Thursday, October 19, 2023

[USN-6438-1] .NET vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsD5BAABCAAjFiEEcxdv4gCCE8W9nrt5a1+PL+d1/EgFAmUxcUYFAwAAAAAACgkQa1+PL+d1/EiX
aAv/WE+z8RokEb7mahkdeRoZ+7ftz5AZ+qBqq4kogFzyVSRHIMxqVbyF4ygHLVlt/GKAWvP/sM6y
JsA25Ax5ERZwT+VpWIg3SNxSob4GFhSQqOzNPq5ERwG/k2fAPAMbbO8vOVKG6HgBksdyZBy+NCDT
Q5KnA0RcEu+sJV+PXD+nFV+Eaz72YpmbK3cXXPTHhVFITeycWXe3s11A6d2k94BnBOEUmcjFMail
Quq0SJbeyvz4kPl8xIGyaUQ3KdyV3abqpqYL1ABncuEzKmef+Hy7hYHc9vYKpDxZF2aWBBB9a7jr
vOXc49RsggZR1rPhKJjc1z9fXfSMS/lwvtMjrZNyGIM8u0+AwQa3Z5EDFlvOmLZxJQ8B/t1Eku2s
Z5IgyW3sx8coBeUIZacLouGuXHwB8uGKEhVeweCmCzSd1jvtRpnPwuolve0I0B1A0ShCdN7+erOL
gzCh86IxHYMklx13hMYyW8nofp6JE3OaODLK8UBOVxYzHqQODy5nLqncrxsW
=yogL
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6438-1
October 19, 2023

dotnet6, dotnet7 vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 23.10

Summary:

Several security issues were fixed in dotnet6, dotnet7.

Software Description:
- dotnet6: dotNET CLI tools and runtime
- dotnet7: dotNET CLI tools and runtime

Details:

Kevin Jones discovered that .NET did not properly process certain
X.509 certificates. An attacker could possibly use this issue to
cause a denial of service. (CVE-2023-36799)

It was discovered that the .NET Kestrel web server did not properly
handle HTTP/2 requests. A remote attacker could possibly use this
issue to cause a denial of service. (CVE-2023-44487)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   aspnetcore-runtime-6.0    6.0.123-0ubuntu1
   aspnetcore-runtime-7.0    7.0.112-0ubuntu1
   dotnet-host                       6.0.123-0ubuntu1
   dotnet-host-7.0                 7.0.112-0ubuntu1
   dotnet-hostfxr-6.0             6.0.123-0ubuntu1
   dotnet-hostfxr-7.0             7.0.112-0ubuntu1
   dotnet-runtime-6.0           6.0.123-0ubuntu1
   dotnet-runtime-7.0           7.0.112-0ubuntu1
   dotnet-sdk-6.0                  6.0.123-0ubuntu1
   dotnet-sdk-7.0                  7.0.112-0ubuntu1
   dotnet6                             6.0.123-0ubuntu1
   dotnet7                             7.0.112-0ubuntu1

In general, a standard system update will make all the necessary changes.

References:
   https://ubuntu.com/security/notices/USN-6438-1
   CVE-2023-36799, CVE-2023-44487

Package Information:
   https://launchpad.net/ubuntu/+source/dotnet6/6.0.123-0ubuntu1
   https://launchpad.net/ubuntu/+source/dotnet7/7.0.112-0ubuntu1

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)