[ALSA-2022:2202] Important: .NET Core 3.1 security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2022-05-11
Description:
.NET Core is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET Core that address a security vulnerability are now available. The updated versions are .NET Core SDK 3.1.419 and .NET Core Runtime 3.1.25. Security Fix(es): * dotnet: excess memory allocation via HttpClient causes DoS (CVE-2022-23267) * dotnet: malicious content causes high CPU and memory usage (CVE-2022-29117) * dotnet: parsing HTML causes Denial of Service (CVE-2022-29145) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
x86_64 dotnet-sdk-3.1-source-built-artifacts-3.1.419-1.el8_6.x86_64.rpm 1905af48708b27e806f91328e3156f952511d32ac4c6c311a58886ffc7f83b14
x86_64 dotnet-hostfxr-3.1-3.1.25-1.el8_6.x86_64.rpm 257b541481c1b1f20034c406814ce6c3a8a0b3c038a7aa17cdc2e38428e233d4
x86_64 aspnetcore-targeting-pack-3.1-3.1.25-1.el8_6.x86_64.rpm 29d2d57b0d08a5f2a5c5f10cf594059d528dddf06515f5fb261e6890b80ac3ae
x86_64 dotnet-sdk-3.1-3.1.419-1.el8_6.x86_64.rpm 3ce8ba953f8794dde0a9dd2ebafff6642af886e1263625d4e9c4cb819f445898
x86_64 aspnetcore-runtime-3.1-3.1.25-1.el8_6.x86_64.rpm 3cfe5510def97c78f548ae95075abc30fc4f57eba9b7b265cac5056142379de3
x86_64 dotnet-runtime-3.1-3.1.25-1.el8_6.x86_64.rpm 4cea0372de80df3e41f52d10edeae083aebcf2d114745c9f071d8d78572b4440
x86_64 dotnet-apphost-pack-3.1-3.1.25-1.el8_6.x86_64.rpm 71b842c3f342063057b406e486ac45bc90ef74ea1f0fcd952d10699825843178
x86_64 dotnet-targeting-pack-3.1-3.1.25-1.el8_6.x86_64.rpm 8a2934228fecc0534e4924a5a7ee332e0fdbbb3e4258f9920e0c06528c309362
x86_64 dotnet-templates-3.1-3.1.419-1.el8_6.x86_64.rpm c1d126e60eb22617cdd6e17262c176cf1644bfce8af1d437cbfc6c0becfd8fe4
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.