dotnet6.0-6.0.118-1.el9.ML.1

エラータID: AXSA:2023-6098:13

Release date: 
Wednesday, June 21, 2023 - 09:42
Subject: 
dotnet6.0-6.0.118-1.el9.ML.1
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18.

The following packages have been upgraded to a later upstream version: dotnet6.0 (6.0.118).

Security Fix(es):

* dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331)
* dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337)
* dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128)
* dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-24936
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2023-29331
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2023-29337
NuGet Client Remote Code Execution Vulnerability
CVE-2023-33128
.NET and Visual Studio Remote Code Execution Vulnerability

Solution: 

Update packages.

CVEs: 
CVE-2023-24936
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2023-29331
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2023-29337
NuGet Client Remote Code Execution Vulnerability
CVE-2023-33128
.NET and Visual Studio Remote Code Execution Vulnerability
Additional Info: 

N/A

Download: 

SRPMS
  1. dotnet6.0-6.0.118-1.el9.ML.1.src.rpm
    MD5: b839e3e2c6f69d0ff864a93c6461a57a
    SHA-256: b55f9d495363695d02a7389b8dffd002889e8bf275c0d636d0e5cb9c0695d8bc
    Size: 509.31 MB

Asianux Server 9 for x86_64
  1. aspnetcore-runtime-6.0-6.0.18-1.el9.ML.1.x86_64.rpm
    MD5: 414add371d7136b4b7033dfccc478a9c
    SHA-256: cd4825b77537a1df9bacb4c492a1d7a20d9fe2b778ffebc1070b1760bd0917df
    Size: 6.86 MB
  2. aspnetcore-targeting-pack-6.0-6.0.18-1.el9.ML.1.x86_64.rpm
    MD5: be11a9a978a9628e5540f413fb048134
    SHA-256: 19ff6b1a849b17ef08708c9867936f2e4c6f7d349d5c9eada37d48fc6122ae84
    Size: 1.39 MB
  3. dotnet-apphost-pack-6.0-6.0.18-1.el9.ML.1.x86_64.rpm
    MD5: 0f804c193c05bba1b2c8e38987a1b928
    SHA-256: 491a3670431381c2127bad59fbb9ea0ffc879bb336c3926a73e1482861a69a59
    Size: 3.93 MB
  4. dotnet-hostfxr-6.0-6.0.18-1.el9.ML.1.x86_64.rpm
    MD5: 01d08be087e89225fb101c2ec259d7fc
    SHA-256: fd929a437f703b14c834c4997906032a3b2be02ef500c4b2e2958b4dbbe166e9
    Size: 164.15 kB
  5. dotnet-runtime-6.0-6.0.18-1.el9.ML.1.x86_64.rpm
    MD5: 40bfda0baa4ef25d3e88a848556c210b
    SHA-256: 4dd585b022bc1468f4136ffe11be7f60610c2299be11d17e98b89aac9c10b3cd
    Size: 22.94 MB
  6. dotnet-sdk-6.0-6.0.118-1.el9.ML.1.x86_64.rpm
    MD5: ef9abcc1fbcf5a08b604b89e47ee1e17
    SHA-256: 4120bfdef7a9c58fe7a859940d3b16f84a2f408e692c3152c61a257f846eab93
    Size: 75.62 MB
  7. dotnet-sdk-6.0-source-built-artifacts-6.0.118-1.el9.ML.1.x86_64.rpm
    MD5: 53f1ebb9188d2e70490be39bb0c292e4
    SHA-256: ee09f81817e60ffc806a26a3dafa372f7543b764fad511e29551795b96b2dff7
    Size: 2.69 GB
  8. dotnet-targeting-pack-6.0-6.0.18-1.el9.ML.1.x86_64.rpm
    MD5: 28e5aaf4733f1507a11230be448141c6
    SHA-256: 6f28299a0f1ebbab22b6e5fc4d4bc527cb5cc9b999f4dce517bea5c64f9a7a14
    Size: 2.13 MB
  9. dotnet-templates-6.0-6.0.118-1.el9.ML.1.x86_64.rpm
    MD5: 35c241a37b1ea4edb411ceed8bbdd906
    SHA-256: 38c03505032cd9364a508f857b6c806e083f1e3bb5b07ec8ab4f1161c5f1b0f7
    Size: 2.46 MB