ALSA-2023:7256

[ALSA-2023:7256] Moderate: dotnet7.0 security update

Type:

security

Severity:

moderate

Release date:

2023-11-23

Description:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.114 and .NET Runtime 7.0.14.

Security Fix(es):

* dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand (CVE-2023-36049)
* dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms (CVE-2023-36558)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	aspnetcore-runtime-7.0-7.0.14-1.el8_9.aarch64.rpm	203ab5d56e6cc50e817e7bf4962e4abae0e3efa9122707eca6b6a3baae736a51
aarch64	dotnet-templates-7.0-7.0.114-1.el8_9.aarch64.rpm	2358e86fc598f05e966a630b6283015c3191dab5df20e8a41a545e61bfca6394
aarch64	dotnet-sdk-7.0-source-built-artifacts-7.0.114-1.el8_9.aarch64.rpm	662aed333ddb95c4dd2ce9a3424a46ed39cf8a8cfad0f6ea8a785c5986bc4c15
aarch64	dotnet-targeting-pack-7.0-7.0.14-1.el8_9.aarch64.rpm	7c78083949ae61b82eb37bd348bba0562ae5cbc12e331379c692d7489f709b16
aarch64	dotnet-hostfxr-7.0-7.0.14-1.el8_9.aarch64.rpm	85d405434c779d49040347181f749b2ba1a24ed38345d36505086794bcfcd817
aarch64	aspnetcore-targeting-pack-7.0-7.0.14-1.el8_9.aarch64.rpm	9a8ce853b8735ad90a5cc497daec1ac7353a43238cbffa52506acffab49192e2
aarch64	dotnet-runtime-7.0-7.0.14-1.el8_9.aarch64.rpm	adb736d17014d2f6ca922b25d826b9bdb63d307acd82a7b0d7e157ca00252028
aarch64	dotnet-apphost-pack-7.0-7.0.14-1.el8_9.aarch64.rpm	da4a5f6decc0bd360b91d037b961e9cb37f9b1e76f55ec7609fe2f9efb97caa1
aarch64	dotnet-sdk-7.0-7.0.114-1.el8_9.aarch64.rpm	f18ec926d32568a29140a4a0048f934f574078ef3beeda4f0ef62dbefd56f831
ppc64le	dotnet-templates-7.0-7.0.114-1.el8_9.ppc64le.rpm	49d748fdd962fb295a0b21da88b5658daa251cc2f11a0c037d8e9f50e2c3a5c0
ppc64le	dotnet-targeting-pack-7.0-7.0.14-1.el8_9.ppc64le.rpm	61767ca513f59a81ae3ea0484f21d1073dad1a1f905949a97dee4910de38759d
ppc64le	dotnet-apphost-pack-7.0-7.0.14-1.el8_9.ppc64le.rpm	70232c6b0d86923473d11bba4cbac6ad19e259d5f1852dd5352c2e1bdee00528
ppc64le	aspnetcore-targeting-pack-7.0-7.0.14-1.el8_9.ppc64le.rpm	854b7c0e600eb1e807459ff2430c7be3f09440f05244b8bf0b8dba4575766520
ppc64le	dotnet-sdk-7.0-source-built-artifacts-7.0.114-1.el8_9.ppc64le.rpm	b7e360e561b4d8c80331239b53e557bb4ad252436f28a67603c9a43c144ce3ce
ppc64le	dotnet-hostfxr-7.0-7.0.14-1.el8_9.ppc64le.rpm	bd0885bb9703f97be67f8469099fca8278f0b39b54e2e0f8a2a2bffdce6a8dd2
ppc64le	dotnet-sdk-7.0-7.0.114-1.el8_9.ppc64le.rpm	bd0b2337dd94e54d096c2509a7b26b9a1a672882ac0177408857d0f8fab91385
