ALSA-2023:3593

[ALSA-2023:3593] Important: .NET 7.0 security, bug fix, and enhancement update

Type:

security

Severity:

important

Release date:

2023-06-23

Description:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.107 and .NET Runtime 7.0.7.

The following packages have been upgraded to a later upstream version: dotnet7.0 (7.0.107). (BZ#2211876)

Security Fix(es):

* dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331)
* dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337)
* dotnet: Elevation of privilege - TarFile.ExtractToDirectory ignores extraction directory argument (CVE-2023-32032)
* dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128)
* dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	netstandard-targeting-pack-2.1-7.0.107-1.el8_8.aarch64.rpm	027f21471807d0cb867ed9509c62dda9be1b5137779a9cb2faef25f61e56070f
aarch64	dotnet-hostfxr-7.0-7.0.7-1.el8_8.aarch64.rpm	111d1fb3a5e9378748bf07670e727bc19fd4e30d01c3a266394818ea11c6584d
aarch64	dotnet-7.0.107-1.el8_8.aarch64.rpm	11b4c628b0ced0e4b08a9bf31e63610584a76d5168764c39ec3d65b66d3f9e1a
aarch64	dotnet-templates-7.0-7.0.107-1.el8_8.aarch64.rpm	2b593d57b47f4323d06eb8c82bf7205411e010d789a7895304f1b06ecf2d5a88
aarch64	aspnetcore-targeting-pack-7.0-7.0.7-1.el8_8.aarch64.rpm	31e86a4e0fca7e4e9e736fca5bab316f7596269aff43e04eccab45a87c1147d9
aarch64	dotnet-sdk-7.0-source-built-artifacts-7.0.107-1.el8_8.aarch64.rpm	42d030be112bc947cde3e440f8596c979b6dd55c38a3716c14e2d80ad3f7ef93
aarch64	dotnet-runtime-7.0-7.0.7-1.el8_8.aarch64.rpm	5cf2a704588a6ba2c72b567ae391915e0490878994c52009c3a396024913461f
aarch64	dotnet-sdk-7.0-7.0.107-1.el8_8.aarch64.rpm	61115374693cd5366de3e5f60c5027e298869172ea4cd40cde054e1e7e6c9a23
aarch64	dotnet-targeting-pack-7.0-7.0.7-1.el8_8.aarch64.rpm	729e346023071ff6a015823607fb4e10861202878482e97e77c785c3723e933e
aarch64	dotnet-apphost-pack-7.0-7.0.7-1.el8_8.aarch64.rpm	793d56cafd1a7a1490d6d4496c2917d59d4311b4608f96374cb9dfdeebc5d1cc
aarch64	aspnetcore-runtime-7.0-7.0.7-1.el8_8.aarch64.rpm	953a564284e99614d24a668821cf6ba8a790db5fedf7120602d600fb476e77a8
aarch64	dotnet-host-7.0.7-1.el8_8.aarch64.rpm	f57b519ae5b4e985b5daa6dae0b5dbaf17668b9cf67406f40732aa466f9ee562
ppc64le	dotnet-runtime-7.0-7.0.7-1.el8_8.ppc64le.rpm	099a4dd5e76f3b191e145d3ef4c39ea5412a91dd0dab59c6d0f15d608e0bba95
ppc64le	dotnet-apphost-pack-7.0-7.0.7-1.el8_8.ppc64le.rpm	17afdfced77e5f088525d25fc570792abd93bb578b33cc8026c0a119184278e1
ppc64le	dotnet-templates-7.0-7.0.107-1.el8_8.ppc64le.rpm	23ef5f19a4871b2ccea9076d93bdff5a5c062814ac325dbc118948a944f75302
ppc64le	dotnet-7.0.107-1.el8_8.ppc64le.rpm	40b18a0cf0f6295336065d63748bbcd8c8f45002a05e6b29b31aee74f5decd82
ppc64le	dotnet-hostfxr-7.0-7.0.7-1.el8_8.ppc64le.rpm	62a42c436d79774cb4f0f40137dc483098b4a8bf228dc28f788e7380f01854bb
ppc64le	aspnetcore-targeting-pack-7.0-7.0.7-1.el8_8.ppc64le.rpm	6559d1241d1798f9c1525e809a58d16a8784f6544b3d7cbe2030934f3c15beb8
ppc64le	dotnet-sdk-7.0-source-built-artifacts-7.0.107-1.el8_8.ppc64le.rpm	75800fb542ca9e1ec768809e78975bd59e807dc17bd00217dfdbc03eed78bf4d
ppc64le	dotnet-targeting-pack-7.0-7.0.7-1.el8_8.ppc64le.rpm	87e1df08c5c6c4428b605ea8e406ac1bde5f3eac29159eafa21738b9c2e72191
ppc64le	aspnetcore-runtime-7.0-7.0.7-1.el8_8.ppc64le.rpm	8a6f3a03a1df28c5594b4c2283b233a9b63b91ade4eafca64206dcd8676530ee
