[ALSA-2023:3582] Important: .NET 6.0 security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2023-06-24
Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18. The following packages have been upgraded to a later upstream version: dotnet6.0 (6.0.118). (BZ#2212378) Security Fix(es): * dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331) * dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337) * dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128) * dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 dotnet-runtime-6.0-6.0.18-1.el8_8.aarch64.rpm 57462cd1dde2358cd9ff21bb809ca8c9bd173b64bcdfc8fccd312fa89c17802a
aarch64 dotnet-hostfxr-6.0-6.0.18-1.el8_8.aarch64.rpm 6735be723d52440554e1ff14a186ccd17e122e7642ce3ec6429e8a9760d0bae5
aarch64 dotnet-sdk-6.0-source-built-artifacts-6.0.118-1.el8_8.aarch64.rpm 76d7aec835d32a5093521923410e770eda024e3d2184cb37e13b086b96945ef0
aarch64 dotnet-sdk-6.0-6.0.118-1.el8_8.aarch64.rpm 7cadfea82c7048816102ce87d0bcd9a18c1addb60bd3340c48dfbd94bb327fc5
aarch64 aspnetcore-runtime-6.0-6.0.18-1.el8_8.aarch64.rpm d3a0962814bc68ff2fd9df21950fcce83c240a7f6d1edec3840e6d13bd7fea45
aarch64 aspnetcore-targeting-pack-6.0-6.0.18-1.el8_8.aarch64.rpm e020790a60e8344ed3c1b70bece9cc53068486954a9ae6e924d9c300849b4db5
aarch64 dotnet-apphost-pack-6.0-6.0.18-1.el8_8.aarch64.rpm ed22c2cbc835efa4bd2fec7beb28d5f8eb4aea4cec3921ef8f06e8ec41f22afd
aarch64 dotnet-templates-6.0-6.0.118-1.el8_8.aarch64.rpm f9df18da8413fe220a81e5e68c7b89084f4f7c46e22c97f54e84c4f80c73fdb4
aarch64 dotnet-targeting-pack-6.0-6.0.18-1.el8_8.aarch64.rpm fe37fb9e5a56786469cd580f86d3ad52aa0985053f0fa902661d9c52c9eb1ae5
s390x dotnet-apphost-pack-6.0-6.0.18-1.el8_8.s390x.rpm 11b6fe2fa9f3817e8b149ae837df0bf68323a147200c2c01cea454f5c9d9f463
s390x dotnet-runtime-6.0-6.0.18-1.el8_8.s390x.rpm 16b653f0f9a9c80172f0d21101662e6314f3fc8f486a8a438f5f896d91698a59
s390x dotnet-templates-6.0-6.0.118-1.el8_8.s390x.rpm 2433ce23eecbcad9d8690e9b7814ec85d6e66eb97878457c6fb3aabf4ad3aa50
s390x dotnet-targeting-pack-6.0-6.0.18-1.el8_8.s390x.rpm 454b4a1afb891a8530acd184b66a335873778a7f1d7bd12bfa00a68e4b2bb5ef
s390x dotnet-hostfxr-6.0-6.0.18-1.el8_8.s390x.rpm 5be9fcb9e0bcba6453e95a1c69f4d4f3a3a708fd4ece8ccf344e14a954252bee
s390x dotnet-sdk-6.0-source-built-artifacts-6.0.118-1.el8_8.s390x.rpm 742bd6ca905120ec9a2d6e3458ac8b418dd150a45568f98d65ca370f2b3f84cc
s390x aspnetcore-runtime-6.0-6.0.18-1.el8_8.s390x.rpm d0ea9a86d9393ee8f512b7a50a650cde7d3cf06ef4c7f0043bf8074c26545cb6
s390x aspnetcore-targeting-pack-6.0-6.0.18-1.el8_8.s390x.rpm e8873e8c18ed3d9889c2859cc67dde601e312c40051272c7f765318fd6ad0e9c
s390x dotnet-sdk-6.0-6.0.118-1.el8_8.s390x.rpm ec0c59476adf26d7f17698dbb81d89df806cdbdf298e8ccaba15eff332b303de
x86_64 dotnet-sdk-6.0-source-built-artifacts-6.0.118-1.el8_8.x86_64.rpm 0605c5d9c1d39dfd2659374f3b629d5c2b7d64211e5d1aca611e1d0ef5dd2f90
x86_64 dotnet-templates-6.0-6.0.118-1.el8_8.x86_64.rpm 22350edbf952cc7fcfce5fdc67ba36b02f024c2592e6dfc43bbbfa118a05a55a
x86_64 aspnetcore-runtime-6.0-6.0.18-1.el8_8.x86_64.rpm 2c0daf2d8852846eab830556a405ff57f7d6bd6192c7366e600e3952e88e4f74
x86_64 dotnet-apphost-pack-6.0-6.0.18-1.el8_8.x86_64.rpm 3a9bdaec2b18409046516ec5c3955a06f8b9af94e188ace0e9e4db0b0eb1f652
x86_64 dotnet-sdk-6.0-6.0.118-1.el8_8.x86_64.rpm 7c34f483b0a01af46df446fff442e18167180e94b15ef4a106eda4d4f8148383
x86_64 dotnet-targeting-pack-6.0-6.0.18-1.el8_8.x86_64.rpm 9621843b511be5b2c43d6d79d3b599bc2d2a040f0ff640d6b0624e341a22c6e2
x86_64 dotnet-runtime-6.0-6.0.18-1.el8_8.x86_64.rpm a10d1f708e775d4de02db95bec0889acb27686eb770e7799e55026b8712eb8ea
x86_64 aspnetcore-targeting-pack-6.0-6.0.18-1.el8_8.x86_64.rpm abbd4a35833000fa13405f1fe69cc28d35ce8c371697c276696960a082d50c72
x86_64 dotnet-hostfxr-6.0-6.0.18-1.el8_8.x86_64.rpm b0177b980e379c8e63167369b654cc3bbae19f8e3985e9e3772cf5d0eca086fc
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.