ALSA-2023:7257

[ALSA-2023:7257] Moderate: dotnet6.0 security update

Type:

security

Severity:

moderate

Release date:

2023-11-16

Description:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.125 and .NET Runtime 6.0.25.

Security Fix(es):

* dotnet: Arbitrary File Write and Deletion Vulnerability: FormatFtpCommand (CVE-2023-36049)
* dotnet: ASP.NET Security Feature Bypass Vulnerability in Blazor forms (CVE-2023-36558)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	aspnetcore-runtime-6.0-6.0.25-1.el9_3.aarch64.rpm	32cd421af6be98f7061f238e5e23d70e2162d187f064a125fb5fb6388d991a69
aarch64	dotnet-sdk-6.0-source-built-artifacts-6.0.125-1.el9_3.aarch64.rpm	5b77320b47dcf12114cf3d206252e0c3850ea009eef72d30af67650b1a09d91a
aarch64	dotnet-targeting-pack-6.0-6.0.25-1.el9_3.aarch64.rpm	8a8535b3e6b1745edbd23d60b5d6b20134a65dc1e01aefd1c1aa46b59b8e39ab
aarch64	dotnet-templates-6.0-6.0.125-1.el9_3.aarch64.rpm	8be446b495e98a3ae2e5ffe21136340506b7841031bd241d3dbf09bb33a3d03a
aarch64	dotnet-hostfxr-6.0-6.0.25-1.el9_3.aarch64.rpm	9df675d6a56e4b2390bac4ad035483f4629ee8c18f8fdb5d5dfd9fcee0ecae79
aarch64	aspnetcore-targeting-pack-6.0-6.0.25-1.el9_3.aarch64.rpm	a0887028b359a9c1d8f357112198944b6c40ff7f96f3eb32720fb308cd7eb5d3
aarch64	dotnet-sdk-6.0-6.0.125-1.el9_3.aarch64.rpm	a95ddeb678403775da89c6eb117ca01cf350a3c6ef671b80929e42cbbe449411
aarch64	dotnet-apphost-pack-6.0-6.0.25-1.el9_3.aarch64.rpm	c198ced1f9d51a6f8e373f810679ecfebe05b1b45869ff88ab0df9761e7bc6eb
aarch64	dotnet-runtime-6.0-6.0.25-1.el9_3.aarch64.rpm	e0e2a0dde4ebb03596eaa708117c2a170015d8f33c0d81778a1a7b47f28b1dc6
s390x	dotnet-sdk-6.0-source-built-artifacts-6.0.125-1.el9_3.s390x.rpm	00fe41cfb6c362d7055cd75ad528cc169a828911410f09e6e3897394fe1b9cd3
s390x	dotnet-apphost-pack-6.0-6.0.25-1.el9_3.s390x.rpm	576b37f41e8eb147b715f9400729929ca09a957427616e4e9901c6a57b9b81d2
s390x	dotnet-templates-6.0-6.0.125-1.el9_3.s390x.rpm	73248944dbede1d997398f2eb685fbc36dba2f84aeb87f591f4de31e8c70e583
s390x	dotnet-hostfxr-6.0-6.0.25-1.el9_3.s390x.rpm	8a20f1a93690457c6d8a1ad83135f90380f907479b56a200dda75034b07b1e79
s390x	aspnetcore-runtime-6.0-6.0.25-1.el9_3.s390x.rpm	97f742cea27291323f71eb234d01864c654ba9914d23e30cc959cb416cf41125
s390x	aspnetcore-targeting-pack-6.0-6.0.25-1.el9_3.s390x.rpm	abf35ce0129c1af628b653a44036acc26110d75d92d3e9b7772abeedcddfc781
s390x	dotnet-runtime-6.0-6.0.25-1.el9_3.s390x.rpm	b14e2293c238bc924490b409917109bad1182a58585bd4ad2eb64083c850f972
s390x	dotnet-targeting-pack-6.0-6.0.25-1.el9_3.s390x.rpm	d16a5dd2e29c940e0e095cb47b4c843c4e939417c4ba6aea31a955d90b62260e
s390x	dotnet-sdk-6.0-6.0.125-1.el9_3.s390x.rpm	e0e75978652a2a4c21bdc3598edb31e5c40acef35cb8da25ed5d3f40f34ae466
x86_64	dotnet-runtime-6.0-6.0.25-1.el9_3.x86_64.rpm	27d3b6a381586e6540d87b00c41a5d578ec9d6f8ac2a299efcf38b6ed551ee7a
x86_64	dotnet-hostfxr-6.0-6.0.25-1.el9_3.x86_64.rpm	51199abed23397c31f06f2f274d1c165a4b99450b232858887908af1f2c07205
x86_64	dotnet-templates-6.0-6.0.125-1.el9_3.x86_64.rpm	51ed113a0fb9d8790b2386e4be61e24f985f54133c039caf2a7c55fba18a7d58
x86_64	dotnet-sdk-6.0-6.0.125-1.el9_3.x86_64.rpm	54fdeb31a66a1489b1ed2b9592cd34f18974cd3756de1451f820fedac3a6be49
x86_64	dotnet-targeting-pack-6.0-6.0.25-1.el9_3.x86_64.rpm	657940b169275d5554d0f862a21f9d57c2cb7e46b7f87ec0c918b342a30be147
x86_64	dotnet-apphost-pack-6.0-6.0.25-1.el9_3.x86_64.rpm	bbaa987a2bb00fbfa715c4287399855ef7713bb3317c38b2ab571136d50b2625
x86_64	aspnetcore-runtime-6.0-6.0.25-1.el9_3.x86_64.rpm	c8c2e87fa181c0f5d9869e8a894d39bdb1ec3cb15bc61b03cc4419614810eff9
x86_64	dotnet-sdk-6.0-source-built-artifacts-6.0.125-1.el9_3.x86_64.rpm	f27498262d5ecc5b374c1fa4d0d07b886f4fca1f4ee4bd60c09bc03b4ab6733e
x86_64	aspnetcore-targeting-pack-6.0-6.0.25-1.el9_3.x86_64.rpm	fbdfb2437d425bcec674341e1c09850620451b2ac76af6089bf8fa961d8fb163

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.