[ALSA-2023:3592] Important: .NET 7.0 security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2023-06-23
Description:
.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 7.0.107 and .NET Runtime 7.0.7. The following packages have been upgraded to a later upstream version: dotnet7.0 (7.0.107). (BZ#2211877) Security Fix(es): * dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331) * dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337) * dotnet: Elevation of privilege - TarFile.ExtractToDirectory ignores extraction directory argument (CVE-2023-32032) * dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128) * dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 dotnet-sdk-7.0-7.0.107-1.el9_2.aarch64.rpm 22c3d7909369b783fd4e58a964f724fe681c9cae6ff4547fd2a5cb9c581885ba
aarch64 dotnet-host-7.0.7-1.el9_2.aarch64.rpm 2a5a0caf6400789b3a7a5779d28bce49fbf75fa060c895da3f6c4ff4f4b709d2
aarch64 aspnetcore-targeting-pack-7.0-7.0.7-1.el9_2.aarch64.rpm 2ac3057225f9ec6edbb0081b20934e4d840c5b11d0e08850ae881b13e4e125f2
aarch64 dotnet-runtime-7.0-7.0.7-1.el9_2.aarch64.rpm 49042c0398c5b1aa35581893539b97860cf67ae10d9d25972d34b8ed2db5cd7f
aarch64 dotnet-sdk-7.0-source-built-artifacts-7.0.107-1.el9_2.aarch64.rpm 52074f3d429a78a91f72edf3d6af26f39a41922838320a7f51d74b8e7390c288
aarch64 dotnet-hostfxr-7.0-7.0.7-1.el9_2.aarch64.rpm 91f290fe7d983c66faf64b9d5f36aeefc553eb7a2918e33d8d2bf2abebf4cd38
aarch64 dotnet-templates-7.0-7.0.107-1.el9_2.aarch64.rpm 9b922ff7fdcf042175bd04fa16d40b88c34553fe25aec38b978180d651f4e989
aarch64 dotnet-targeting-pack-7.0-7.0.7-1.el9_2.aarch64.rpm 9ce5d48eca391025f3fc4fe097bb3794dc5709002edd1671380ae52b82a7fb64
aarch64 dotnet-apphost-pack-7.0-7.0.7-1.el9_2.aarch64.rpm c6b4e8f4a0d5b961ce8aef4a315d75f4dde515a43686f53d54c34ee853e60cb7
aarch64 netstandard-targeting-pack-2.1-7.0.107-1.el9_2.aarch64.rpm e3481f0fc58c3159590cdea18740e7e8633b964994303632883d2a1b59aaa0a9
aarch64 aspnetcore-runtime-7.0-7.0.7-1.el9_2.aarch64.rpm e55c97618ee099bf6a47d8356bc1ceb14f49a2202f2e42ec55a38fe9df1af90d
ppc64le dotnet-targeting-pack-7.0-7.0.7-1.el9_2.ppc64le.rpm 081d800727dfb05b7919391baba8d515ef40df5a27a1d3b09dc0716d87449fbe
ppc64le dotnet-hostfxr-7.0-7.0.7-1.el9_2.ppc64le.rpm 08d89a95939f5ab355d2b4ef7b070d273241222570cd769ec9925832b607a165
ppc64le aspnetcore-runtime-7.0-7.0.7-1.el9_2.ppc64le.rpm 53fc3e2c9e444b235fd416a70519974b540055955b195539c1172910a52c0f14
ppc64le dotnet-sdk-7.0-source-built-artifacts-7.0.107-1.el9_2.ppc64le.rpm 594d32e819f3f0bc29e2807a7e07a0130ccd2dd3d004b21068d42ff3347c25aa
ppc64le dotnet-apphost-pack-7.0-7.0.7-1.el9_2.ppc64le.rpm 63c59b88b4174e4cb6ecd537c6e9b4ad161e32d346d3628e97b07917b45b5dcb
ppc64le dotnet-runtime-7.0-7.0.7-1.el9_2.ppc64le.rpm b5ba2c8db79a59511d8e5db629bd01d9fffa6455e501f4072154ec8e6b9ec523
ppc64le dotnet-host-7.0.7-1.el9_2.ppc64le.rpm c5f5ba84bb32e824b4ba2325fbba20f996e26c938c5ccee6b2185930ab4f2332
ppc64le netstandard-targeting-pack-2.1-7.0.107-1.el9_2.ppc64le.rpm ca76f6081adbe591d7b942c6975672040ec86ad9c31e1de4979fb4e70e10c4b0
