ALSA-2024:7867

[ALSA-2024:7867] Important: .NET 6.0 security update

Type:

security

Severity:

important

Release date:

2024-10-11

Description:

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.135 and .NET Runtime 6.0.35.

Security Fix(es):

* dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484)
* dotnet: Denial of Service in System.Text.Json (CVE-2024-43485)
* dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Security Fix(es):

* dotnet: System.IO.Packaging - Multiple DoS vectors in use of SortedList (CVE-2024-43484)
* dotnet: Multiple .NET components susceptible to hash flooding (CVE-2024-43483)
* dotnet: Denial of Service in System.Text.Json (CVE-2024-43485)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	dotnet-apphost-pack-6.0-6.0.35-1.el9_4.aarch64.rpm	3fd45628e9998afe3835d57c89340df1a30798e03bcece9c5663ebf33658b8f9
aarch64	dotnet-sdk-6.0-6.0.135-1.el9_4.aarch64.rpm	514f279a740faf31d57e07cc0e437fde5f148a6f086c5d03a19f634d4328ab8e
aarch64	dotnet-runtime-6.0-6.0.35-1.el9_4.aarch64.rpm	7870dd9e2bfe25be5a306851224ecc7728fbbb3b30f7611134db1f243bfed0b7
aarch64	dotnet-targeting-pack-6.0-6.0.35-1.el9_4.aarch64.rpm	95d41ef935bf5a56c7d55ed3e30fbbaf77424b033c4d7c3bf1ef6df25b57a898
aarch64	dotnet-hostfxr-6.0-6.0.35-1.el9_4.aarch64.rpm	a2cf4ef22e079c8b7014b439b13064034300cbfe49ee9069bf002c17043a85a2
aarch64	aspnetcore-runtime-6.0-6.0.35-1.el9_4.aarch64.rpm	d4fcc17871b59f553a3301f2e507bcdebdfe2ab95d586fee823629593bee2676
aarch64	aspnetcore-targeting-pack-6.0-6.0.35-1.el9_4.aarch64.rpm	e0aa91c5470b0ed8cb48e187044f66632e2bde2bee5acce7673dd3c818a3680c
aarch64	dotnet-sdk-6.0-source-built-artifacts-6.0.135-1.el9_4.aarch64.rpm	e7237740400acf30984a8b00b363f004471dcc938e3d433e3c2fb62150e2c5c1
aarch64	dotnet-templates-6.0-6.0.135-1.el9_4.aarch64.rpm	e73fe0254999b12c17ea9347b499a1fda05c90c8cbe9d343ac23bf54d7cf05d0
s390x	dotnet-apphost-pack-6.0-6.0.35-1.el9_4.s390x.rpm	2387365629aa63dca1b32a63656c2f842a7cea4b558b6e45d4cea0f1c1b566df
s390x	dotnet-runtime-6.0-6.0.35-1.el9_4.s390x.rpm	31f22365b55ead23f46a7c5ca599eacd6a82fb8a8d48bf914ed52f7fa285a702
s390x	dotnet-sdk-6.0-source-built-artifacts-6.0.135-1.el9_4.s390x.rpm	5b3d39438609cbee9ee900deae681b6968635ae755194b045046ad3075f51705
s390x	dotnet-hostfxr-6.0-6.0.35-1.el9_4.s390x.rpm	69c73a25fa982cbe6847227e45e11a947df3e811271f82bef6bfc7414ecd2964
s390x	aspnetcore-targeting-pack-6.0-6.0.35-1.el9_4.s390x.rpm	9d4381f465e24ec14f19bb7a4cedb955754a7b1c0867134bd0eb7f7ad71a1b77
s390x	dotnet-templates-6.0-6.0.135-1.el9_4.s390x.rpm	bfa71fe85614457e01f002e35a19cd1eda90217891192201579cc5143608cf03
s390x	aspnetcore-runtime-6.0-6.0.35-1.el9_4.s390x.rpm	c02f7694d8729d6f57c033dc66945c157100e60df4fcffad3cab1d21c97ce3af
s390x	dotnet-targeting-pack-6.0-6.0.35-1.el9_4.s390x.rpm	c5e5ada7eeee4daf6568834c0fc685406cb0464d33e092b1db049207dae647d4
s390x	dotnet-sdk-6.0-6.0.135-1.el9_4.s390x.rpm	f4c7defaed09afefa1d2c260b15097e9db9dadfd09c9507fe1dd46b267111b37
x86_64	dotnet-runtime-6.0-6.0.35-1.el9_4.x86_64.rpm	01d97193afd066d2b915ee0d85f415d8ae40a58c843f0b172953d1206777f9b5
x86_64	aspnetcore-runtime-6.0-6.0.35-1.el9_4.x86_64.rpm	7e5524bea8a3da6716861ef91c1a00a3f63ffdbe364d0e1f0b2e61029a2fa642
x86_64	dotnet-hostfxr-6.0-6.0.35-1.el9_4.x86_64.rpm	7efa3985e70c52eeab5f03982367159d6a26741e2c6a3370712c4c563ffef386
x86_64	dotnet-templates-6.0-6.0.135-1.el9_4.x86_64.rpm	812dd964bbbcf319acbca8d86d497366e036dbf0f4e22521afc239271cc05920
x86_64	dotnet-sdk-6.0-source-built-artifacts-6.0.135-1.el9_4.x86_64.rpm	99524b2cbd02674b8464627adc39aba57e2d02dcbb566dd484bae8fe2208cf1b
x86_64	dotnet-sdk-6.0-6.0.135-1.el9_4.x86_64.rpm	c17d6f695c0316a3910c2f764e6d5d871c8d82add9f953f6f029f7c7e61675be
x86_64	aspnetcore-targeting-pack-6.0-6.0.35-1.el9_4.x86_64.rpm	c70a206bbc287d0e17c851212980b522024c7173c248062481d9fc67037e4f50
x86_64	dotnet-apphost-pack-6.0-6.0.35-1.el9_4.x86_64.rpm	d15d188419b3d7faeb37d9eca08a324963ff439951fecb857b26315596f68917
x86_64	dotnet-targeting-pack-6.0-6.0.35-1.el9_4.x86_64.rpm	fe04ac6e8368e2879cfdd1bdd3dd76ecbdecca48d01cbdf2f911b991507a1e5b

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.