dotnet6.0-6.0.118-1.el8.ML.1

エラータID: AXSA:2023-6205:16

Release date: 
Tuesday, July 4, 2023 - 00:42
Subject: 
dotnet6.0-6.0.118-1.el8.ML.1
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation.

New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 6.0.118 and .NET Runtime 6.0.18.

The following packages have been upgraded to a later upstream version: dotnet6.0 (6.0.118). (BZ#2212378)

Security Fix(es):

* dotnet: .NET Kestrel: Denial of Service processing X509 Certificates (CVE-2023-29331)
* dotnet: vulnerability exists in NuGet where a potential race condition can lead to a symlink attack (CVE-2023-29337)
* dotnet: Remote Code Execution - Source generators issue can lead to a crash due to unmanaged heap corruption (CVE-2023-33128)
* dotnet: Bypass restrictions when deserializing a DataSet or DataTable from XML (CVE-2023-24936)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-24936
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2023-29331
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2023-29337
NuGet Client Remote Code Execution Vulnerability
CVE-2023-33128
.NET and Visual Studio Remote Code Execution Vulnerability

Solution: 

Update packages.

CVEs: 
CVE-2023-24936
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
CVE-2023-29331
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
CVE-2023-29337
NuGet Client Remote Code Execution Vulnerability
CVE-2023-33128
.NET and Visual Studio Remote Code Execution Vulnerability
Additional Info: 

N/A

Download: 

SRPMS
  1. dotnet6.0-6.0.118-1.el8.ML.1.src.rpm
    MD5: 2cf06ac78141b5e02b4541387b42c80b
    SHA-256: 5b88bb7181124bab1c0eeab2fc9b9f3abc4a9e9a7d4d5c4bd2bc75e99a81f28f
    Size: 509.31 MB

Asianux Server 8 for x86_64
  1. aspnetcore-runtime-6.0-6.0.18-1.el8.ML.1.x86_64.rpm
    MD5: 3e6f2236ece448cda30d67c53460b705
    SHA-256: 4d6c991cff0a583453d0b0af22fb2a9e53adc57932bf6a7e1a954953c9f59713
    Size: 6.92 MB
  2. aspnetcore-targeting-pack-6.0-6.0.18-1.el8.ML.1.x86_64.rpm
    MD5: 70397c758136ae7baa4ec85cb32ecea9
    SHA-256: a9ccc6fca62a0b84f04a1292e5a3d6c2b48436109def559a6cf046e79bfb0e46
    Size: 1.49 MB
  3. dotnet-apphost-pack-6.0-6.0.18-1.el8.ML.1.x86_64.rpm
    MD5: 494861a2724c12700e07dd150751dbcf
    SHA-256: 369a024aee4ef04b984bc5fea756a39b4ac88cac7c4835b398a0dca547a702d6
    Size: 3.95 MB
  4. dotnet-hostfxr-6.0-6.0.18-1.el8.ML.1.x86_64.rpm
    MD5: 705ab791915803e71c87653e86d20ea2
    SHA-256: 39084ee9242c2b1b1dd6f08feb30e76fe16e4edf4ce5a864f2a226a95019f706
    Size: 173.18 kB
  5. dotnet-runtime-6.0-6.0.18-1.el8.ML.1.x86_64.rpm
    MD5: 0269be45aea0d4931e88821992531256
    SHA-256: ab36ecccd8f86be3daac5f204832e87abc4991dc6f8ddb3d567a48cde85be6bf
    Size: 23.41 MB
  6. dotnet-sdk-6.0-6.0.118-1.el8.ML.1.x86_64.rpm
    MD5: 0ececda27d928b9490f618056f7ecb38
    SHA-256: dc6d410e931a4c1f55335690800e41ff898946cbfb8de8561ff2211d8b092f4d
    Size: 77.33 MB
  7. dotnet-sdk-6.0-source-built-artifacts-6.0.118-1.el8.ML.1.x86_64.rpm
    MD5: 8484eeb0067c3eb2c172697fbb6f60af
    SHA-256: 9a4be88848e097546d650e77acfe3b35059bb98bc3ae1c23eb462c26c3873e3d
    Size: 2.71 GB
  8. dotnet-targeting-pack-6.0-6.0.18-1.el8.ML.1.x86_64.rpm
    MD5: f149fded74df986207a91549e47cb550
    SHA-256: 8fda68318e0a0cd706188ba07759acbc1c5b5d2d1f8738dfdf0d9ae79596f387
    Size: 2.38 MB
  9. dotnet-templates-6.0-6.0.118-1.el8.ML.1.x86_64.rpm
    MD5: f244a1f598259ebddf679853bbdcbda2
    SHA-256: 1104cb3914c98a457b0a5e61095b247ca8c9587f074b55b0299d1123483f6d93
    Size: 2.73 MB