ppc64le	dotnet-host-7.0.7-1.el8_8.ppc64le.rpm	971be50f835a913e64be870d8fe6ea8bb10258d89b28c22d279d32c75dd38533
ppc64le	netstandard-targeting-pack-2.1-7.0.107-1.el8_8.ppc64le.rpm	c32f5138c5a6616aa634607edb2fcd0c0405e9cce5a60d7214f74623cdce22cf
ppc64le	dotnet-sdk-7.0-7.0.107-1.el8_8.ppc64le.rpm	e71d750330e053293cc8abf0ee0f22da41a594727e812504fcceca317feb6ccf
s390x	netstandard-targeting-pack-2.1-7.0.107-1.el8_8.s390x.rpm	0d3960ce0015ea3512320ae9c6dff0272c06a5d2952d6e29b04a9ee594928b66
s390x	aspnetcore-runtime-7.0-7.0.7-1.el8_8.s390x.rpm	27147e65d7fc376f4d54824022850ff1f3c434770e19d4e4f33bbda5c62880c1
s390x	dotnet-apphost-pack-7.0-7.0.7-1.el8_8.s390x.rpm	50df8e29c0e6ba73568e4648146327286e9257dc4081b334df5488d468c97d69
s390x	dotnet-runtime-7.0-7.0.7-1.el8_8.s390x.rpm	53ab455694488d6c6e54dfeb1f2938fd6ef4b7bb61a263ea4b93b513207d6cb7
s390x	dotnet-hostfxr-7.0-7.0.7-1.el8_8.s390x.rpm	62d01ed32beab64922ecee442ce7568e0f71c98df43e4eee6f63b4e958bc8986
s390x	dotnet-targeting-pack-7.0-7.0.7-1.el8_8.s390x.rpm	67f3e49ed268cd064b0668b5dcef0904486252b6cf597b0d4bf9fae9a72b97c8
s390x	dotnet-7.0.107-1.el8_8.s390x.rpm	7bc15b454d9e5157fc79391e16692d1128cd86db0b8882a9f781d3fb0389e866
s390x	aspnetcore-targeting-pack-7.0-7.0.7-1.el8_8.s390x.rpm	8f9da4cbe8304b15029ca3b3036165eeeb1f46f78ea1b3796d7efa46d4b96e36
s390x	dotnet-sdk-7.0-7.0.107-1.el8_8.s390x.rpm	bb8c588a857914386ea5aac48a6eaa3e0fa9229ece2096b61446b4a081d5e2c1
s390x	dotnet-host-7.0.7-1.el8_8.s390x.rpm	bcc26fa2d79bce0013d2bdc17cd4ac648bfeaf92060206f35b401385be7ffcd3
s390x	dotnet-sdk-7.0-source-built-artifacts-7.0.107-1.el8_8.s390x.rpm	d53b52f9adf362a41761a808e9c43a72fecae041787ab5341dac91ee0c6e3de0
s390x	dotnet-templates-7.0-7.0.107-1.el8_8.s390x.rpm	d91fced5bd8a8bf13babe45ef37a2128873f99fdf0f980dfcc019d18b847a54a
x86_64	dotnet-templates-7.0-7.0.107-1.el8_8.x86_64.rpm	17dfd05e8873cd9d61d123cfaa98c27ed49fd9df4f72e29ccae05ba0e709bf37
x86_64	dotnet-sdk-7.0-7.0.107-1.el8_8.x86_64.rpm	2943261498999e5ad292080f5fb5c7b50a5e96eb4ba445d21604656ad41d91d5
x86_64	dotnet-targeting-pack-7.0-7.0.7-1.el8_8.x86_64.rpm	3e29fa94da2ebfd10870a9b35493d2d9dd3e63c2a52b06275e08356b880e7b9b
x86_64	aspnetcore-targeting-pack-7.0-7.0.7-1.el8_8.x86_64.rpm	4419bbf949027687aeb0b0b44dee3c61f776e9087faed52a9fa56f56450fa4ef
x86_64	dotnet-sdk-7.0-source-built-artifacts-7.0.107-1.el8_8.x86_64.rpm	4fc4eb5bd195eccc223076b01628cf7d609e353e26a375ae4b425a456efd8286
x86_64	dotnet-apphost-pack-7.0-7.0.7-1.el8_8.x86_64.rpm	5216588b56c565fb919ee8ef2f8883dba05107d7b948b4e5dd55c412e9c269b2
x86_64	netstandard-targeting-pack-2.1-7.0.107-1.el8_8.x86_64.rpm	56c9ad5c323d0563dee12cdeb0614b6203839b523cb2b18066a1b1ca0ddc9572
x86_64	dotnet-host-7.0.7-1.el8_8.x86_64.rpm	8675a520518a9718e6e4c22045ed294d3f3d79c3c5a67be625a5afa6ab66da0e
x86_64	dotnet-7.0.107-1.el8_8.x86_64.rpm	9b6b08f307011616f9ad4c718273be60c0c93f4407de30bfe544af532d42d362
x86_64	dotnet-runtime-7.0-7.0.7-1.el8_8.x86_64.rpm	a0a96722283528ccab64e981040209352db3f3a20644fe80e3af5c9fa3f8c3a1
x86_64	dotnet-hostfxr-7.0-7.0.7-1.el8_8.x86_64.rpm	c8a8f87067566b1137bba36e285ca32786726c7b941ef736a230d48973239250
x86_64	aspnetcore-runtime-7.0-7.0.7-1.el8_8.x86_64.rpm	e2fb839642fcd9cefd6228b85c666d6395aae683dc35823fa6c778d3d2f9b9fb

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.