ALSA-2024:7851

[ALSA-2024:7851] Important: .NET 6.0 security update

Type:

security

Severity:

important

Release date:

2024-10-10

Description:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.135 and .NET Runtime 6.0.35.

Security Fix(es):

* dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484)
* dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483)
* dotnet: Denial of Service in System.Text.Json (CVE-2024-43485)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):

* dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484)
* dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483)
* dotnet: Denial of Service in System.Text.Json (CVE-2024-43485)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	dotnet-runtime-6.0-6.0.35-1.el8_10.aarch64.rpm	03e29d02980ac338c69c43d6684111f57eaff5f48893abd13fbf572fb62a57bd
aarch64	dotnet-templates-6.0-6.0.135-1.el8_10.aarch64.rpm	07110f5e9614af1a94725c159062845611dcaa96dbaef50dfd61206753100b82
aarch64	aspnetcore-targeting-pack-6.0-6.0.35-1.el8_10.aarch64.rpm	073815b2293d913e3c9fafea4814d05beb5a2bcd295f853be2b8c255aa645a3e
aarch64	dotnet-sdk-6.0-6.0.135-1.el8_10.aarch64.rpm	1a87a79f9884bf8d04b94293073dc9e08cb8dffd297e30d2fc891230850b8547
aarch64	dotnet-sdk-6.0-source-built-artifacts-6.0.135-1.el8_10.aarch64.rpm	3559b8f4160e20030437ca73b6fbeebcca398ebd682de70479658030cd1d41f4
aarch64	dotnet-targeting-pack-6.0-6.0.35-1.el8_10.aarch64.rpm	3fa2919db5f640197aa3d153377c32727083495c60cfa0d0110e4cb094a1ae21
aarch64	aspnetcore-runtime-6.0-6.0.35-1.el8_10.aarch64.rpm	937d4dbd73a905148c6f83f0a139e308f2a2b93b01bb49c485394af1c44f1ab4
aarch64	dotnet-apphost-pack-6.0-6.0.35-1.el8_10.aarch64.rpm	e114d909fdf2e7fd3509c777f1281da97794dcad1e2fab30a05dc69c0c719e5c
aarch64	dotnet-hostfxr-6.0-6.0.35-1.el8_10.aarch64.rpm	f236f13aa6f9f88b0e76b9764397d0e2f85d1ab292741b5c205af7bb5d156bb3
s390x	dotnet-hostfxr-6.0-6.0.35-1.el8_10.s390x.rpm	0f42ad5654d5e4ae3b469050278600b92fb966a44286612d6293078b4cc2ca5c
s390x	dotnet-runtime-6.0-6.0.35-1.el8_10.s390x.rpm	585e98950dd2a02a729449c8d3eb11ec0a29f0c060ccf91fa77970454f12a96b
s390x	aspnetcore-runtime-6.0-6.0.35-1.el8_10.s390x.rpm	5947a26353fd680aeb3cf0fdfd5d399d4316fd7f5460199f4a042668ea8f10ac
s390x	dotnet-templates-6.0-6.0.135-1.el8_10.s390x.rpm	705caa697bb021e06a6d2db5fde022d49e1f80a875c5938ef3a2e5da97c71793
s390x	dotnet-sdk-6.0-source-built-artifacts-6.0.135-1.el8_10.s390x.rpm	80a7526e51abb4ceec716c79fffefc34096bed0018c80932519755759f14ce62
s390x	aspnetcore-targeting-pack-6.0-6.0.35-1.el8_10.s390x.rpm	96c8095b7d072d0cecafd5d0cb1f16de1b4e26cae14e9041d753fe3f60b84e8a
s390x	dotnet-apphost-pack-6.0-6.0.35-1.el8_10.s390x.rpm	9fc12c594f47ba3429a8e6c66277489a8cba01bbd13c289456f172e90f22d150
s390x	dotnet-targeting-pack-6.0-6.0.35-1.el8_10.s390x.rpm	d21bc7fcc4cbee93232e8b6a0f531e9b4cd2608140112c73a2472738ab97b550
s390x	dotnet-sdk-6.0-6.0.135-1.el8_10.s390x.rpm	f6b22b12e249699a96f279a4223eee4daf3a0d6cde930c8dd63deb51058e7b93
x86_64	dotnet-hostfxr-6.0-6.0.35-1.el8_10.x86_64.rpm	04a322e21a0cc5a809cd4b899842f9e7bf3a0b9ccbafa2765d779f50c2d0764e
x86_64	dotnet-runtime-6.0-6.0.35-1.el8_10.x86_64.rpm	2fb65f887f90bb4aeaf8c1357f20f30190457f61aa195b7c2ac95b16d46d0b2d
x86_64	dotnet-apphost-pack-6.0-6.0.35-1.el8_10.x86_64.rpm	7aee0c2572c8602b07b42e7f4ce9bf0eb485714b0c57afc6dc8396710157db60
x86_64	dotnet-templates-6.0-6.0.135-1.el8_10.x86_64.rpm	8c0e3e7a1119e11eed5a4f610f28b12c0db8f32f5c53c772b80a53cc87045e17
x86_64	dotnet-sdk-6.0-source-built-artifacts-6.0.135-1.el8_10.x86_64.rpm	8fb91d400dbe281d65f08b1234044b156b454f0f1018ea7b8b9f7a6ac80d62b5
x86_64	aspnetcore-targeting-pack-6.0-6.0.35-1.el8_10.x86_64.rpm	d8ef6ffa21c01328dc7461ecb47c4a845f7d9abc0029cf26a91c7281dec63e9b
x86_64	dotnet-sdk-6.0-6.0.135-1.el8_10.x86_64.rpm	e3ab94208e6ac0cae63498257f37cbaaa5facd8d4e09a5c7787a2eeb97a87b89
x86_64	aspnetcore-runtime-6.0-6.0.35-1.el8_10.x86_64.rpm	e96a63decea1386d0bb0ee6dc5fe5db28f3ccae8318ebffe36281019053b062f
x86_64	dotnet-targeting-pack-6.0-6.0.35-1.el8_10.x86_64.rpm	f6e0087f953ff9cbbfd3775a6074b06e53e714e77fa9b5a188706aa3309f4045

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.