[ALSA-2023:3581] Important: .NET 6.0 security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2023-06-23
Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18. The following packages have been upgraded to a later upstream version: dotnet6.0 (6.0.118). (BZ#2212379) Security Fix(es): * dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331) * dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337) * dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128) * dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 dotnet-runtime-6.0-6.0.18-1.el9_2.aarch64.rpm 11335dcc585579fcd10b28286f9e6749deb7f8415bb807826a678bf412687e2c
aarch64 dotnet-sdk-6.0-source-built-artifacts-6.0.118-1.el9_2.aarch64.rpm 32631bac7fdad191ef05477b5a6f4929cf32492984761f5766305fe3d4c71a70
aarch64 dotnet-targeting-pack-6.0-6.0.18-1.el9_2.aarch64.rpm 7f791d3985730858e4ced1afebb2cc2fbb3143dc2c8ab32ab5abeb050ae389cf
aarch64 dotnet-sdk-6.0-6.0.118-1.el9_2.aarch64.rpm 9bf3784373a348fc27c082118e0df5fb7cf713507af0473808760966e4f6c7b2
aarch64 aspnetcore-runtime-6.0-6.0.18-1.el9_2.aarch64.rpm a59c65276ce2d90ef25c79cf7c5db2c30901ef032362d01624d8f845c66462fb
aarch64 dotnet-hostfxr-6.0-6.0.18-1.el9_2.aarch64.rpm aac0b4f46deadbe3881d078bded0b5bcd119521777e43d1ae37d4547c52424a7
aarch64 aspnetcore-targeting-pack-6.0-6.0.18-1.el9_2.aarch64.rpm e5bf07558b6d27f7012640ad8f910c24aef608ae98422c8c4b653e91ebebeb54
aarch64 dotnet-templates-6.0-6.0.118-1.el9_2.aarch64.rpm f3c92688a54f5477e7fafe16c2a636162df1caecc6a705748924099a5ed92a75
aarch64 dotnet-apphost-pack-6.0-6.0.18-1.el9_2.aarch64.rpm f9764505a12e008fc3a18d2a2a5b860b0d58ffae72b9e6cebbfdc64a6a5c15cb
s390x aspnetcore-runtime-6.0-6.0.18-1.el9_2.s390x.rpm 27f54bb6411d5c3d6f3f33c6ebfc1b9ac66170b60610a228012092bb03184a71
s390x aspnetcore-targeting-pack-6.0-6.0.18-1.el9_2.s390x.rpm 31c3fa0fa319d0e712730a0c65b385a7a7d567ce8cddab93795460954e9a2574
s390x dotnet-targeting-pack-6.0-6.0.18-1.el9_2.s390x.rpm 48f47fbc560b2a74aacffc59feb5f392d9711d0cb5982d5a5c5b9f49481eb5ac
s390x dotnet-sdk-6.0-6.0.118-1.el9_2.s390x.rpm 55998a594a017588f7f5bb7a62ddb7ee024fdde7e6cfc4450569bf043533cde3
s390x dotnet-runtime-6.0-6.0.18-1.el9_2.s390x.rpm 72705b904fa2629e38f5481f64e6b9a2a399f290776e17b88616788fad748150
s390x dotnet-sdk-6.0-source-built-artifacts-6.0.118-1.el9_2.s390x.rpm 7fb912449996b3baef8166f99bd3e8f472320113836137ecc51ec3172b3ec1f6
s390x dotnet-apphost-pack-6.0-6.0.18-1.el9_2.s390x.rpm d42e84aeced5f0a139f75731ce38758779545a0e5a6bb4df1b4b64bbd710a10a
s390x dotnet-hostfxr-6.0-6.0.18-1.el9_2.s390x.rpm d69660dadaa31e657469419f024b88c5b3ab710492e8ecc1c7bf2523f29e2806
s390x dotnet-templates-6.0-6.0.118-1.el9_2.s390x.rpm fe54577e9c4266ebdd49140a718f3f84e62228d67c8819c6a0fa31f30ca60f57
x86_64 dotnet-targeting-pack-6.0-6.0.18-1.el9_2.x86_64.rpm 0256d2f2f0caffae56325e3c024f886f9c3748069faf44e614016c44f374df55
x86_64 dotnet-apphost-pack-6.0-6.0.18-1.el9_2.x86_64.rpm 1bbce9bbdda3b5fca1ee2cfb741af68b4f55c25ccd8afa73a3e488bab3d28613
x86_64 dotnet-sdk-6.0-6.0.118-1.el9_2.x86_64.rpm 5d4fc894021fe1bec0255a4192ea868167c4daa7e49948da0643d198f647b13b
x86_64 aspnetcore-runtime-6.0-6.0.18-1.el9_2.x86_64.rpm 6cbb0f7f1b03e9aa3a8073cdd4cba43a7e344049251ae6c461def53c00043b50
x86_64 dotnet-hostfxr-6.0-6.0.18-1.el9_2.x86_64.rpm 9e36d150672127121e01dcb02726b0328a3e984c7b209bd93558372d49f8e8e1
x86_64 dotnet-templates-6.0-6.0.118-1.el9_2.x86_64.rpm b708752ee90290bab118f3b6d3a99cd020e1b673b647ba89ccf435a87dc78ec4
x86_64 dotnet-sdk-6.0-source-built-artifacts-6.0.118-1.el9_2.x86_64.rpm bf9e44c84461e26e57d7f701fe899ff27829de0dc75187e7194d4d39288aaeb3
x86_64 aspnetcore-targeting-pack-6.0-6.0.18-1.el9_2.x86_64.rpm eb91e8b89ef2635b5b0d88f317d8f538591aecdb6f9ed7352faa5f8db15bec3a
x86_64 dotnet-runtime-6.0-6.0.18-1.el9_2.x86_64.rpm f122a920a2042ec80270e1cc3afa95cd6c8ec8d0cad342d99ce2c2aa96b120c0
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.