ppc64le dotnet-sdk-7.0-7.0.107-1.el9_2.ppc64le.rpm db32ea40e55ddc0059dcab955cb06cca0896d57c32ccb276a98eede93aa40f1f
ppc64le dotnet-templates-7.0-7.0.107-1.el9_2.ppc64le.rpm e96227f1133dd7ea2e42fbf01a84c1e11bc55f9553452f116e6e01e2d6d472f9
ppc64le aspnetcore-targeting-pack-7.0-7.0.7-1.el9_2.ppc64le.rpm f93737d1b8e345da57f9eef2cd8377f39a2285f0d3d5812d63e385ca98b37240
s390x netstandard-targeting-pack-2.1-7.0.107-1.el9_2.s390x.rpm 0d00bb7a2525aaa8aaf17fd477dd4be72a3ed537e15d4bbc4c4f1a5d53f187af
s390x dotnet-targeting-pack-7.0-7.0.7-1.el9_2.s390x.rpm 1c037a5de139efb59aa95de7558f083202076984115cb5ee31a8214f96f53e64
s390x aspnetcore-runtime-7.0-7.0.7-1.el9_2.s390x.rpm 29dc47f9b1294daa347c442ff6248c5229d960ac1e51baeaf4d5bf57bbf858a9
s390x dotnet-templates-7.0-7.0.107-1.el9_2.s390x.rpm 47e3e7cae8b071ce4af511520d1aca7e39e0d3514dd05e4df7dcb8802a3c6366
s390x dotnet-host-7.0.7-1.el9_2.s390x.rpm 7063f78a7bbe5414edfa298252f53dec1f104e06a332472ace43571f52df238a
s390x dotnet-apphost-pack-7.0-7.0.7-1.el9_2.s390x.rpm 82e92cab1b1ac56ca2426ac6785f9575e9557cf665fa8ef3d506415b3588a7b7
s390x dotnet-runtime-7.0-7.0.7-1.el9_2.s390x.rpm 9252c141c705682436eca6d42dd0fc28bfab2ed7c33a19a9b785e66a3cdb146b
s390x dotnet-hostfxr-7.0-7.0.7-1.el9_2.s390x.rpm a923285af64caf246587a420143130bb32bcd5daade38412bfa66e3a3938fb05
s390x dotnet-sdk-7.0-7.0.107-1.el9_2.s390x.rpm be8354514ed8843d7964bfc2efa273d91a1e5921fe92d5113b9d7ba5e5d42840
s390x aspnetcore-targeting-pack-7.0-7.0.7-1.el9_2.s390x.rpm c9f30c6a73e99e11bffe63023b2bf0bd85c3dbde04809722ebc344d24c83a1f9
s390x dotnet-sdk-7.0-source-built-artifacts-7.0.107-1.el9_2.s390x.rpm df384ffd38e8cb99e868150c9b00da53283ee79da14b4ec1adc53f3113f9c51c
x86_64 dotnet-runtime-7.0-7.0.7-1.el9_2.x86_64.rpm 011de104ab692b508809e4b0040684667af6aeb1014b713e743236c60ecbdafc
x86_64 dotnet-targeting-pack-7.0-7.0.7-1.el9_2.x86_64.rpm 0c71688443bfe3b4de61ee066f335f1da67440e047d14100697f59ff8d41f9e5
x86_64 aspnetcore-targeting-pack-7.0-7.0.7-1.el9_2.x86_64.rpm 14e41f433b7a4a4e8331b55b24db29954b2531d73cbdceb188af8e34c34c54e0
x86_64 dotnet-sdk-7.0-source-built-artifacts-7.0.107-1.el9_2.x86_64.rpm 22423289ac600750bb6d967e2f12a42649b916331480aa9b23b5ac5b4791117d
x86_64 dotnet-templates-7.0-7.0.107-1.el9_2.x86_64.rpm 6ae8e0b3734ac7b4d184fc490884a2930e7e4e5d33d69ff737c5030ca4ff0ebe
x86_64 netstandard-targeting-pack-2.1-7.0.107-1.el9_2.x86_64.rpm 6cd447a8668a464d3afe323fcdf74176b5a9e6a7032d59f8dae3e82521defa86
x86_64 dotnet-apphost-pack-7.0-7.0.7-1.el9_2.x86_64.rpm 8d94ebe4a59b3c537000aafd6b667f760978f46e708f52a54c9c998b08bcc75f
x86_64 aspnetcore-runtime-7.0-7.0.7-1.el9_2.x86_64.rpm 9ed193b883fc35a2d3be87c50e0a513c5db6f482792f148bfeb7ca83ef3805a9
x86_64 dotnet-host-7.0.7-1.el9_2.x86_64.rpm b543fd70d71906e3fd342d98ea33cb29fe0245963e3ab4078ff7adc381f5d858
x86_64 dotnet-sdk-7.0-7.0.107-1.el9_2.x86_64.rpm d202457e09e5d7272f4cbcb1df78586f40a667c6f3446ea7728f79da2733cdd8
x86_64 dotnet-hostfxr-7.0-7.0.7-1.el9_2.x86_64.rpm e0d1131d9ec1a0332e47e19185ac0ffab1642671c7672afb654e4cf52751d1e1
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.