Description:
.NET Core is a managed-software framework. It implements a subset of the .NET
framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 5.0.214 and .NET Core Runtime 5.0.17.
Security Fix(es):
* dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267)
* dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117)
* dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| x86_64 |
dotnet-sdk-5.0-source-built-artifacts-5.0.214-1.el8_6.x86_64.rpm |
0f7f0727ce48056abc26b53dcf5fca1de23d2478c1d56b31b29f215ae413e29b |
| x86_64 |
dotnet-hostfxr-5.0-5.0.17-1.el8_6.x86_64.rpm |
127b4be85df60796078c2f1baef812f1c188e8ae0b6757864fedbc6fbf94834b |
| x86_64 |
dotnet-sdk-5.0-5.0.214-1.el8_6.x86_64.rpm |
6ea7ad0fba260ba51904c7a73ec3ceb5109522512acada27ecc510366b10eacc |
| x86_64 |
dotnet-runtime-5.0-5.0.17-1.el8_6.x86_64.rpm |
7c4742193aa2c642f5c4343b99441b16a942756e8f0847aa4771494f3c8b9a65 |
| x86_64 |
aspnetcore-targeting-pack-5.0-5.0.17-1.el8_6.x86_64.rpm |
8a99da42e1cb1f45ac2cb106577b59861805e75e6ddfa060419c3fb0953d119e |
| x86_64 |
dotnet-templates-5.0-5.0.214-1.el8_6.x86_64.rpm |
8f8c6fd72d0f08953d5aaaea01bd50cf6674dfecd705082e3fac6f1ac5505122 |
| x86_64 |
dotnet-apphost-pack-5.0-5.0.17-1.el8_6.x86_64.rpm |
98c91e227be991c71630aedd0945a532ceb9b206adcb1f888cf7433bd5dd2c08 |
| x86_64 |
aspnetcore-runtime-5.0-5.0.17-1.el8_6.x86_64.rpm |
af6b62aba0e6b72e00cdafa543c6c968277a7bae3dfefa8099ae435b5d478ec6 |
| x86_64 |
dotnet-targeting-pack-5.0-5.0.17-1.el8_6.x86_64.rpm |
b56d2357e910dfc835ee00834550ecf38fcf5137004f661919d1fa91b701b8fb |
