Description:
.NET Core is a managed-software framework. It implements a subset of the .NET
framework APIs and several new APIs, and it includes a CLR implementation.
New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.419 and .NET Core Runtime 3.1.25.
Security Fix(es):
* dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267)
* dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117)
* dotnet: parsing HTML causes Denial of Service (CVE-2022-29145)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
| Architecture |
Package |
Checksum |
| x86_64 |
dotnet-sdk-3.1-source-built-artifacts-3.1.419-1.el8_6.x86_64.rpm |
1905af48708b27e806f91328e3156f952511d32ac4c6c311a58886ffc7f83b14 |
| x86_64 |
dotnet-hostfxr-3.1-3.1.25-1.el8_6.x86_64.rpm |
257b541481c1b1f20034c406814ce6c3a8a0b3c038a7aa17cdc2e38428e233d4 |
| x86_64 |
aspnetcore-targeting-pack-3.1-3.1.25-1.el8_6.x86_64.rpm |
29d2d57b0d08a5f2a5c5f10cf594059d528dddf06515f5fb261e6890b80ac3ae |
| x86_64 |
dotnet-sdk-3.1-3.1.419-1.el8_6.x86_64.rpm |
3ce8ba953f8794dde0a9dd2ebafff6642af886e1263625d4e9c4cb819f445898 |
| x86_64 |
aspnetcore-runtime-3.1-3.1.25-1.el8_6.x86_64.rpm |
3cfe5510def97c78f548ae95075abc30fc4f57eba9b7b265cac5056142379de3 |
| x86_64 |
dotnet-runtime-3.1-3.1.25-1.el8_6.x86_64.rpm |
4cea0372de80df3e41f52d10edeae083aebcf2d114745c9f071d8d78572b4440 |
| x86_64 |
dotnet-apphost-pack-3.1-3.1.25-1.el8_6.x86_64.rpm |
71b842c3f342063057b406e486ac45bc90ef74ea1f0fcd952d10699825843178 |
| x86_64 |
dotnet-targeting-pack-3.1-3.1.25-1.el8_6.x86_64.rpm |
8a2934228fecc0534e4924a5a7ee332e0fdbbb3e4258f9920e0c06528c309362 |
| x86_64 |
dotnet-templates-3.1-3.1.419-1.el8_6.x86_64.rpm |
c1d126e60eb22617cdd6e17262c176cf1644bfce8af1d437cbfc6c0becfd8fe4 |
