ALSA-2023:4645

[ALSA-2023:4645] Important: .NET 6.0 security, bug fix, and enhancement update

Type:

security

Severity:

important

Release date:

2023-08-15

Description:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.121 and .NET Runtime 6.0.21.

Security Fix(es):

* dotnet: RCE under dotnet commands (CVE-2023-35390)
* dotnet: Kestrel vulnerability to slow read attacks leading to Denial of Service attack (CVE-2023-38180)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	dotnet-targeting-pack-6.0-6.0.21-1.el8_8.aarch64.rpm	399db919bccabe39f9a83a30ae03832330d01f0f1b61071fc99a86f703355156
aarch64	dotnet-runtime-6.0-6.0.21-1.el8_8.aarch64.rpm	4c0ecb95614d0441ff2d832f07681d03b496ea9771047bb32cd6c32c17970dde
aarch64	aspnetcore-runtime-6.0-6.0.21-1.el8_8.aarch64.rpm	8c5bbb1934628638383f656f15e21bc7293ade672a0d88a4a6df22278a80e4b2
aarch64	dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el8_8.aarch64.rpm	97c047562218acc68cb21857688c86d3372342cf86248c17e5e11f7e2f9aabf7
aarch64	aspnetcore-targeting-pack-6.0-6.0.21-1.el8_8.aarch64.rpm	9d4158b734ee91250eafa603b894486ea8273912c077e9fb61545ee9307777a5
aarch64	dotnet-hostfxr-6.0-6.0.21-1.el8_8.aarch64.rpm	a0d7dcf3a3db2449da38cb81c5055efa303956a03288d844de2733d4dcbeb070
aarch64	dotnet-templates-6.0-6.0.121-1.el8_8.aarch64.rpm	bab61ae40f4124f984251846c3e6ec758b48d1d011ed572436cee8f8c34263e5
aarch64	dotnet-apphost-pack-6.0-6.0.21-1.el8_8.aarch64.rpm	d188473e9094467c2bc9b7d2775b97f229733d77d296a693d99b253ab5bdb2b1
aarch64	dotnet-sdk-6.0-6.0.121-1.el8_8.aarch64.rpm	eb2825ca3f4092930fd2b832b123814e2a7faf90158b343eade96b78207f0410
s390x	dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el8_8.s390x.rpm	29f5b97efb7b633f1cc6abb0d3208ad4948ba23392edbb82a14742d80e816e5d
s390x	dotnet-sdk-6.0-6.0.121-1.el8_8.s390x.rpm	2b993263ecd481fb8b4f92b50e66e342afcc050a8b95a4bd8af39de871742f87
s390x	dotnet-hostfxr-6.0-6.0.21-1.el8_8.s390x.rpm	3da8183d1b8e455e053cd8fe7595117f4de26f94f3dbf7a87ab11a98f772233a
s390x	dotnet-runtime-6.0-6.0.21-1.el8_8.s390x.rpm	41ba3d852e8cc5605be75ef90de342fcfc81e565106807f13e33b274f065276f
s390x	dotnet-templates-6.0-6.0.121-1.el8_8.s390x.rpm	449afacc6cdbc5bd3e5bf9d60bd6ee7b071499cac3f948e9d01c3bec9e462823
s390x	dotnet-targeting-pack-6.0-6.0.21-1.el8_8.s390x.rpm	7040bc2d4bc1e128ca7230174299b873d5c26d7d0d72ebb749f9b63101fd1133
s390x	aspnetcore-runtime-6.0-6.0.21-1.el8_8.s390x.rpm	a12e683f35b98169ea4244c8ed2b0ea5e217a92cb61305ce56269740bf68df5c
s390x	aspnetcore-targeting-pack-6.0-6.0.21-1.el8_8.s390x.rpm	c1e6bc10c9883641f4e7f2e85e6ca23c55106d9e3e9ec46c4eb5ac0e3ba123ec
s390x	dotnet-apphost-pack-6.0-6.0.21-1.el8_8.s390x.rpm	fa602ab7e9b2e53811f6c5d68dfa63089b03e9c5361bf0f8d85db2a2ece1a695
x86_64	dotnet-runtime-6.0-6.0.21-1.el8_8.x86_64.rpm	05727b44e5adc54a8a90f201842ce36226f5df00fa182c8ac6c62373345f0859
x86_64	dotnet-apphost-pack-6.0-6.0.21-1.el8_8.x86_64.rpm	0a5e1790ccd0f3e90cedd39f6376611df33daf8f0974e8ac9b02e97182134aed
x86_64	dotnet-sdk-6.0-source-built-artifacts-6.0.121-1.el8_8.x86_64.rpm	4b6965ea7594af7b1af67e1d66283fb9e4e6bbc7ce96d91fa08f7fd8a07371e8
x86_64	aspnetcore-runtime-6.0-6.0.21-1.el8_8.x86_64.rpm	5b35e46064cf62bb6d3d901835748c35b8a858cf0627b755c4e872bbed63ada3
x86_64	aspnetcore-targeting-pack-6.0-6.0.21-1.el8_8.x86_64.rpm	81f5a889f1244288a55c829ccacdd3e9720771ca4c8751e73d9e0fecfe6ec24b
x86_64	dotnet-hostfxr-6.0-6.0.21-1.el8_8.x86_64.rpm	8860c9c649644c4dc458a0ebe07d94618c9fb83eecb731ec2fea93328478e0f0
x86_64	dotnet-templates-6.0-6.0.121-1.el8_8.x86_64.rpm	934262b871bb01228f83ab9d3673988306f00b2ea160586754ba3821777384df
x86_64	dotnet-sdk-6.0-6.0.121-1.el8_8.x86_64.rpm	ba4c39554b019f47c88141d056a9655aed276280bd9a0d92c7a6a5d9c0194fb3
x86_64	dotnet-targeting-pack-6.0-6.0.21-1.el8_8.x86_64.rpm	cd85b8317bdb93462773d464d75ca8683b65680be07f8724583ea5407f23dda3

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.