ppc64le	dotnet-runtime-7.0-7.0.14-1.el8_9.ppc64le.rpm	d5ebccd0cbf7c81626b04ecfd7e48b68e4eb12e4752d11a9bd7c2ad09eeb014c
ppc64le	aspnetcore-runtime-7.0-7.0.14-1.el8_9.ppc64le.rpm	f648799d7aa53848b9e9b2aa827bbd465c90a5b32d3fd8239cef11acd6ca8913
s390x	aspnetcore-runtime-7.0-7.0.14-1.el8_9.s390x.rpm	125f914301e3c5b1f0b398d7533ade6212d796c0a12e995de5c38667ae549f5d
s390x	aspnetcore-targeting-pack-7.0-7.0.14-1.el8_9.s390x.rpm	1373a8d949e02549a40b434693a770b988a4d13bb53a4f54aee0a78f6bc80032
s390x	dotnet-templates-7.0-7.0.114-1.el8_9.s390x.rpm	3e2e9205eaafef1f197480ad1066c81e7fc7794de60ecc755b6e4a7940dc0a38
s390x	dotnet-runtime-7.0-7.0.14-1.el8_9.s390x.rpm	63ae043f356aacbd89e04d0203f19fd0dced3143bed82e85e6fe3213de36d086
s390x	dotnet-hostfxr-7.0-7.0.14-1.el8_9.s390x.rpm	6cc93c6b59eafffcef959cae958146c99e8d931574b9a73c4c27bb5e988e4310
s390x	dotnet-sdk-7.0-source-built-artifacts-7.0.114-1.el8_9.s390x.rpm	8c2bad768e3192cae6a77c5cbd8b86663f8b1560a35fb53e0140bab5a21f3d3a
s390x	dotnet-apphost-pack-7.0-7.0.14-1.el8_9.s390x.rpm	b90eb356c7ae49a5bf6f78f5845261503ec17bfa116e855b9b6c1e7c84634fcd
s390x	dotnet-sdk-7.0-7.0.114-1.el8_9.s390x.rpm	c6c21f887ca58ed67633645f2e1e7eeb52d4f647aba21a6e429cd0f7c2ed3bd3
s390x	dotnet-targeting-pack-7.0-7.0.14-1.el8_9.s390x.rpm	d52a3a585d22af1913b62a36dcd109e2861661730bb9398f93be1fe6b5f8666c
x86_64	aspnetcore-targeting-pack-7.0-7.0.14-1.el8_9.x86_64.rpm	15596fe160a4e970d916901de51fc214a1179bdab265db471572a958b7e876ce
x86_64	dotnet-templates-7.0-7.0.114-1.el8_9.x86_64.rpm	19857bb0c7d38deae5b20e88fee250f67a86cf221e08e0263e0629fa01a398da
x86_64	aspnetcore-runtime-7.0-7.0.14-1.el8_9.x86_64.rpm	1c92cd89d8bbedf1af4599de65913767c17aa0e2c4cdb66eed55dfb3c430abc8
x86_64	dotnet-runtime-7.0-7.0.14-1.el8_9.x86_64.rpm	3532fa1d9744205ba4eb1e1c56c66411618c272238cfa6f5f9cf78e66998cbf2
x86_64	dotnet-targeting-pack-7.0-7.0.14-1.el8_9.x86_64.rpm	4b41af004677f2e7f2e5590e775b1444a6cc50af0e4feb614f43c29663740ca2
x86_64	dotnet-sdk-7.0-7.0.114-1.el8_9.x86_64.rpm	5babec4a3ba3690a7c2949013bd6acb1b864b5b267e48241de9ac06b74a7dfcd
x86_64	dotnet-hostfxr-7.0-7.0.14-1.el8_9.x86_64.rpm	de629961a7dfa0dd50888dfd42f676bbf75413a4e52eddbec6ec9563bd34e04c
x86_64	dotnet-apphost-pack-7.0-7.0.14-1.el8_9.x86_64.rpm	e829d756022b9cdc6c894e773ecc0045e57ca723a15b49f8d5b9eb7894fa2dee
x86_64	dotnet-sdk-7.0-source-built-artifacts-7.0.114-1.el8_9.x86_64.rpm	eaf9533d1a9a4bf6f800dfb066f52e83f356b73932df8954c18853b949701143

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.