2133e943150c5b1cf27b891ec70b2a78197521610db9961c35f80070ce5c490
aarch64 aspnetcore-runtime-6.0-6.0.5-1.el8_6.aarch64.rpm c637185bf7e2f55923e837dd16becab8dcf98943f78c1baf6435a3dccb383dfc
aarch64 dotnet-templates-6.0-6.0.105-1.el8_6.aarch64.rpm e9ed4548d60cd1c9b9d4e06ba75345d0397022e5caae6266fef0db1c730c03a2
x86_64 netstandard-targeting-pack-2.1-6.0.105-1.el8_6.x86_64.rpm 2f7ab37de24828e1fb664930d37f3566c389819d552c0d3a4f60024de3850ff4
x86_64 dotnet-hostfxr-6.0-6.0.5-1.el8_6.x86_64.rpm 4479daf3b06c38956e866e79cea8f6bb93490cc0e6c1b0cb884f172187e2d784
x86_64 dotnet-sdk-6.0-6.0.105-1.el8_6.x86_64.rpm 4890e3b6c01abd4efc2e096b7f2ac8dd5cdc5db30d2e04b8a5661d88ddf65973
x86_64 dotnet-templates-6.0-6.0.105-1.el8_6.x86_64.rpm 490668e872804cae36a5082285a7a9ee84a90830792c186e74b299d2312f74c9
x86_64 dotnet-6.0.105-1.el8_6.x86_64.rpm 52b6136f9eed4a3234202c19e9a493d29e0aebc508747ee725f132b479f57c8e
x86_64 aspnetcore-runtime-6.0-6.0.5-1.el8_6.x86_64.rpm 6839ca84d697f6958d6bf0196a03b6c96aabf7f5d0f855fc153428c317ff6284
x86_64 dotnet-runtime-6.0-6.0.5-1.el8_6.x86_64.rpm 89621efb68e6349fde98f7fe2792510c3811a842e3fa3a39578b7f9ff23c9e9f
x86_64 dotnet-targeting-pack-6.0-6.0.5-1.el8_6.x86_64.rpm 929b368c4941c0dcd7ea44578c16e700f0a07329d3367f085fe12f207061fdd6
x86_64 dotnet-sdk-6.0-source-built-artifacts-6.0.105-1.el8_6.x86_64.rpm 9d0285386e1178d521466b5b796ae2a2d914ba14e201aefc596b387755ca7855
x86_64 dotnet-apphost-pack-6.0-6.0.5-1.el8_6.x86_64.rpm ca031bfbfc1f92f9f24b79c13d4d1a1080ac12968a460ac1a084f0455a5fbc5a
x86_64 aspnetcore-targeting-pack-6.0-6.0.5-1.el8_6.x86_64.rpm d1b10b53649daa82a006ee0665b6f2b76576a28dcb137d38ccf22b44dd1315e1
x86_64 dotnet-host-6.0.5-1.el8_6.x86_64.rpm f737ccd9cfec6d9db0e7f307f972b8fa24c1e1c984b82631115d2d4d473ddb56
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.